> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Tanium

> Instructions on how to configure API access for Tanium to fetch endpoints and CVE Vulnerability Findings

## Supported Data models

* [Vulnerability Findings](/integrations/v2/vulnerability-findings-v2)
  * type: `host`

* Resources
  * type: `host`

## Required Tanium Solutions

The following Tanium modules must be licensed and provisioned in your environment to enable this integration:

| Module                   | Requirement | Purpose                                                                |
| ------------------------ | ----------- | ---------------------------------------------------------------------- |
| **Tanium Comply**        | Required    | Enables vulnerability assessments and provides access to CVE findings. |
| **Tanium Platform Core** | Required    | Core platform services like RBAC, API token generation, etc.           |

***

## Connector Configuration Parameters

**Note: We are only supporting Tanium Cloud Envrionments**

| # | Parameter               | Description                                                                                                                                                                                                         |
| - | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 1 | **Tanium API Base URL** | The base URL of the Tanium Cloud Gateway API for your tenant. The URL should be your instance name followed by '-api'. e.g.: [https://instancename-api.cloud.tanium.com](https://instancename-api.cloud.tanium.com) |
| 2 | **Tanium API Token**    | Token generated using the Persona with proper access to endpoints and CVEs.                                                                                                                                         |

***

## Onboarding Tanium

Follow the steps below to onboard your environment to our Tanium integration.

<Steps>
  <Step title="Create a Custom Role">
    1. In the Tanium Console, go to **Administration > Roles**.
    2. Search for the built-in role: `Gateway User`.
    3. Click **Clone** to create a duplicate.
    4. Name the role (e.g., `Leen Integration Role`).
    5. Under **Platform Content Permissions**, enable:
       * `Sensor > Read`
    6. Add **Content Sets**. Add the required Content Sets by clicking the + icon next to the green checkmark on the permission you applied in the previous step:
       * `Base`
       * `Comply Reporting`
       * `Reserved`
       * `Tanium Data Service`
    7. Click **Save**.

           <img src="https://mintcdn.com/leen/v5iddL0dhlngJwjt/images/tanium/Tanium_VMS_Role_Permissions.png?fit=max&auto=format&n=v5iddL0dhlngJwjt&q=85&s=84784e9ef450e56feb448fcce03f9abc" alt="" width="3304" height="912" data-path="images/tanium/Tanium_VMS_Role_Permissions.png" />
  </Step>

  <Step title="Create a Persona">
    1. Go to **Administration > Personas**.
    2. Click **New Persona**.
    3. Set a name (e.g., `Leen Integration Persona`).
    4. Under **Manage Roles**, assign the custom role created above.
    5. Under **Computer Groups**, do one of the following:
       * Assign specific computer groups
       * Or check **Unrestricted Management Rights** for full access
    6. Assign the persona to a user or service account.
    7. Click **Save**.
  </Step>

  <Step title="Generate the API Token">
    1. Sign in with the user account linked to the Persona you just created.
    2. Navigate to **Administration > API Tokens**.
    3. Click **New API Token**.
    4. Enter a name and optionally set a TTL (Time-To-Live).
    5. Select the persona created in the previous step.
       * <Note>You may need to refresh the page if the persona doesn't show immediately.</Note>
    6. For **Allowed IP Addresses**, choose:
       * Contact us to get the IP Address that needs to be added as part of trusted IP Addresses.
       * Or use `0.0.0.0/0` for unrestricted access (not recommended for production)
    7. Click **Save**.

    <Warning>Record your API token somewhere safe. Once the window is closed, the token will not be visible again.</Warning>

    <img src="https://mintlify.s3.us-west-1.amazonaws.com/leen/images/tanium/tanium-api-token.png" alt="" />
  </Step>

  <Step title="Enter credentials">
    Enter the **Tanium API Base URL** and **Tanium API Token** obtained above into the Tanium integration configuration.
  </Step>
</Steps>

## API Token Rotation

The API Token gets rotated automatically as part of the connection.