Tanium
Cloudflare Zero Trust can integrate with Tanium to require that users connect to certain applications from managed devices. This service-to-service posture check uses the WARP client to read endpoint data from Tanium. Devices are identified by their serial numbers.
- Either Tanium Cloud or on-premise installations of Tanium
- Tanium agent is deployed on the device.
-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to Service providers.
The following Tanium values are needed to set up the Tanium posture check:
- Client Secret
- Rest API URL
To retrieve those values:
- Log in to your Tanium instance.
- Go to Administration > API Tokens.
- Select New API Token.
- Set Expire in days to an appropriate value for your organization. When this token expires, all device posture results will begin to fail unless updated.
- Set Trusted IP addresses to
0.0.0.0/0
. - Select Save.
- Copy the Client Secret and API URL to a safe place.
- In Zero Trust ↗, go to Settings > WARP Client.
- Scroll down to Device posture providers and select Add new.
- Select Tanium.
- Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
- Enter the Client Secret and Rest API URL you noted down above.
- Choose a Polling frequency for how often Cloudflare Zero Trust should query Tanium for information.
- Select Save.
You will see the new provider listed under Settings > WARP Client > Device posture providers. To ensure the values have been entered correctly, select Test.
- In Zero Trust ↗, go to Settings > WARP Client > Service provider checks.
- Select Add new.
- Select the Tanium provider.
- Configure a device posture check and enter any name.
- Select Save.
Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.
Device posture data is gathered from Tanium’s EndpointRisk API ↗. To learn more about how scores are calculated, refer to the Tanium risk score documentation ↗.
Selector | Description | Value |
---|---|---|
Total score | totalScore of the device. | 1 to 1000 |
Risk level | riskLevel of the device. | Low, medium, high, or critical |
EID last seen | Elapsed time since the device was last seen, based on its datetime attribute. | In the last 1 hour, 3 hours, 6 hours, 12 hours, 24 hours, 7 days, 30 days, or more than 30 days |