Skip to content

Tanium

Cloudflare Zero Trust can integrate with Tanium to require that users connect to certain applications from managed devices. This service-to-service posture check uses the WARP client to read endpoint data from Tanium. Devices are identified by their serial numbers.

Prerequisites

  • Either Tanium Cloud or on-premise installations of Tanium
  • Tanium agent is deployed on the device.
  • Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to Service providers.

Set up Tanium as a service provider

1. Get Tanium settings

The following Tanium values are needed to set up the Tanium posture check:

  • Client Secret
  • Rest API URL

To retrieve those values:

  1. Log in to your Tanium instance.
  2. Go to Administration > API Tokens.
  3. Select New API Token.
  4. Set Expire in days to an appropriate value for your organization. When this token expires, all device posture results will begin to fail unless updated.
  5. Set Trusted IP addresses to 0.0.0.0/0.
  6. Select Save.
  7. Copy the Client Secret and API URL to a safe place.

2. Add Tanium as a service provider

  1. In Zero Trust, go to Settings > WARP Client.
  2. Scroll down to Device posture providers and select Add new.
  3. Select Tanium.
  4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
  5. Enter the Client Secret and Rest API URL you noted down above.
  6. Choose a Polling frequency for how often Cloudflare Zero Trust should query Tanium for information.
  7. Select Save.

You will see the new provider listed under Settings > WARP Client > Device posture providers. To ensure the values have been entered correctly, select Test.

3. Configure the posture check

  1. In Zero Trust, go to Settings > WARP Client > Service provider checks.
  2. Select Add new.
  3. Select the Tanium provider.
  4. Configure a device posture check and enter any name.
  5. Select Save.

Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.

Device posture attributes

Device posture data is gathered from Tanium’s EndpointRisk API. To learn more about how scores are calculated, refer to the Tanium risk score documentation.

SelectorDescriptionValue
Total scoretotalScore of the device.1 to 1000
Risk levelriskLevel of the device.Low, medium, high, or critical
EID last seenElapsed time since the device was last seen, based on its datetime attribute.In the last 1 hour, 3 hours, 6 hours, 12 hours, 24 hours, 7 days, 30 days, or more than 30 days