Difference between revisions of "Tanium Audit Logs flowing to Splunk Cloud via Tanium Connect"
From RiceFamily Wiki
(Created page with "We have configured Tanium to send it's Audit logs to Splunk. * Tanium Cloud to Splunk Cloud ** Had to configure Splunk to allow the Egress IP's from Tanium and configure Taniu...") |
|||
Line 2: | Line 2: | ||
* Tanium Cloud to Splunk Cloud | * Tanium Cloud to Splunk Cloud | ||
** Had to configure Splunk to allow the Egress IP's from Tanium and configure Tanium Cloud to allow the outbound traffic to the Splunk Cloud URL. | ** Had to configure Splunk to allow the Egress IP's from Tanium and configure Tanium Cloud to allow the outbound traffic to the Splunk Cloud URL. | ||
− | * The Splunk Cloud URL needed to end in /raw | + | * The Splunk Cloud URL needed to end in /raw in the Tanium Connect document. |
+ | * The Secret Key has to be entered every time you edit the Tanium Connect Document. That gets frustrating after a few edits! | ||
In order to take advantage of the Splunk App in Tanium, we need to send additional data. I'm not seeing much detailed documentation about the Splunk App, so I'll update things here as we work them out. | In order to take advantage of the Splunk App in Tanium, we need to send additional data. I'm not seeing much detailed documentation about the Splunk App, so I'll update things here as we work them out. |
Revision as of 14:26, 11 December 2024
We have configured Tanium to send it's Audit logs to Splunk.
- Tanium Cloud to Splunk Cloud
- Had to configure Splunk to allow the Egress IP's from Tanium and configure Tanium Cloud to allow the outbound traffic to the Splunk Cloud URL.
- The Splunk Cloud URL needed to end in /raw in the Tanium Connect document.
- The Secret Key has to be entered every time you edit the Tanium Connect Document. That gets frustrating after a few edits!
In order to take advantage of the Splunk App in Tanium, we need to send additional data. I'm not seeing much detailed documentation about the Splunk App, so I'll update things here as we work them out.