AgileSec Tanium

An overview of the AgileSec Tanium module, including overall integration flow.

ABOUT ISG AND AGILESEC:

ISG is now AgileSec. Instructions have been updated with correct references, but some files and configurations still retain ISG naming. All references to ISG will be updated to AgileSec in a future release.

Overview

The AgileSec Tanium module includes specific content created by AgileSec to leverage the capabilities of Tanium to perform cryptographic discovery and inventory at scale. The AgileSec Tanium module allows rapid deployment of AgileSec Host Sensors for broad cryptographic discovery.

Flow Diagram

qahJkAZDjNK59yVTvkkhhq9oq55yENyxRg.png

Flow Description

The AgileSec Tanium flow is straightforward: Load AgileSec packages to Tanium, deploy AgileSec Host Sensors, execute scans for cryptographic assets, and deliver findings to AgileSec for processing and analysis.

Load Packages

Depending on the Tanium infrastructure type, AgileSec Tanium Sensors and Actions packages can be loaded manually via the Tanium Appliance UI or via the Tanium SaaS API (with a provided AgileSec Load Script).

Deploy Sensors

When an AgileSec Deploy action is run, Tanium Agent will deploy AgileSec Host Sensors across all designated hosts.

Execute Scans

Tanium triggers scans for AgileSec cryptographic discovery using Tanium Infrastructure across all targeted hosts and delivers cryptographic findings to AgileSec.

Scans are executed with either a Run action or Discover->Saved Questions->Connect actions.

Execute Scans: Run Action

Run: Configure AgileSec Host Sensors throughout Tanium to perform host scans. Cryptographic findings are sent to the AgileSec platform.

Execute Scans: Discover->Saved Questions->Connect Actions

  1. Discover: Configure AgileSec Host Sensors throughout Tanium to perform host scans. Cryptographic findings are saved on the local host.

  2. Saved Questions: Retrieve cryptographic findings from Discover jobs with pre-built questions with specific parameters. This allows for smaller, targeted sets of results, such as queries related to X.509 certificates. Cryptographic findings are saved on Tanium Server.

  3. Connect: Retrieve cryptographic findings from Saved Questions jobs on the Tanium Server and send to the AgileSec platform.

Note: Tanium SaaS API does not allow loading Saved Questions or Connect jobs. AgileSec Tanium Saved Questions and Connect packages are only available for Tanium Appliance.

AgileSec Platform

The AgileSec platform receives cryptographic findings from AgileSec Tanium scans for processing and analysis.

Guides

The following guides are available to leverage the capabilities of Tanium with AgileSec Analytics: