An overview of the AgileSec Tanium module, including overall integration flow.
ABOUT ISG AND AGILESEC:
ISG is now AgileSec. Instructions have been updated with correct references, but some files and configurations still retain ISG naming. All references to ISG will be updated to AgileSec in a future release.
Overview
The AgileSec Tanium module includes specific content created by AgileSec to leverage the capabilities of Tanium to perform cryptographic discovery and inventory at scale. The AgileSec Tanium module allows rapid deployment of AgileSec Host Sensors for broad cryptographic discovery.
Flow Diagram
Flow Description
The AgileSec Tanium flow is straightforward: Load AgileSec packages to Tanium, deploy AgileSec Host Sensors, execute scans for cryptographic assets, and deliver findings to AgileSec for processing and analysis.
Load Packages
Depending on the Tanium infrastructure type, AgileSec Tanium Sensors and Actions packages can be loaded manually via the Tanium Appliance UI or via the Tanium SaaS API (with a provided AgileSec Load Script).
Deploy Sensors
When an AgileSec Deploy action is run, Tanium Agent will deploy AgileSec Host Sensors across all designated hosts.
Execute Scans
Tanium triggers scans for AgileSec cryptographic discovery using Tanium Infrastructure across all targeted hosts and delivers cryptographic findings to AgileSec.
Scans are executed with either a Run action or Discover->Saved Questions->Connect actions.
Execute Scans: Run Action
Run: Configure AgileSec Host Sensors throughout Tanium to perform host scans. Cryptographic findings are sent to the AgileSec platform.
Execute Scans: Discover->Saved Questions->Connect Actions
-
Discover: Configure AgileSec Host Sensors throughout Tanium to perform host scans. Cryptographic findings are saved on the local host.
-
Saved Questions: Retrieve cryptographic findings from Discover jobs with pre-built questions with specific parameters. This allows for smaller, targeted sets of results, such as queries related to X.509 certificates. Cryptographic findings are saved on Tanium Server.
-
Connect: Retrieve cryptographic findings from Saved Questions jobs on the Tanium Server and send to the AgileSec platform.
Note: Tanium SaaS API does not allow loading Saved Questions or Connect jobs. AgileSec Tanium Saved Questions and Connect packages are only available for Tanium Appliance.
AgileSec Platform
The AgileSec platform receives cryptographic findings from AgileSec Tanium scans for processing and analysis.
Guides
The following guides are available to leverage the capabilities of Tanium with AgileSec Analytics: