Tanium Microsoft Sentinel Connector

Solution: Tanium

Tanium Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Tanium Inc.
Support Tier	Partner
Support Link	https://support.tanium.com
Categories	domains
Version	3.3.0
Author	Tanium - support@tanium.com
First Published	2022-05-16
Last Updated	2026-03-27
Solution Folder	Tanium
Marketplace	Azure Marketplace · Popularity: 🔵 Medium (74%)

The Tanium solution for Microsoft Sentinel enables you to ingest Tanium Threat Response alerts as Microsoft Sentinel incidents as well as incorporate Tanium's real-time endpoint data.

Data Connectors
Tables Used
Content Items
Additional Documentation

Data Connectors

This solution provides 1 data connector(s):

Tanium's CCF Push Connector 🔶

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 10 table(s):

Table	Used By Connectors	Used By Content
`TaniumComplyCompliance_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumComplyVulnerabilities_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumDefenderHealth_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumDiscoverUnmanagedAssets_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumHighUptime_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumPatchCoverageStatus_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumPatchListApplicability_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumPatchListCompliance_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumSCCMClientHealth_CL` 🔶	Tanium's CCF Push Connector	Workbooks
`TaniumThreatResponse_CL` 🔶	Tanium's CCF Push Connector	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 10 content item(s):

Content Type	Count
Playbooks	8
Analytic Rules	1
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Tanium Threat Response Alerts	High	-	`TaniumThreatResponse_CL`

Workbooks

Name	Tables Used
TaniumWorkbook	`TaniumComplyCompliance_CL` `TaniumComplyVulnerabilities_CL` `TaniumDefenderHealth_CL` `TaniumDiscoverUnmanagedAssets_CL` `TaniumHighUptime_CL` `TaniumPatchCoverageStatus_CL` `TaniumPatchListApplicability_CL` `TaniumPatchListCompliance_CL` `TaniumSCCMClientHealth_CL` `TaniumThreatResponse_CL`

Playbooks

Name	Description	Tables Used
Tanium-ComplyFindings	Tanium's real-time data can speed up investigations by providing important context for analysts, suc...	-
Tanium-GeneralHostInfo	Tanium's real-time data can speed up investigations by providing important context for analysts, suc...	-
Tanium-ListSecurityPatches	Tanium's real-time data can speed up investigations by providing important context for analysts, suc...	-
Tanium-MSDefenderHealth	Tanium's real-time data can speed up investigations by providing important context for analysts, suc...	-
Tanium-QuarantineHosts	During an investigation, it may be critical to isolate endpoints quickly if a compromise is detected...	-
Tanium-ResolveThreatResponseAlert	Maintaining alert hygiene in multiple consoles can be overwhelming. This playbook helps teams keep T...	-
Tanium-SCCMClientHealth	Tanium's real-time data can speed up investigations by providing important context for analysts, suc...	-
Tanium-UnquarantineHosts	This playbook starts with a Microsoft Sentinel incident, gets the hosts associated with that inciden...	-

Additional Documentation

📄 Source: Tanium/README.md

Tanium

Overview

Integrate Microsoft Sentinel with Tanium data and remediation.

Help

Having issues? See our Tanium Help documentation for common issues, questions and FAQs.

Release Notes

Tanium Microsoft Sentinel Connector Release Notes