Gain insight into CVEs in your environment by connecting your Tanium Comply data source with TrendAI Vision One™.
Connect your Tanium Comply account to TrendAI Vision One™ to gain access to endpoint information and CVE detections in order to enhance risk
analyses in Cyber Risk Exposure Management.
Procedure
- Trend advises creating a service account in Tanium (rather than using an individual
user account) to issue the API token. If the account tied to an API token is later
disabled, the integration breaks immediately. Apply the following roles to the service
account: Comply Report Reviewer and API Gateway User (or Gateway User in newer Tanium versions), scoped to All Computers or the specific computer groups you want to collect data from.

Note
For guidance on service accounts, see the Use service accounts section (under Best practices for tokens) of Tanium's API tokens documentation. - Sign in to the Tanium console with the account that will issue the API token.
- Go to and click New API Token.
- Fill in a description of the token and the number of days until expiry.
- In the Trusted IP addresses field, add the TrendAI Vision One™ IP addresses for your region. See Cyber Risk Exposure Management regional IP addresses for your regional IP addresses.
- Click Save.The Tanium API token generates and is displayed on the console. Ensure you copy the token.
- In the TrendAI Vision One™ console, go to .
- Locate and click the Tanium Comply card.You are directed to the Tanium Comply data source drawer in .
- Input the URL of your Tanium server in the URL field.

Note
This integration currently supports Tanium Cloud only. Tanium Cloud tenant URLs include-apiin the hostname. On-premises Tanium servers are not currently supported. - Input the newly generated API token in the API token field.
- Click Save.

Note
You may update the API token at any time by clicking Edit settings.
Note
Trend does not automatically rotate the Tanium API token. You are expected to manually rotate the token before it expires, following Tanium's short-lived-token best practice. If the token expires, the integration silently stops pulling data.
