[meta][tanium] Improve setup and mappings, or switch data source #12069
Description
The Tanium integration's current setup instructions for HTTP Endpoint and TCP inputs are very brief. The columns sent by default seem to have changed since Tanium version 7.5.5.1162 (current version 7.7.1.7207). The Tanium documentation does not cover column-level data or UI changes.
To make the setup instructions more reliable, they could be extended to step-by-step instructions with lists of specific columns to configure/confirm, perhaps with screenshots. The exact data source(s) should be defined for each data stream, as these are configured separately.
To improve mappings, they should be checked against data as sent by default or using the new setup instructions. There are also mapping choices that could be revisited, such as extensive use of nested alongside extraction of specific fields covering the same data.
An alternative to the above is to transition to Tanium's preferred integration method: the GraphQL API (see Tanium Integration Methods). All relevant data can be mapped because it is documented in the GraphQL API schema, and unexpected changes can be avoided by explicitly requesting the fields of interest. Setup should be easier for users, as all the data can come from the one API.
Documentation about the GraphQL API: