Tanium GraphQL API Gateway
Tanium™ API Gateway provides a single and stable API integration point for various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium™ Core Platform.
API Endpoints
https://<customername>-api.cloud.tanium.com/plugin/products/gateway/graphqlVersion
Current
Getting Started
Visit the Documentation Site to find helpful information such as...
- Overview and Requirements
- Installation and Troubleshooting Instructions
- Lots of Helpful Example Queries!
New to GraphQL?
GraphQL is a query language for APIs. Visit graphql.org to learn all about it.
Need Deprecated Content?
Alternate version of the Schema Documentation
that includes deprecated queries and fields
Queries
action
Description
Finds the identified action.
Stability Level: 3 - Stable
Response
Returns an
Action
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query action($ref: IdRefInput!) {
action(ref: $ref) {
id
name
comment
expireSeconds
creationTime
startTime
expirationTime
distributeSeconds
status
stoppedFlag
targets {
...ActionTargetsFragment
}
package {
...PackageRefFragment
}
scheduledAction {
...ScheduledActionFragment
}
stopped
creator {
...PrincipalFragment
}
approver {
...PrincipalFragment
}
metadata {
...MetadataFragment
}
results {
...ActionResultsFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"action": {
"id": "4",
"name": "xyz789",
"comment": "abc123",
"expireSeconds": 123,
"creationTime": "10:15:30Z",
"startTime": "10:15:30Z",
"expirationTime": "10:15:30Z",
"distributeSeconds": 987,
"status": "OPEN",
"stoppedFlag": true,
"targets": ActionTargets,
"package": PackageRef,
"scheduledAction": ScheduledAction,
"stopped": false,
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"results": ActionResults
}
}
}
actionGroup
Description
Returns an action group that matches the specified input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroup
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
The reference data the action group must match to be returned. |
Example
Query
query actionGroup($ref: NamedRefInput!) {
actionGroup(ref: $ref) {
id
name
visibility
userGroups {
...NamedRefFragment
}
computerGroups {
...ComputerGroupFragment
}
any
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"actionGroup": {
"id": "4",
"name": "abc123",
"visibility": "ADMIN",
"userGroups": [NamedRef],
"computerGroups": [ComputerGroup],
"any": false
}
}
}
actionGroups
Response
Returns an
ActionGroupConnection
Example
Query
query actionGroups(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
actionGroups(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...ActionGroupEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987
}
Response
{
"data": {
"actionGroups": {
"edges": [ActionGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
assetProductEndpoints
Description
Retrieves endpoints based on Asset software inventory and usage.
Use of this field requires the Tanium permission asset api user read
Stability Level: 3 - Stable
Response
Returns an
AssetProductEndpointConnection
Arguments
| Name | Description |
|---|---|
filter -
AssetProductEndpointsFilter
|
Filter endpoints by the given criteria. |
after -
Cursor
|
Returns endpoints after the given cursor. |
first -
Int
|
Returns the first n endpoints from the list. |
Example
Query
query assetProductEndpoints(
$filter: AssetProductEndpointsFilter,
$after: Cursor,
$first: Int
) {
assetProductEndpoints(
filter: $filter,
after: $after,
first: $first
) {
edges {
...AssetProductEndpointEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"filter": AssetProductEndpointsFilter,
"after": Cursor,
"first": 987
}
Response
{
"data": {
"assetProductEndpoints": {
"edges": [AssetProductEndpointEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
}
}
assetProducts
Description
Retrieves product usage for assets and endpoints.
Use of this field requires the Tanium permission asset api user read
Stability Level: 3 - Stable
Response
Returns an
AssetProductConnection
Arguments
| Name | Description |
|---|---|
filter -
AssetProductsFilter
|
Filter products by the given criteria. |
after -
Cursor
|
Returns products after the given cursor. |
first -
Int
|
Returns the first n products from the list. |
Example
Query
query assetProducts(
$filter: AssetProductsFilter,
$after: Cursor,
$first: Int
) {
assetProducts(
filter: $filter,
after: $after,
first: $first
) {
edges {
...AssetProductEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"filter": AssetProductsFilter,
"after": Cursor,
"first": 123
}
Response
{
"data": {
"assetProducts": {
"edges": [AssetProductEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
}
}
computerGroup
Description
Returns a computer group that matches the specified input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroup
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
The reference data the computer group must match to be returned. |
Example
Query
query computerGroup($ref: NamedRefInput!) {
computerGroup(ref: $ref) {
id
name
managementRightsEnabled
filterEnabled
contentSet {
...NamedRefFragment
}
type
expression
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"computerGroup": {
"id": 4,
"name": "abc123",
"managementRightsEnabled": true,
"filterEnabled": true,
"contentSet": NamedRef,
"type": "STANDARD",
"expression": "xyz789"
}
}
}
computerGroups
Description
Returns all computer groups matching the specified input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the computer groups after the given cursor. |
first -
Int
|
Returns the first
n computer groups from the list. Default = 20 |
before -
Cursor
|
Returns the computer groups before the given cursor. |
last -
Int
|
Returns the last n computer groups from the list. |
filter -
ComputerGroupsFilter
|
Returns only the computer groups matching the filter. |
Example
Query
query computerGroups(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: ComputerGroupsFilter
) {
computerGroups(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ComputerGroupEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": ComputerGroupsFilter
}
Response
{
"data": {
"computerGroups": {
"edges": [ComputerGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
configurationItemEntities
Description
Returns configuration item entities from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemEntityConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the configuration item entities after the given cursor. |
first -
Int
|
Returns the first n endpoints from the list. |
before -
Cursor
|
Returns the configuration item entities before the given cursor. |
last -
Int
|
Returns the last n endpoints from the list. |
params -
EntitiesQueryParams
|
Returns only the configuration item entities matching the given parameters. |
sort -
[EntitySortRequest]
|
Sorts the configuration item entities. |
Example
Query
query configurationItemEntities(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$params: EntitiesQueryParams,
$sort: [EntitySortRequest]
) {
configurationItemEntities(
after: $after,
first: $first,
before: $before,
last: $last,
params: $params,
sort: $sort
) {
edges {
...ConfigurationItemEntityEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 987,
"before": Cursor,
"last": 987,
"params": EntitiesQueryParams,
"sort": [EntitySortRequest]
}
Response
{
"data": {
"configurationItemEntities": {
"edges": [ConfigurationItemEntityEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
}
}
configurationItemProperties
Description
Returns all properties related to configuration items.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemProperties
Example
Query
query configurationItemProperties {
configurationItemProperties {
customerItemsLimit
userSpecifiedAssetsMaxAge
}
}
Response
{
"data": {
"configurationItemProperties": {
"customerItemsLimit": 123,
"userSpecifiedAssetsMaxAge": 123
}
}
}
configurationItemRelationships
Description
Returns relationships for the identified configuration items from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemRelationshipConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the relationships after the given cursor. |
first -
Int
|
Returns the first n relationships from the list. |
before -
Cursor
|
Returns the relationships before the given cursor. |
last -
Int
|
Returns the last n relationships from the list. |
params -
RelationshipQueryParams
|
Returns only the relationships matching the given parameters. |
sort -
[RelationshipSortRequest]
|
Sorts the relationships. |
Example
Query
query configurationItemRelationships(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$params: RelationshipQueryParams,
$sort: [RelationshipSortRequest]
) {
configurationItemRelationships(
after: $after,
first: $first,
before: $before,
last: $last,
params: $params,
sort: $sort
) {
edges {
...ConfigurationItemRelationshipEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 987,
"before": Cursor,
"last": 123,
"params": RelationshipQueryParams,
"sort": [RelationshipSortRequest]
}
Response
{
"data": {
"configurationItemRelationships": {
"edges": [ConfigurationItemRelationshipEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
}
}
directConnectConnectionStatus
Description
Checks the status of a direct connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectConnectionStatusPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectConnectionStatusInput!
|
Example
Query
query directConnectConnectionStatus($input: DirectConnectConnectionStatusInput!) {
directConnectConnectionStatus(input: $input) {
status
}
}
Variables
{"input": DirectConnectConnectionStatusInput}
Response
{"data": {"directConnectConnectionStatus": {"status": "UNKNOWN"}}}
directConnectEndpoint
Description
Obtains data from the specified endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Stability Level: 3 - Stable
Response
Returns a
DirectConnect
Arguments
| Name | Description |
|---|---|
input -
DirectConnectEndpointInput!
|
Example
Query
query directConnectEndpoint($input: DirectConnectEndpointInput!) {
directConnectEndpoint(input: $input) {
performance {
...DirectConnectPerfFragment
}
processes {
...DirectConnectProcessesFragment
}
alerts {
...DirectConnectAlertsFragment
}
}
}
Variables
{"input": DirectConnectEndpointInput}
Response
{
"data": {
"directConnectEndpoint": {
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
}
}
directEndpoint
Description
Obtains data from the specified endpoint using a Direct Connect connection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectEndpoint instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
DirectConnect
Arguments
| Name | Description |
|---|---|
input -
OpenDirectConnectionInput!
|
Example
Query
query directEndpoint($input: OpenDirectConnectionInput!) {
directEndpoint(input: $input) {
performance {
...DirectConnectPerfFragment
}
processes {
...DirectConnectProcessesFragment
}
alerts {
...DirectConnectAlertsFragment
}
}
}
Variables
{"input": OpenDirectConnectionInput}
Response
{
"data": {
"directEndpoint": {
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
}
}
discoverInterface
Description
Returns the Discover interface that matches the referenced ID.
Use of this field requires the Tanium permission Discover Asset - Read
Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterface
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query discoverInterface($ref: IdRefInput!) {
discoverInterface(ref: $ref) {
id
macAddress
manufacturer
hostnames
ipAddresses
labels {
...DiscoverLabelFragment
}
osPlatform
openPorts
discoveryMethods
lastSeenTime
computerId
natIPAddresses
osGeneration
profiles {
...DiscoverProfileFragment
}
cloudInstances {
...DiscoverCloudInstanceFragment
}
cloudTags {
...DiscoverCloudTagFragment
}
firstSeenTime
firstManagedTime
lastManagedTime
lastDiscoveredTime
isManaged
isUnmanageable
isIgnored
satellites {
...DiscoverSatelliteFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"discoverInterface": {
"id": "4",
"macAddress": "abc123",
"manufacturer": "abc123",
"hostnames": ["xyz789"],
"ipAddresses": ["abc123"],
"labels": [DiscoverLabel],
"osPlatform": "abc123",
"openPorts": [987],
"discoveryMethods": ["ARP"],
"lastSeenTime": "10:15:30Z",
"computerId": "abc123",
"natIPAddresses": ["xyz789"],
"osGeneration": "xyz789",
"profiles": [DiscoverProfile],
"cloudInstances": [DiscoverCloudInstance],
"cloudTags": [DiscoverCloudTag],
"firstSeenTime": "10:15:30Z",
"firstManagedTime": "10:15:30Z",
"lastManagedTime": "10:15:30Z",
"lastDiscoveredTime": "10:15:30Z",
"isManaged": true,
"isUnmanageable": true,
"isIgnored": false,
"satellites": [DiscoverSatellite]
}
}
}
discoverInterfaces
Description
Returns the matching Discover interfaces.
Use of this field requires the Tanium permission Discover Asset - Read
Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the Discover interfaces after the given cursor. |
first -
Int
|
Returns the first
n Discover interfaces from the list. Default = 20 |
before -
Cursor
|
Returns the Discover interfaces before the given cursor. |
last -
Int
|
Returns the last n Discover interfaces from the list. |
filter -
FieldFilter
|
Returns only the Discover interfaces matching the filter. |
Example
Query
query discoverInterfaces(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
discoverInterfaces(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...DiscoverInterfaceEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": FieldFilter
}
Response
{
"data": {
"discoverInterfaces": {
"edges": [DiscoverInterfaceEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
discoverLabel
Description
Returns the Discover label that matches the referenced name.
Use of this field requires the Tanium permission Discover Asset - Read
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabel
Arguments
| Name | Description |
|---|---|
ref -
NamedOnlyRefInput!
|
Example
Query
query discoverLabel($ref: NamedOnlyRefInput!) {
discoverLabel(ref: $ref) {
name
type
createdTime
modifiedTime
}
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
"data": {
"discoverLabel": {
"name": "abc123",
"type": "STANDARD",
"createdTime": "10:15:30Z",
"modifiedTime": "10:15:30Z"
}
}
}
discoverLabels
Description
Returns the matching Discover labels.
Use of this field requires the Tanium permission Discover Asset - Read
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the Discover labels after the given cursor. |
first -
Int
|
Returns the first
n Discover labels from the list. Default = 20 |
before -
Cursor
|
Returns the Discover labels before the given cursor. |
last -
Int
|
Returns the last n Discover labels from the list. |
filter -
FieldFilter
|
Returns only the Discover labels matching the filter. |
Example
Query
query discoverLabels(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
discoverLabels(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...DiscoverLabelEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": FieldFilter
}
Response
{
"data": {
"discoverLabels": {
"edges": [DiscoverLabelEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
endpointIdChanges
Description
Changed endpoint IDs from Tanium Data Service for the given namespace and timespan.
Stability Level: 3 - Stable
Response
Returns an
EndpointIdChangesPayload!
Arguments
| Name | Description |
|---|---|
after -
Time!
|
The date and time of the oldest record to retrieve. Retrieve records newer than this time. |
namespace -
String
|
Tanium Data Service (TDS) namespace to search against. If no value is specified, the TDS default namespace is used. Example: unmanaged_user_specified |
Example
Query
query endpointIdChanges(
$after: Time!,
$namespace: String
) {
endpointIdChanges(
after: $after,
namespace: $namespace
) {
changes {
...EndpointIdChangeFragment
}
before
}
}
Variables
{
"after": "10:15:30Z",
"namespace": "xyz789"
}
Response
{
"data": {
"endpointIdChanges": {
"changes": [EndpointIdChange],
"before": "10:15:30Z"
}
}
}
endpoints
Description
Returns the matching endpoints from the specified source. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns an
EndpointConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the endpoints after the given cursor. |
first -
Int
|
Returns the first
n endpoints from the list. This defaults to 20 and has a maximum value of 5000. Default = 20 |
before -
Cursor
|
Returns the endpoints before the given cursor. |
last -
Int
|
Returns the last
n endpoints from the list. This must be given if before is given and has a maximum value of 5000. |
filter -
EndpointFieldFilter
|
Returns only the endpoints matching the filter. |
source -
EndpointSource
|
Describes the data source from which to retrieve the endpoints. This defaults to the Tanium Data Service source in the default Tanium endpoint namespace. |
refresh -
Cursor
|
Refreshes the endpoints collection identified by the given cursor, if possible. If so, this will invalidate the collection identifed by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available. This is primarily intended for use with the Tanium Server data source, where endpoint sensor readings may accumulate for many minutes beyond the original query response. |
Example
Query
query endpoints(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: EndpointFieldFilter,
$source: EndpointSource,
$refresh: Cursor
) {
endpoints(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter,
source: $source,
refresh: $refresh
) {
edges {
...EndpointEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
collectionInfo {
...EndpointCollectionInfoFragment
}
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": EndpointFieldFilter,
"source": EndpointSource,
"refresh": Cursor
}
Response
{
"data": {
"endpoints": {
"edges": [EndpointEdge],
"pageInfo": PageInfo,
"totalRecords": 123,
"collectionInfo": EndpointCollectionInfo
}
}
}
myAPITokens
Description
Returns the API tokens for the current user.
Stability Level: 3 - Stable
Response
Returns an
APITokenQueryPayload!
Example
Query
query myAPITokens {
myAPITokens {
tokens {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Response
{
"data": {
"myAPITokens": {
"tokens": [APIToken],
"error": SystemError
}
}
}
now
Description
The current server time. Useful to test your ability to query the server.
Stability Level: 3 - Stable
Response
Returns a
Time!
Example
Query
query now {
now
}
Response
{"data": {"now": "10:15:30Z"}}
packageSpecs
Description
Returns the matching package specs. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
PackageSpecConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the package specs after the given cursor. |
first -
Int
|
Returns the first
n package specs from the list. Default = 20 |
before -
Cursor
|
Returns the package specs before the given cursor. |
last -
Int
|
Returns the last n package specs from the list. |
filter -
FieldFilter
|
Returns only the package specs matching the filter. |
Example
Query
query packageSpecs(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
packageSpecs(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...PackageSpecEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": FieldFilter
}
Response
{
"data": {
"packageSpecs": {
"edges": [PackageSpecEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
packages
Description
Returns the matching packages.
Stability Level: 2 - Legacy Use packageSpecs instead, which has improved pagination and parameter support.
Response
Returns a
PackagePagination
Example
Query
query packages(
$paginationId: String,
$page: Int,
$perPage: Int,
$filterSet: String
) {
packages(
paginationId: $paginationId,
page: $page,
perPage: $perPage,
filterSet: $filterSet
) {
items {
...PackageFragment
}
pageInfo {
...PaginationInfoWithIDFragment
}
}
}
Variables
{
"paginationId": "abc123",
"page": 1,
"perPage": 100,
"filterSet": "xyz789"
}
Response
{
"data": {
"packages": {
"items": [Package],
"pageInfo": PaginationInfoWithID
}
}
}
patchDeployment
Description
Returns the Patch deployment that matches the referenced ID.
Use of this field requires the Tanium permission Patch Deployment - Read
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchDeployment
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query patchDeployment($ref: IdRefInput!) {
patchDeployment(ref: $ref) {
id
name
type
platform
contentSet {
...IdRefFragment
}
description
contentDeploymentType
patchLists {
...PatchListRefFragment
}
patches {
...IdRefFragment
}
targets {
...PatchTargetsFragment
}
schedule {
...PatchScheduleFragment
}
downloadImmediately
overrideBlocklists
restart
notifications {
...PatchNotificationsFragment
}
author {
...TaniumPlatformUserFragment
}
createdTime
updatedTime
stoppedTime
status
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"patchDeployment": {
"id": 4,
"name": "xyz789",
"type": "INSTALL",
"platform": "WINDOWS",
"contentSet": IdRef,
"description": "abc123",
"contentDeploymentType": "MANUAL_SELECTION",
"patchLists": [PatchListRef],
"patches": [IdRef],
"targets": PatchTargets,
"schedule": PatchSchedule,
"downloadImmediately": false,
"overrideBlocklists": true,
"restart": false,
"notifications": PatchNotifications,
"author": TaniumPlatformUser,
"createdTime": "10:15:30Z",
"updatedTime": "10:15:30Z",
"stoppedTime": "10:15:30Z",
"status": "INACTIVE"
}
}
}
relationshipTypes
Description
Returns all configuration item relationship types from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipTypeResult
Example
Query
query relationshipTypes {
relationshipTypes {
items {
...RelationshipTypeFragment
}
}
}
Response
{
"data": {
"relationshipTypes": {"items": [RelationshipType]}
}
}
report
Description
Returns the report that matches the referenced ID.
Stability Level: 3 - Stable
Response
Returns a
Report
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query report($ref: IdRefInput!) {
report(ref: $ref) {
id
name
description
contentSet {
...NamedRefFragment
}
labels
createdTime
author {
...PrincipalFragment
}
modifiedTime
lastModifiedBy {
...PrincipalFragment
}
moduleName
favorite
viewDetails {
...ReportViewFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"report": {
"id": 4,
"name": "abc123",
"description": "abc123",
"contentSet": NamedRef,
"labels": ["xyz789"],
"createdTime": "10:15:30Z",
"author": Principal,
"modifiedTime": "10:15:30Z",
"lastModifiedBy": Principal,
"moduleName": "xyz789",
"favorite": false,
"viewDetails": ReportView
}
}
}
reportExport
Description
Exports the definition of the identified report. The exported definition can be used with the API Gateway reportImport mutation to recreate the report in a different Tanium environment.
Stability Level: 3 - Stable
Response
Returns a
ReportExportPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query reportExport($ref: IdRefInput!) {
reportExport(ref: $ref) {
reportDefinition
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"reportExport": {
"reportDefinition": "abc123"
}
}
}
reportResultData
Description
Retrieves data for the specified report, including details of the report definition. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 15 minutes.
Stability Level: 3 - Stable
Response
Returns a
ReportResultDataConnection
Arguments
| Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the report to retrieve result data for. |
after -
Cursor
|
Returns the report result data records after the given cursor. |
first -
Int
|
Returns the first
n report result data records from the list. Default = 20 |
before -
Cursor
|
Returns the report result data records before the given cursor. |
last -
Int
|
Returns the last n report result data records from the list. |
refresh -
Cursor
|
Refreshes the report result data collection identified by the given cursor, if possible. If so, this will invalidate the collection identified by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available. |
Example
Query
query reportResultData(
$id: ID!,
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$refresh: Cursor
) {
reportResultData(
id: $id,
after: $after,
first: $first,
before: $before,
last: $last,
refresh: $refresh
) {
viewDetails {
...ReportViewFragment
}
edges {
...ReportResultDataEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
collectionInfo {
...ReportResultDataCollectionInfoFragment
}
}
}
Variables
{
"id": 4,
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"refresh": Cursor
}
Response
{
"data": {
"reportResultData": {
"viewDetails": ReportView,
"edges": [ReportResultDataEdge],
"pageInfo": PageInfo,
"totalRecords": 123,
"collectionInfo": ReportResultDataCollectionInfo
}
}
}
reports
Description
Returns the matching reports.
Stability Level: 3 - Stable
Response
Returns a
ReportConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the reports after the given cursor. |
first -
Int
|
Returns the first
n reports from the list. Default = 20 |
before -
Cursor
|
Returns the reports before the given cursor. |
last -
Int
|
Returns the last n reports from the list. |
filter -
ReportFieldFilter
|
Returns only the reports matching the filter. |
Example
Query
query reports(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: ReportFieldFilter
) {
reports(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ReportEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": ReportFieldFilter
}
Response
{
"data": {
"reports": {
"edges": [ReportEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
scheduledAction
Description
Finds the identified scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledAction
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
query scheduledAction($ref: IdRefInput!) {
scheduledAction(ref: $ref) {
id
targets {
...ActionTargetsFragment
}
package {
...PackageRefFragment
}
distributeSeconds
expireSeconds
endTime
issueSeconds
startTime
name
comment
approved
issueCount
lastStartTime
nextStartTime
status
creator {
...PrincipalFragment
}
approver {
...PrincipalFragment
}
metadata {
...MetadataFragment
}
lastAction {
...ActionFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledAction": {
"id": 4,
"targets": ActionTargets,
"package": PackageRef,
"distributeSeconds": 123,
"expireSeconds": 123,
"endTime": "10:15:30Z",
"issueSeconds": 123,
"startTime": "10:15:30Z",
"name": "abc123",
"comment": "abc123",
"approved": false,
"issueCount": 987,
"lastStartTime": "10:15:30Z",
"nextStartTime": "10:15:30Z",
"status": "ENABLED",
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"lastAction": Action
}
}
}
scheduledActions
Description
Returns the matching scheduled actions. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the scheduled actions after the given cursor. |
first -
Int
|
Returns the first
n scheduled actions from the list. Default = 20 |
before -
Cursor
|
Returns the scheduled actions before the given cursor. |
last -
Int
|
Returns the last n scheduled actions from the list. |
filter -
FieldFilter
|
Returns only the scheduled actions matching the filter. The filter must be either a simple filter or a compound filter with a single set of simple child filters which all must match. The paths which support filtering include: |
Example
Query
query scheduledActions(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
scheduledActions(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ScheduledActionEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": FieldFilter
}
Response
{
"data": {
"scheduledActions": {
"edges": [ScheduledActionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
sensors
Description
Returns the matching sensors. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
SensorConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the sensors after the given cursor. |
first -
Int
|
Returns the first
n sensors from the list. Default = 2000 |
before -
Cursor
|
Returns the sensors before the given cursor. |
last -
Int
|
Returns the last n sensors from the list. |
filter -
FieldFilter
|
Returns only the sensors matching the filter. |
includeHidden -
Boolean!
|
Whether to include hidden sensors in the results. Default = false |
Example
Query
query sensors(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter,
$includeHidden: Boolean!
) {
sensors(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter,
includeHidden: $includeHidden
) {
edges {
...SensorEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 2000,
"before": Cursor,
"last": 987,
"filter": FieldFilter,
"includeHidden": false
}
Response
{
"data": {
"sensors": {
"edges": [SensorEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
softwareDeployment
Description
Returns the details of software package deployments. If you specify a deployment ID, this returns the details of that deployment. If you do not specify a deployment ID, this returns the details of all deployments.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns
[SoftwareDeploymentDetails!]!
Arguments
| Name | Description |
|---|---|
id -
ID
|
The ID of a software package deployment, such as the ID returned by manageSoftware. |
Example
Query
query softwareDeployment($id: ID) {
softwareDeployment(id: $id) {
ID
name
errors {
...SoftwareDeploymentErrorCountFragment
}
status {
...SoftwareDeploymentStatusFragment
}
}
}
Variables
{"id": 4}
Response
{
"data": {
"softwareDeployment": [
{
"ID": 4,
"name": "xyz789",
"errors": [SoftwareDeploymentErrorCount],
"status": SoftwareDeploymentStatus
}
]
}
}
softwarePackages
Description
Returns the software package catalog from Deploy.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns a
SoftwarePackageConnection
Example
Query
query softwarePackages(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
softwarePackages(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...SoftwarePackageEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 987,
"before": Cursor,
"last": 123
}
Response
{
"data": {
"softwarePackages": {
"edges": [SoftwarePackageEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
}
}
Mutations
actionCreate
Description
Creates an action.
Stability Level: 3 - Stable
Response
Returns an
ActionCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ActionCreateInput!
|
Example
Query
mutation actionCreate($input: ActionCreateInput!) {
actionCreate(input: $input) {
action {
...ActionFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionCreateInput}
Response
{
"data": {
"actionCreate": {
"action": Action,
"error": SystemError
}
}
}
actionGroupCreate
Description
Creates an action group from the given input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroupCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ActionGroupCreateInput!
|
Example
Query
mutation actionGroupCreate($input: ActionGroupCreateInput!) {
actionGroupCreate(input: $input) {
group {
...ActionGroupFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionGroupCreateInput}
Response
{
"data": {
"actionGroupCreate": {
"group": ActionGroup,
"error": SystemError
}
}
}
actionGroupDelete
Description
Deletes an action group with the given input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroupDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
Example
Query
mutation actionGroupDelete($ref: NamedRefInput!) {
actionGroupDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"actionGroupDelete": {"id": 4, "error": SystemError}
}
}
actionPerform
Description
Creates the actions or scheduled actions necessary to perform the request. This can run a specific package or a registered operation.
Stability Level: 3 - Stable
Response
Returns an
ActionPerformPayload!
Arguments
| Name | Description |
|---|---|
input -
ActionPerformInput!
|
Example
Query
mutation actionPerform($input: ActionPerformInput!) {
actionPerform(input: $input) {
scheduledActions {
...ActionPerformPlatformFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionPerformInput}
Response
{
"data": {
"actionPerform": {
"scheduledActions": [ActionPerformPlatform],
"error": SystemError
}
}
}
actionStop
Description
Stops an action in progress.
Stability Level: 3 - Stable
Response
Returns an
ActionStopPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
mutation actionStop($ref: IdRefInput!) {
actionStop(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"actionStop": {
"id": "4",
"error": SystemError
}
}
}
apiTokenGrant
Description
Creates an API token for the current user.
If you specify a persona, the created token uses the persona's permissions.
Stability Level: 3 - Stable
Response
Returns an
APITokenGrantPayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenGrantInput!
|
Example
Query
mutation apiTokenGrant($input: APITokenGrantInput!) {
apiTokenGrant(input: $input) {
token {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenGrantInput}
Response
{
"data": {
"apiTokenGrant": {
"token": APIToken,
"error": SystemError
}
}
}
apiTokenRevoke
Description
Deletes the API token with the specified ID.
Stability Level: 3 - Stable
Response
Returns an
APITokenRevokePayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenRevokeInput!
|
Example
Query
mutation apiTokenRevoke($input: APITokenRevokeInput!) {
apiTokenRevoke(input: $input) {
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenRevokeInput}
Response
{"data": {"apiTokenRevoke": {"error": SystemError}}}
apiTokenRotate
Description
Rotates the API token with the specified token string.
The new API token maintains applicable properties of the original API token, including persona, trusted IP addresses and notes.
Stability Level: 3 - Stable
Response
Returns an
APITokenRotatePayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenRotateInput!
|
Example
Query
mutation apiTokenRotate($input: APITokenRotateInput!) {
apiTokenRotate(input: $input) {
token {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenRotateInput}
Response
{
"data": {
"apiTokenRotate": {
"token": APIToken,
"error": SystemError
}
}
}
assetProducts
Description
Changes product usage gathering metrics
Use of this field requires the Tanium permission asset api user write
Stability Level: 3 - Stable
Response
Returns an
AssetProductsPayload
Arguments
| Name | Description |
|---|---|
input -
[AssetProductsInput!]!
|
Example
Query
mutation assetProducts($input: [AssetProductsInput!]!) {
assetProducts(input: $input) {
products {
...AssetProductsResultFragment
}
}
}
Variables
{"input": [AssetProductsInput]}
Response
{
"data": {
"assetProducts": {"products": [AssetProductsResult]}
}
}
assetsImport
Description
Creates or updates assets for the Asset solution.
Use of this field requires the Tanium permission asset api user write
Stability Level: 3 - Stable
Response
Returns an
AssetsImportPayload!
Arguments
| Name | Description |
|---|---|
input -
AssetsImportInput!
|
Example
Query
mutation assetsImport($input: AssetsImportInput!) {
assetsImport(input: $input) {
assets {
...AssetImportPayloadFragment
}
}
}
Variables
{"input": AssetsImportInput}
Response
{
"data": {
"assetsImport": {"assets": [AssetImportPayload]}
}
}
closeDirectConnection
Description
Closes an open Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectClose instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
CloseDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
CloseDirectConnectionInput!
|
Example
Query
mutation closeDirectConnection($input: CloseDirectConnectionInput!) {
closeDirectConnection(input: $input) {
result
}
}
Variables
{"input": CloseDirectConnectionInput}
Response
{"data": {"closeDirectConnection": {"result": true}}}
computerGroupCreate
Description
Creates a standard computer group from the given input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ComputerGroupCreateInput!
|
Example
Query
mutation computerGroupCreate($input: ComputerGroupCreateInput!) {
computerGroupCreate(input: $input) {
group {
...ComputerGroupFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ComputerGroupCreateInput}
Response
{
"data": {
"computerGroupCreate": {
"group": ComputerGroup,
"error": SystemError
}
}
}
computerGroupDelete
Description
Deletes a computer group with the given input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
Example
Query
mutation computerGroupDelete($ref: NamedRefInput!) {
computerGroupDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"computerGroupDelete": {
"id": "4",
"error": SystemError
}
}
}
deleteConfigurationItemElement
Description
Deletes the specified configuration item elements. Only customer-supplied elements can be deleted.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
DeleteConfigurationItemElementResult
Arguments
| Name | Description |
|---|---|
input -
DeleteConfigurationItemElementInput!
|
Example
Query
mutation deleteConfigurationItemElement($input: DeleteConfigurationItemElementInput!) {
deleteConfigurationItemElement(input: $input) {
error
}
}
Variables
{"input": DeleteConfigurationItemElementInput}
Response
{
"data": {
"deleteConfigurationItemElement": {
"error": "xyz789"
}
}
}
deleteRelationship
Description
Deletes the specified relationships.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipResult
Arguments
| Name | Description |
|---|---|
relationships -
DeleteRelationshipInput
|
Example
Query
mutation deleteRelationship($relationships: DeleteRelationshipInput) {
deleteRelationship(relationships: $relationships) {
items {
...RelationshipFragment
}
}
}
Variables
{"relationships": DeleteRelationshipInput}
Response
{
"data": {
"deleteRelationship": {"items": [Relationship]}
}
}
directConnectClose
Description
Closes an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write
Stability Level: 3 - Stable
Response
Returns a
DirectConnectClosePayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectCloseInput!
|
Example
Query
mutation directConnectClose($input: DirectConnectCloseInput!) {
directConnectClose(input: $input) {
result
}
}
Variables
{"input": DirectConnectCloseInput}
Response
{"data": {"directConnectClose": {"result": false}}}
directConnectOpen
Description
Initiates a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.
A response will be returned within 25 seconds. If the connection has not been successfully established within that time frame, you can use the directConnectConnectionStatus query with the returned connection ID to poll for readiness.
An open connection is closed after 5 minutes of inactivity.
Connections opened with directConnectOpen are compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.
Connections opened with directConnectOpen are not compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write
Stability Level: 3 - Stable
Response
Returns a
DirectConnectOpenPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectOpenInput!
|
Example
Query
mutation directConnectOpen($input: DirectConnectOpenInput!) {
directConnectOpen(input: $input) {
connectionID
status
}
}
Variables
{"input": DirectConnectOpenInput}
Response
{
"data": {
"directConnectOpen": {
"connectionID": "4",
"status": "UNKNOWN"
}
}
}
directConnectPing
Description
Performs a ping to an endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write
Stability Level: 3 - Stable
Response
Returns a
DirectConnectPingPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectPingInput!
|
Example
Query
mutation directConnectPing($input: DirectConnectPingInput!) {
directConnectPing(input: $input) {
result
}
}
Variables
{"input": DirectConnectPingInput}
Response
{"data": {"directConnectPing": {"result": false}}}
directConnectProcessTerminate
Description
Terminates the specified process on an endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect, Performance solutions.
Use of this field requires the Tanium permission Performance Kill Process
Stability Level: 3 - Stable
Response
Returns a
DirectConnectProcessTerminatePayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectProcessTerminateInput!
|
Example
Query
mutation directConnectProcessTerminate($input: DirectConnectProcessTerminateInput!) {
directConnectProcessTerminate(input: $input) {
result
}
}
Variables
{"input": DirectConnectProcessTerminateInput}
Response
{"data": {"directConnectProcessTerminate": {"result": false}}}
discoverInterfaceAddLabel
Description
Adds standard labels to specific Discover interfaces.
Use of this field requires the Tanium permission Discover Tag - Write
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceAddLabelPayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverInterfaceAddLabelInput!
|
Example
Query
mutation discoverInterfaceAddLabel($input: DiscoverInterfaceAddLabelInput!) {
discoverInterfaceAddLabel(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverInterfaceAddLabelInput}
Response
{
"data": {
"discoverInterfaceAddLabel": {
"cursor": Cursor,
"success": true,
"error": SystemError
}
}
}
discoverInterfaceRemoveLabel
Description
Removes standard labels from specific Discover interfaces.
Use of this field requires the Tanium permission Discover Tag - Write
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceAddLabelPayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverInterfaceRemoveLabelInput!
|
Example
Query
mutation discoverInterfaceRemoveLabel($input: DiscoverInterfaceRemoveLabelInput!) {
discoverInterfaceRemoveLabel(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverInterfaceRemoveLabelInput}
Response
{
"data": {
"discoverInterfaceRemoveLabel": {
"cursor": Cursor,
"success": true,
"error": SystemError
}
}
}
discoverLabelCreate
Description
Creates a Discover label from the given input.
Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write
Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverLabelCreateInput!
|
Example
Query
mutation discoverLabelCreate($input: DiscoverLabelCreateInput!) {
discoverLabelCreate(input: $input) {
label {
...DiscoverLabelFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverLabelCreateInput}
Response
{
"data": {
"discoverLabelCreate": {
"label": DiscoverLabel,
"error": SystemError
}
}
}
discoverLabelDelete
Description
Deletes a Discover label with the given input.
Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write
Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedOnlyRefInput!
|
Example
Query
mutation discoverLabelDelete($ref: NamedOnlyRefInput!) {
discoverLabelDelete(ref: $ref) {
name
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
"data": {
"discoverLabelDelete": {
"name": "abc123",
"error": SystemError
}
}
}
importConfigurationItemEntities
Description
Imports the specified entities. If an id is specified, the existing entity matching that id is updated. If no id is specified, a new entity is created.
You can specify a maximum of 100 entities. The request fails if you exceed 100 entities. The response returns entities in the same order as specified in the input. Entities that fail to import have an errorMessage.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns an
ImportConfigurationItemEntitiesPayload!
Arguments
| Name | Description |
|---|---|
input -
[EntityInput!]!
|
Example
Query
mutation importConfigurationItemEntities($input: [EntityInput!]!) {
importConfigurationItemEntities(input: $input) {
entities {
...ImportConfigurationItemEntityPayloadFragment
}
importedCount
failedCount
}
}
Variables
{"input": [EntityInput]}
Response
{
"data": {
"importConfigurationItemEntities": {
"entities": [ImportConfigurationItemEntityPayload],
"importedCount": 123,
"failedCount": 123
}
}
}
killProcess
Description
Terminates the specified process on an endpoint using a Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectProcessTerminate instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
KillProcessPayload!
Arguments
| Name | Description |
|---|---|
input -
KillProcessInput!
|
Example
Query
mutation killProcess($input: KillProcessInput!) {
killProcess(input: $input) {
result
}
}
Variables
{"input": KillProcessInput}
Response
{"data": {"killProcess": {"result": false}}}
manageSoftware
Description
Creates a new Deploy software package deployment to install, update, or remove a software package.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns a
SoftwareDeploymentDetails!
Arguments
| Name | Description |
|---|---|
operation -
SoftwareOperation!
|
The operation to perform. |
softwarePackageID -
ID!
|
The ID of the software package in Deploy. |
target -
SoftwareTarget
|
The endpoints on which to perform the operation. |
start -
Time!
|
The date and time at which the operation runs on the endpoints. |
end -
Time!
|
The date and time after which endpoints will not run the operation. Operations that started might continue running after this time. |
description -
String
|
A description of the operation. |
Example
Query
mutation manageSoftware(
$operation: SoftwareOperation!,
$softwarePackageID: ID!,
$target: SoftwareTarget,
$start: Time!,
$end: Time!,
$description: String
) {
manageSoftware(
operation: $operation,
softwarePackageID: $softwarePackageID,
target: $target,
start: $start,
end: $end,
description: $description
) {
ID
name
errors {
...SoftwareDeploymentErrorCountFragment
}
status {
...SoftwareDeploymentStatusFragment
}
}
}
Variables
{
"operation": "INSTALL",
"softwarePackageID": "4",
"target": SoftwareTarget,
"start": "10:15:30Z",
"end": "10:15:30Z",
"description": "xyz789"
}
Response
{
"data": {
"manageSoftware": {
"ID": "4",
"name": "xyz789",
"errors": [SoftwareDeploymentErrorCount],
"status": SoftwareDeploymentStatus
}
}
}
mergeConfigurationItemElements
Description
Merges two configuration item elements. The target element must be private if the duplicate element is private. The two elements must inherit from the same class. The target element must be in the category of "ManagedEndpoint" or "UnmanagedEndpoint". The duplicate element must be in the category of "UnmanagedEndpoint" or "CustomerItem". If the duplicate element category is "UnmanagedEndpoint", it must have a namespace of "unmanaged_user_specified". Comments, details, and the relationships are copied. Duplicate relationships or inverse relationships are deleted. The duplicate element is deleted.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
MergeConfigurationItemElementsPayload!
Arguments
| Name | Description |
|---|---|
input -
MergeConfigurationItemElementsInput!
|
Example
Query
mutation mergeConfigurationItemElements($input: MergeConfigurationItemElementsInput!) {
mergeConfigurationItemElements(input: $input) {
element {
...ElementFragment
}
}
}
Variables
{"input": MergeConfigurationItemElementsInput}
Response
{
"data": {
"mergeConfigurationItemElements": {"element": Element}
}
}
openDirectConnection
Description
Establishes a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.
The connection is closed after 2 minutes of inactivity.
Connections opened with openDirectConnection are compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.
Connections opened with openDirectConnection are not compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectOpen instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns an
OpenDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
OpenDirectConnectionInput!
|
Example
Query
mutation openDirectConnection($input: OpenDirectConnectionInput!) {
openDirectConnection(input: $input) {
connectionID
}
}
Variables
{"input": OpenDirectConnectionInput}
Response
{
"data": {
"openDirectConnection": {
"connectionID": "4"
}
}
}
patchCreateDeployment
Description
Creates a Patch deployment.
Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchCreateDeploymentPayload!
Arguments
| Name | Description |
|---|---|
input -
PatchCreateDeploymentInput!
|
Example
Query
mutation patchCreateDeployment($input: PatchCreateDeploymentInput!) {
patchCreateDeployment(input: $input) {
deployment {
...PatchDeploymentFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": PatchCreateDeploymentInput}
Response
{
"data": {
"patchCreateDeployment": {
"deployment": PatchDeployment,
"error": SystemError
}
}
}
patchStopDeployment
Description
Stops the in-progress Patch deployment that matches the reference ID, or prevents the future-scheduled Patch deployment that matches the reference ID from starting at the start time. This has no effect on finished deployments.
Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchStopDeploymentPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
mutation patchStopDeployment($ref: IdRefInput!) {
patchStopDeployment(ref: $ref) {
deployment {
...PatchDeploymentFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"patchStopDeployment": {
"deployment": PatchDeployment,
"error": SystemError
}
}
}
ping
Description
Returns true. Useful to test your ability to issue commands to the server.
Stability Level: 3 - Stable
Response
Returns a
Boolean!
Example
Query
mutation ping {
ping
}
Response
{"data": {"ping": false}}
pingDirectConnection
Description
Performs a ping to an endpoint using a Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectPing instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
PingDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
PingDirectConnectionInput!
|
Example
Query
mutation pingDirectConnection($input: PingDirectConnectionInput!) {
pingDirectConnection(input: $input) {
result
}
}
Variables
{"input": PingDirectConnectionInput}
Response
{"data": {"pingDirectConnection": {"result": false}}}
reportImport
Description
Imports a report definition that was previously exported using the API Gateway reportExport query.
Stability Level: 3 - Stable
Response
Returns a
ReportImportPayload!
Arguments
| Name | Description |
|---|---|
input -
ReportImportInput!
|
Example
Query
mutation reportImport($input: ReportImportInput!) {
reportImport(input: $input) {
report {
...ReportFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ReportImportInput}
Response
{
"data": {
"reportImport": {
"report": Report,
"error": SystemError
}
}
}
scheduledActionApprove
Description
Approves a pending scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionApprovePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
mutation scheduledActionApprove($ref: IdRefInput!) {
scheduledActionApprove(ref: $ref) {
id
approved
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledActionApprove": {
"id": 4,
"approved": true,
"error": SystemError
}
}
}
scheduledActionCreate
Description
Creates a scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ScheduledActionCreateInput!
|
Example
Query
mutation scheduledActionCreate($input: ScheduledActionCreateInput!) {
scheduledActionCreate(input: $input) {
scheduledAction {
...ScheduledActionFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ScheduledActionCreateInput}
Response
{
"data": {
"scheduledActionCreate": {
"scheduledAction": ScheduledAction,
"error": SystemError
}
}
}
scheduledActionDelete
Description
Deletes a scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Example
Query
mutation scheduledActionDelete($ref: IdRefInput!) {
scheduledActionDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledActionDelete": {
"id": "4",
"error": SystemError
}
}
}
sensorHarvest
Description
Manages the registration of a sensor for harvest by TDS.
Note that when registering a sensor for harvest, the system must verify that the sensor is valid for harvest. This analysis may take several minutes. To accommodate this, the response may contain a cursor instead of a success or an error. When a response contains a cursor, the caller must call the mutation again with the cursor added to the input in order to poll for the terminal response.
It is not necessary to poll for the terminal response in order for a harvest to be successful, but it is not guaranteed that a harvest is successful unless the caller obtains a terminal successful response.
Stability Level: 3 - Stable
Response
Returns a
SensorHarvestPayload!
Arguments
| Name | Description |
|---|---|
input -
SensorHarvestInput!
|
Example
Query
mutation sensorHarvest($input: SensorHarvestInput!) {
sensorHarvest(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": SensorHarvestInput}
Response
{
"data": {
"sensorHarvest": {
"cursor": Cursor,
"success": false,
"error": SystemError
}
}
}
syncAssets
Description
Synchronizes assets from TDS.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
SyncAssetResult
Example
Query
mutation syncAssets {
syncAssets {
success
}
}
Response
{"data": {"syncAssets": {"success": true}}}
threatResponseAlertResolve
Description
Resolves the identified Threat Response alert.
Use of this field requires the Threat Response solution.
Stability Level: 3 - Stable
Response
Returns a
ThreatResponseAlertResolvePayload!
Arguments
| Name | Description |
|---|---|
ref -
ThreatResponseAlertRef!
|
Example
Query
mutation threatResponseAlertResolve($ref: ThreatResponseAlertRef!) {
threatResponseAlertResolve(ref: $ref) {
resolved
guid
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": ThreatResponseAlertRef}
Response
{
"data": {
"threatResponseAlertResolve": {
"resolved": false,
"guid": "4",
"error": SystemError
}
}
}
updateConfigurationItemProperties
Description
Updates properties related to configuration items.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns an
UpdateConfigurationItemPropertiesResult
Arguments
| Name | Description |
|---|---|
input -
UpdateConfigurationItemPropertiesInput!
|
Example
Query
mutation updateConfigurationItemProperties($input: UpdateConfigurationItemPropertiesInput!) {
updateConfigurationItemProperties(input: $input) {
userSpecifiedAssetsMaxAge
}
}
Variables
{"input": UpdateConfigurationItemPropertiesInput}
Response
{
"data": {
"updateConfigurationItemProperties": {"userSpecifiedAssetsMaxAge": 987}
}
}
upsertRelationship
Description
Creates or updates relationships between configuration items within the CMDB. Returns the created or updated relationships.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipResult
Arguments
| Name | Description |
|---|---|
payload -
[RelationshipPayload]!
|
Example
Query
mutation upsertRelationship($payload: [RelationshipPayload]!) {
upsertRelationship(payload: $payload) {
items {
...RelationshipFragment
}
}
}
Variables
{"payload": [RelationshipPayload]}
Response
{
"data": {
"upsertRelationship": {"items": [Relationship]}
}
}
Types
APIToken
Description
An authentication token that a user can use to make requests.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the API token. Stability Level: 3 - Stable |
tokenString -
String
|
The API token string value. This response field contains the string value only when the request creates or rotates a token, and otherwise does not contain a value. Stability Level: 3 - Stable |
trustedIPAddresses -
[String!]!
|
The list of trusted IP addresses in CIDR format that can use the API token. Examples: 92.0.2.0/24, 198.51.100.10 Stability Level: 3 - Stable |
notes -
String!
|
The notes for the API token. Stability Level: 3 - Stable |
persona -
Persona
|
The persona associated with the API token. Stability Level: 3 - Stable |
expiration -
Time!
|
The time at which the API token expires and is no longer valid. Stability Level: 3 - Stable |
lastUsed -
Time!
|
The time at which the API token was last used. Stability Level: 3 - Stable |
created -
Time!
|
The time at which the token was created. Stability Level: 3 - Stable |
Example
{
"id": 4,
"tokenString": "abc123",
"trustedIPAddresses": ["abc123"],
"notes": "abc123",
"persona": Persona,
"expiration": "10:15:30Z",
"lastUsed": "10:15:30Z",
"created": "10:15:30Z"
}
APITokenGrantInput
Description
A request to create an API token for the current user.
Fields
| Input Field | Description |
|---|---|
trustedIPAddresses -
[String!]!
|
The list of trusted IP addresses in CIDR format that can use the API token. Examples: 92.0.2.0/24, 198.51.100.10 |
expiresInDays -
Int
|
The number of days before the API token expires. |
personaName -
String
|
The persona associated with the API token. |
notes -
String
|
The notes for the usage of the API token. |
Example
{
"trustedIPAddresses": ["abc123"],
"expiresInDays": 987,
"personaName": "xyz789",
"notes": "abc123"
}
APITokenGrantPayload
Description
A response to a request to create an API token.
Fields
| Field Name | Description |
|---|---|
token -
APIToken
|
The token created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"token": APIToken,
"error": SystemError
}
APITokenQueryPayload
Description
A response to a request to query API tokens.
Fields
| Field Name | Description |
|---|---|
tokens -
[APIToken!]
|
API tokens returned by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"tokens": [APIToken],
"error": SystemError
}
APITokenRevokeInput
Description
A request to revoke an API token.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
The unique identifier of the API token to revoke. |
Example
{"id": 4}
APITokenRevokePayload
Description
A response to a request to revoke an API token.
Fields
| Field Name | Description |
|---|---|
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"error": SystemError}
APITokenRotateInput
Description
A request to create an API token for the current user.
Fields
| Input Field | Description |
|---|---|
tokenString -
String!
|
The token string of the API token to rotate. |
Example
{"tokenString": "abc123"}
APITokenRotatePayload
Description
A response to a request to rotate an API token.
Fields
| Field Name | Description |
|---|---|
token -
APIToken
|
The token created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"token": APIToken,
"error": SystemError
}
Action
Description
An action.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the action. Stability Level: 3 - Stable |
name -
String!
|
The name of the action. Stability Level: 3 - Stable |
comment -
String!
|
A short description of the action. Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which the action is active. Stability Level: 3 - Stable |
creationTime -
Time
|
The time at which the action was created. Stability Level: 3 - Stable |
startTime -
Time
|
The time at which the action started. Stability Level: 3 - Stable |
expirationTime -
Time
|
The time at which the action expired. Stability Level: 3 - Stable |
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. Stability Level: 3 - Stable |
status -
ActionStatus
|
The status of the action. Stability Level: 3 - Stable |
stoppedFlag -
Boolean
|
Indicates the action is stopped. Stability Level: 3 - Stable |
targets -
ActionTargets!
|
The endpoints on which the action runs. Stability Level: 3 - Stable |
package -
PackageRef!
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
scheduledAction -
ScheduledAction
|
The scheduled action that created this action. Stability Level: 3 - Stable |
stopped -
Boolean!
|
Indicates the action is stopped. Stability Level: 3 - Stable |
creator -
Principal!
|
The action's creator. Stability Level: 3 - Stable |
approver -
Principal
|
The action's approver, if any. Stability Level: 3 - Stable |
metadata -
[Metadata!]!
|
The Tanium server metadata about the action. Stability Level: 3 - Stable |
results -
ActionResults!
|
The results of running the action. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"comment": "abc123",
"expireSeconds": 123,
"creationTime": "10:15:30Z",
"startTime": "10:15:30Z",
"expirationTime": "10:15:30Z",
"distributeSeconds": 987,
"status": "OPEN",
"stoppedFlag": true,
"targets": ActionTargets,
"package": PackageRef,
"scheduledAction": ScheduledAction,
"stopped": true,
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"results": ActionResults
}
ActionActionGroupInput
Description
Identifies an existing action group.
Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the action group, and the name is ignored.
Example
{"id": 4, "name": "abc123"}
ActionCreateInput
Description
A request to create an action.
Fields
| Input Field | Description |
|---|---|
targets -
ActionTargetsInput!
|
The endpoints on which the action runs. |
package -
PackageRefInput!
|
The package containing the action script and any other files. |
schedule -
ActionScheduleInput
|
The schedule on which the action runs. By default, the action runs immediately. |
name -
String
|
The action name. Note that actions are not required to have unique names. |
comment -
String
|
A short description. |
Example
{
"targets": ActionTargetsInput,
"package": PackageRefInput,
"schedule": ActionScheduleInput,
"name": "abc123",
"comment": "abc123"
}
ActionCreatePayload
Description
The result of creating an action.
Fields
| Field Name | Description |
|---|---|
action -
Action
|
The newly created action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"action": Action,
"error": SystemError
}
ActionGroup
Description
Defines which endpoints are the targets for actions.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the action group. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the action group. Stability Level: 3 - Stable |
visibility -
ActionGroupVisibility!
|
Defines which visibility setting to use. Stability Level: 3 - Stable |
userGroups -
[NamedRef!]
|
Defines which user groups can see the action group. This applies only when visibility is set to Stability Level: 3 - Stable |
computerGroups -
[ComputerGroup!]!
|
The set of computer groups that the action group targets. Stability Level: 3 - Stable |
any -
Boolean!
|
Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"visibility": "ADMIN",
"userGroups": [NamedRef],
"computerGroups": [ComputerGroup],
"any": true
}
ActionGroupConnection
Description
A page of action group edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ActionGroupEdge!]!
|
The list of action group edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the action group collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of action group records available. Stability Level: 3 - Stable |
Example
{
"edges": [ActionGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ActionGroupCreateInput
Description
Creates an action group from the given input.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the action group. |
visibility -
ActionGroupVisibility!
|
Defines which visibility setting to use. |
userGroups -
[NamedRefInput!]
|
Defines which user groups can see the action group. This applies only when visibility is set to |
computerGroups -
[NamedRefInput!]!
|
The set of computer groups that the action group targets. |
any -
Boolean!
|
Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups. |
Example
{
"name": "xyz789",
"visibility": "ADMIN",
"userGroups": [NamedRefInput],
"computerGroups": [NamedRefInput],
"any": false
}
ActionGroupCreatePayload
Description
A response to a request to create an action group.
Fields
| Field Name | Description |
|---|---|
group -
ActionGroup
|
The action group created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"group": ActionGroup,
"error": SystemError
}
ActionGroupDeletePayload
Description
A response to a request to delete an action group.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The unique identifier of the deleted action group. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"id": 4, "error": SystemError}
ActionGroupEdge
Description
An action group within a page.
Fields
| Field Name | Description |
|---|---|
node -
ActionGroup!
|
The action group. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ActionGroup,
"cursor": Cursor
}
ActionGroupVisibility
Description
Defines the visibility of action groups.
Values
| Enum Value | Description |
|---|---|
|
|
Only admins can see this action group. Stability Level: 3 - Stable |
|
|
All users can see this action group. Stability Level: 3 - Stable |
|
|
Only specific user groups can see this action group. Stability Level: 3 - Stable |
Example
"ADMIN"
ActionOperationChangeClientSettingInput
Description
A request to change a Tanium Client setting on an endpoint.
Fields
| Input Field | Description |
|---|---|
name -
ActionOperationChangeClientSettingName!
|
The name of the client setting to change. |
value -
String!
|
The new client setting value. |
Example
{
"name": "LogVerbosityLevel",
"value": "abc123"
}
ActionOperationChangeClientSettingName
Description
A Tanium Client setting name.
Values
| Enum Value | Description |
|---|---|
|
|
Sets the amount of logging. Stability Level: 3 - Stable |
|
|
Randomizes sensor execution (useful for VDI environments). The maximum randomization value is 3600 seconds. Note that this does not affect intrinsic sensors like Stability Level: 3 - Stable |
|
|
Enables encryption and protection of sensor queries in sensor.db, NodeState, and ActionManager state. Stability Level: 3 - Stable |
|
|
The hot cache to cold cache setting percentage. Stability Level: 3 - Stable |
Example
"LogVerbosityLevel"
ActionOperationCollectActiveDirectoryInfoInput
Description
A request to collect Active Directory information on an endpoint.
Fields
| Input Field | Description |
|---|---|
minimumMinutesBetweenRuns -
Int
|
The minimum number of minutes to allow between collection runs. This must be a non-negative number. |
Example
{"minimumMinutesBetweenRuns": 123}
ActionOperationInput
Description
A request to perform a registered operation. You can choose only one operation.
Fields
| Input Field | Description |
|---|---|
addTags -
[String!]
|
Adds the set of custom tags to the endpoints. Tags may not contain whitespace or the This uses the |
removeTags -
[String!]
|
Removes the set of custom tags from the endpoints. Tags may not contain whitespace or the This uses the |
changeClientSetting -
ActionOperationChangeClientSettingInput
|
Changes the specified Tanium Client setting on the endpoints. The string value must be coercible to the correct type for the named setting. This uses the |
startService -
String
|
Starts the named service on the endpoints. This uses the |
stopService -
String
|
Stops the named service on the endpoints. This uses the |
restartService -
String
|
Restarts the named service on the endpoints. This uses the |
reboot -
ActionOperationRebootInput
|
Reboots the endpoints. This uses the |
collectActiveDirectoryInfo -
ActionOperationCollectActiveDirectoryInfoInput
|
Collects Active Directory information about the endpoints. This is only available for Windows and Mac operating systems. This uses the |
Example
{
"addTags": ["abc123"],
"removeTags": ["abc123"],
"changeClientSetting": ActionOperationChangeClientSettingInput,
"startService": "xyz789",
"stopService": "abc123",
"restartService": "xyz789",
"reboot": ActionOperationRebootInput,
"collectActiveDirectoryInfo": ActionOperationCollectActiveDirectoryInfoInput
}
ActionOperationRebootInput
Description
A request to reboot an endpoint.
Fields
| Input Field | Description |
|---|---|
randomDelaySeconds -
Int
|
Specifies the total potential number of seconds to delay before rebooting. The actual delay on each endpoint will be randomly chosen. This must be a non-negative number. |
Example
{"randomDelaySeconds": 987}
ActionPerformInput
Description
A request to create the actions or scheduled actions necessary to run a package or a registered operation. Exactly one of package or operation must be given.
If an operation is specified, an action or scheduled action will be created for each set of endpoint operating systems supported by the underlying packages. If the targets input specifies any platforms, they must be included in the set of operating systems supported by the operation's packages.
The schedule field controls the schedule on which the actions run, including if it runs only once or recurs.
The top-level result of performing an action are always scheduled actions for consistency, even if they only create a single action.
Fields
| Input Field | Description |
|---|---|
targets -
ActionTargetsInput!
|
The endpoints on which the actions run. |
package -
PackageRefInput
|
The package containing the action script and any other files. |
operation -
ActionOperationInput
|
The single registered operation to run. Operations are abstractions declared atop one or more packages that perform the same logical job on various endpoint operating systems. |
schedule -
ActionPerformScheduleInput
|
The schedule on which the actions run. |
name -
String
|
The action name. Note that actions are not required to have unique names. |
comment -
String
|
A short description. |
Example
{
"targets": ActionTargetsInput,
"package": PackageRefInput,
"operation": ActionOperationInput,
"schedule": ActionPerformScheduleInput,
"name": "xyz789",
"comment": "xyz789"
}
ActionPerformPayload
Description
The result of performing an action.
Fields
| Field Name | Description |
|---|---|
scheduledActions -
[ActionPerformPlatform!]
|
The list of scheduled actions and the operating systems on which they run, if known. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"scheduledActions": [ActionPerformPlatform],
"error": SystemError
}
ActionPerformPlatform
Description
A scheduled action and the operating systems on which it runs.
Fields
| Field Name | Description |
|---|---|
platforms -
[EndpointPlatform!]
|
The list of operating systems on which the scheduled action runs. This is only populated for actions performed for a registered operation. Stability Level: 3 - Stable |
scheduledAction -
ScheduledAction!
|
The scheduled action. Stability Level: 3 - Stable |
Example
{
"platforms": ["Unknown"],
"scheduledAction": ScheduledAction
}
ActionPerformScheduleInput
Description
The schedule on which the action should run.
Fields
| Input Field | Description |
|---|---|
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. This defaults to |
expireSeconds -
Int
|
The time for which any given action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the |
reissueSeconds -
Int
|
The time between recurring action runs. If this is |
startTime -
Time
|
The start time of the action. This defaults to the current time. |
endTime -
Time
|
The end time of a scheduled action. If |
Example
{
"distributeSeconds": 123,
"expireSeconds": 123,
"reissueSeconds": 987,
"startTime": "10:15:30Z",
"endTime": "10:15:30Z"
}
ActionResults
Description
The results of an action.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID of the action. Stability Level: 3 - Stable |
waiting -
Int!
|
The number of endpoints waiting to run the action. Stability Level: 3 - Stable |
downloading -
Int!
|
The number of endpoints downloading the action package. Stability Level: 3 - Stable |
running -
Int!
|
The number of endpoints currently running the action. Stability Level: 3 - Stable |
waitingToRetry -
Int!
|
The number of endpoints waiting to retry a failed action run. Stability Level: 3 - Stable |
completed -
Int!
|
The number of endpoints that have completed the action. Stability Level: 3 - Stable |
expired -
Int!
|
The number of endpoints for which the action has expired. Stability Level: 3 - Stable |
failed -
Int!
|
The number of endpoints for which the action run failed. Stability Level: 3 - Stable |
pendingVerification -
Int!
|
The number of endpoints waiting to verify the action. Stability Level: 3 - Stable |
verified -
Int!
|
The number of endpoints that have verified the action. Stability Level: 3 - Stable |
failedVerification -
Int!
|
The number of endpoints that failed to verify the action. Stability Level: 3 - Stable |
Example
{
"id": 4,
"waiting": 987,
"downloading": 123,
"running": 987,
"waitingToRetry": 987,
"completed": 987,
"expired": 123,
"failed": 987,
"pendingVerification": 987,
"verified": 987,
"failedVerification": 123
}
ActionScheduleInput
Description
The schedule on which the action should run.
Fields
| Input Field | Description |
|---|---|
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. This defaults to |
expireSeconds -
Int
|
The time for which the action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the |
startTime -
Time
|
The start time of the action. This defaults to the current time. |
Example
{
"distributeSeconds": 123,
"expireSeconds": 123,
"startTime": "10:15:30Z"
}
ActionStatus
Description
The action status values.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"OPEN"
ActionStopPayload
Description
The result of stopping an action.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The ID of the action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"error": SystemError
}
ActionTargetGroupInput
Description
Identifies or describes a target group. Exactly one of id, name, or filter must be specified. The first two fields (id, name) identify an existing group. The last field (filter) describes a transient group, created for this action.
If you define name and id, only the id is used to identify the computer group, and the name is ignored.
Fields
| Input Field | Description |
|---|---|
id -
ID
|
The ID of the group. |
name -
String
|
The name of the group. |
filter -
ComputerGroupFilter
|
The filter describing the endpoints that comprise the group. |
Example
{
"id": 4,
"name": "xyz789",
"filter": ComputerGroupFilter
}
ActionTargets
Description
The endpoints on which an action runs. An endpoint must belong to both groups in order to run the action.
Example
{
"actionGroup": NamedRef,
"targetGroup": NamedRef
}
ActionTargetsInput
Description
The endpoints on which an action runs. Each field describes a condition; the action runs on only the endpoints that satisfy every condition.
Fields
| Input Field | Description |
|---|---|
actionGroup -
ActionActionGroupInput
|
Identifies the existing action group to which the endpoints must belong. This defaults to the |
targetGroup -
ActionTargetGroupInput
|
Identifies or describes the target group to which the endpoints must belong. This defaults to the |
platforms -
[EndpointPlatform!]
|
Specifies the set of endpoint operating systems on which the action runs ( |
endpoints -
[ID!]
|
Specifies a set of 25 or fewer identified endpoints on which the action runs. Retrieve endpoint IDs using the |
Example
{
"actionGroup": ActionActionGroupInput,
"targetGroup": ActionTargetGroupInput,
"platforms": ["Unknown"],
"endpoints": ["4"]
}
Any
Description
An untyped value.
Example
Any
Asset
Description
A generic asset, such as an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID. This is reasonably guaranteed to be stable. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the asset. Example: workstation-1.company.com Stability Level: 3 - Stable |
serialNumber -
String!
|
The serial number provided by the manufacturer. Example: 123ABC1 Stability Level: 3 - Stable |
manufacturer -
String!
|
The asset manufacturer. Example: Dell Stability Level: 3 - Stable |
model -
String!
|
The asset model. Example: OptiPlex 7050 Stability Level: 3 - Stable |
configurationItem -
ConfigurationItem
|
The CMDB reference IDs for the asset. Use of this field requires the Atlas solution. Stability Level: 3 - Stable |
Possible Types
| Asset Types |
|---|
Example
{
"id": 4,
"name": "abc123",
"serialNumber": "xyz789",
"manufacturer": "abc123",
"model": "abc123",
"configurationItem": ConfigurationItem
}
AssetImportPayload
Description
Result for a single asset import.
Fields
| Field Name | Description |
|---|---|
id -
Int
|
The unique asset ID. Stability Level: 3 - Stable |
index -
Int!
|
Index from the Stability Level: 3 - Stable |
status -
AssetImportStatus!
|
Status of the asset import. Stability Level: 3 - Stable |
error -
String
|
Reason for Error/Failure. Stability Level: 3 - Stable |
Example
{
"id": 987,
"index": 123,
"status": "NoChange",
"error": "abc123"
}
AssetImportStatus
Description
Status of a given asset's import.
Values
| Enum Value | Description |
|---|---|
|
|
Asset import is successful. Existing asset did not update. Stability Level: 3 - Stable |
|
|
Asset import is successful, updated an existing asset. Stability Level: 3 - Stable |
|
|
Asset import is successful, created a new asset. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, key(s) became invalid because of conversions. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, key(s) is missing or empty. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, already imported in this mutation. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful. Stability Level: 3 - Stable |
Example
"NoChange"
AssetProduct
Description
The Asset product.
Fields
| Field Name | Description |
|---|---|
vendor -
String!
|
The product vendor name. Stability Level: 3 - Stable |
name -
String!
|
The product name. Stability Level: 3 - Stable |
installation -
AssetProductInstallation
|
Product installation details. Stability Level: 3 - Stable |
tracking -
AssetProductTracking
|
Product tracking details. Stability Level: 3 - Stable |
usage -
AssetProductUsage
|
Product usage details. Stability Level: 3 - Stable |
versions -
[AssetProductVersion!]
|
Product version details. Stability Level: 3 - Stable |
Example
{
"vendor": "abc123",
"name": "xyz789",
"installation": AssetProductInstallation,
"tracking": AssetProductTracking,
"usage": AssetProductUsage,
"versions": [AssetProductVersion]
}
AssetProductConnection
Description
A page of product edges.
Fields
| Field Name | Description |
|---|---|
edges -
[AssetProductEdge]!
|
The list of Asset product edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about this Asset product page. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total count of returned records. Stability Level: 3 - Stable |
Example
{
"edges": [AssetProductEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
AssetProductEdge
Description
A product within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
AssetProduct!
|
The Asset product. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": AssetProduct
}
AssetProductEndpoint
Description
The Asset product endpoint.
Fields
| Field Name | Description |
|---|---|
id -
Int
|
Asset ID. Stability Level: 3 - Stable |
eid -
Int
|
Endpoint ID (eid). Stability Level: 3 - Stable |
computerName -
String
|
The computer Name. Stability Level: 3 - Stable |
computerId -
String
|
The computer ID. Stability Level: 3 - Stable |
serialNumber -
String
|
The serial number. Stability Level: 3 - Stable |
osPlatform -
String
|
The OS platform. Stability Level: 3 - Stable |
operatingSystem -
String
|
The Operating System. Stability Level: 3 - Stable |
servicePack -
String
|
The service pack. Stability Level: 3 - Stable |
manufacturer -
String
|
The manufacturer. Stability Level: 3 - Stable |
ipAddress -
String
|
The IP address. Stability Level: 3 - Stable |
userName -
String
|
The user name. Stability Level: 3 - Stable |
createdAt -
Time
|
When asset record was created. Stability Level: 3 - Stable |
updatedAt -
Time
|
When asset record was last updated. Stability Level: 3 - Stable |
Example
{
"id": 987,
"eid": 987,
"computerName": "xyz789",
"computerId": "xyz789",
"serialNumber": "xyz789",
"osPlatform": "xyz789",
"operatingSystem": "abc123",
"servicePack": "xyz789",
"manufacturer": "abc123",
"ipAddress": "abc123",
"userName": "abc123",
"createdAt": "10:15:30Z",
"updatedAt": "10:15:30Z"
}
AssetProductEndpointConnection
Description
A page of product endpoint edges.
Fields
| Field Name | Description |
|---|---|
edges -
[AssetProductEndpointEdge]!
|
The list of Asset product edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about this Asset product page. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total count of returned records. Stability Level: 3 - Stable |
Example
{
"edges": [AssetProductEndpointEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
AssetProductEndpointEdge
Description
A product endpoint within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
AssetProductEndpoint!
|
The Asset product. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": AssetProductEndpoint
}
AssetProductEndpointsFilter
Description
Describes an asset product endpoint value filter. Records with field values matching the filter are included in the query results. Asset product endpoint filters may be single or compound. Any filter that is not valid causes the query to return an error.
For a single filter definition with one set of fields, if an endpoint record matches any filter condition, it satisfies the filter.
For a compound filter with multiple filter sets, an endpoint record must match every filter set to satisfy the filter, but can match any single filter condition within a filter set.
Fields
| Input Field | Description |
|---|---|
vendor -
String
|
The product vendor name must match. |
name -
String
|
The product name must match. |
version -
String
|
The product version must match. |
usage -
AssetProductUsageEnum
|
The product usage must match. |
Example
{
"vendor": "xyz789",
"name": "xyz789",
"version": "abc123",
"usage": "NotInstalled"
}
AssetProductInstallation
Description
Product installation metrics.
Fields
| Field Name | Description |
|---|---|
installedCount -
Int
|
The total number of product installations. Stability Level: 3 - Stable |
usedCount -
Int
|
The number of product installations on which usage was detected in the reporting period by the Tanium Client. Stability Level: 3 - Stable |
unusedCount -
Int
|
The number of product installations on which usage was not detected in the reporting period by the Tanium Client. Stability Level: 3 - Stable |
pendingUsage -
Int
|
The number of product installations on which the product is installed but the Tanium Client has not yet reported any usage. Stability Level: 3 - Stable |
Example
{
"installedCount": 987,
"usedCount": 987,
"unusedCount": 987,
"pendingUsage": 987
}
AssetProductState
Description
The product tracking state.
Values
| Enum Value | Description |
|---|---|
|
|
Asset is actively tracking the product. Stability Level: 3 - Stable |
|
|
Asset is not actively tracking the product. Stability Level: 3 - Stable |
|
|
Asset is ignoring the product tracking. Stability Level: 3 - Stable |
Example
"Tracked"
AssetProductTracking
Description
Product tracking metrics.
Fields
| Field Name | Description |
|---|---|
state -
AssetProductState
|
The current product tracking state. Stability Level: 3 - Stable |
reportingPeriodDays -
Int
|
The number of days that the Tanium Client reports for product usage. Stability Level: 3 - Stable |
normalMinutesUsedPerDay -
Int
|
Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes. Stability Level: 3 - Stable |
highMinutesUsedPerDay -
Int
|
Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes. Stability Level: 3 - Stable |
baselinePeriodDays -
Int
|
The minimum number of days before a newly installed product starts reporting usage in Asset. Stability Level: 3 - Stable |
Example
{
"state": "Tracked",
"reportingPeriodDays": 987,
"normalMinutesUsedPerDay": 123,
"highMinutesUsedPerDay": 987,
"baselinePeriodDays": 123
}
AssetProductTrackingInput
Description
Product tracking metrics input.
Fields
| Input Field | Description |
|---|---|
state -
AssetProductState!
|
The current product tracking state. |
reportingPeriodDays -
Int!
|
The number of days that the Tanium Client reports for product usage. |
normalMinutesUsedPerDay -
Int!
|
Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes. |
highMinutesUsedPerDay -
Int!
|
Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes. |
baselinePeriodDays -
Int!
|
The minimum number of days before a newly installed product starts reporting usage in Asset. |
Example
{
"state": "Tracked",
"reportingPeriodDays": 987,
"normalMinutesUsedPerDay": 123,
"highMinutesUsedPerDay": 123,
"baselinePeriodDays": 123
}
AssetProductUsage
Description
Product usage metrics.
Fields
| Field Name | Description |
|---|---|
usageNotDetected -
Int!
|
Number of assets where product usage was not detected. Stability Level: 3 - Stable |
notInstalled -
Int!
|
Number of assets where the product was not installed. Stability Level: 3 - Stable |
baselining -
Int!
|
Number of assets where the product is newly installed and not yet reporting usage. Stability Level: 3 - Stable |
limited -
Int!
|
Number of assets where product usage level is limited. Stability Level: 3 - Stable |
normal -
Int!
|
Number of assets where product usage level is normal. Stability Level: 3 - Stable |
high -
Int!
|
Number of assets where product usage level is high. Stability Level: 3 - Stable |
Example
{
"usageNotDetected": 987,
"notInstalled": 987,
"baselining": 987,
"limited": 123,
"normal": 987,
"high": 987
}
AssetProductUsageEnum
Description
The product usage values.
Values
| Enum Value | Description |
|---|---|
|
|
Product not installed. Stability Level: 3 - Stable |
|
|
Product usage not detected. Stability Level: 3 - Stable |
|
|
Product is newly installed and not yet reporting usage. Stability Level: 3 - Stable |
|
|
Product usage level is limited. Stability Level: 3 - Stable |
|
|
Product usage level is normal. Stability Level: 3 - Stable |
|
|
Product usage level is high. Stability Level: 3 - Stable |
Example
"NotInstalled"
AssetProductVersion
AssetProductsFilter
Description
Describes a filter for Asset product field values. Records with field values matching the filter are included in the query results. Software installed on an endpoint must match every included filter condition to satisfy the filter.
Fields
| Input Field | Description |
|---|---|
vendors -
[String!]
|
The product vendor name must match one of the specified values. |
search -
String
|
The product vendor name or product name must contain the specified value. |
states -
[AssetProductState!]
|
The product tracking state must match one of the specified values (Tracked, Cataloged, or Ignored). |
Example
{
"vendors": ["abc123"],
"search": "abc123",
"states": ["Tracked"]
}
AssetProductsInput
Description
Input for mutating product tracking gathering metrics.
Fields
| Input Field | Description |
|---|---|
vendor -
String!
|
The product vendor name. |
name -
String!
|
The product name. |
tracking -
AssetProductTrackingInput!
|
Product tracking details. |
Example
{
"vendor": "xyz789",
"name": "xyz789",
"tracking": AssetProductTrackingInput
}
AssetProductsPayload
Fields
| Field Name | Description |
|---|---|
products -
[AssetProductsResult!]
|
Assets Products Stability Level: 3 - Stable |
Example
{"products": [AssetProductsResult]}
AssetProductsResult
Description
The Asset product mutation result.
Fields
| Field Name | Description |
|---|---|
vendor -
String
|
The product vendor name. Stability Level: 3 - Stable |
name -
String
|
The product name. Stability Level: 3 - Stable |
tracking -
AssetProductTracking
|
Product tracking details. Stability Level: 3 - Stable |
failureReason -
String
|
Reason for failure. Stability Level: 3 - Stable |
Example
{
"vendor": "xyz789",
"name": "abc123",
"tracking": AssetProductTracking,
"failureReason": "xyz789"
}
AssetsImportInput
AssetsImportPayload
Description
Results for an asset import.
Fields
| Field Name | Description |
|---|---|
assets -
[AssetImportPayload!]
|
Assets to create or update. Stability Level: 3 - Stable |
Example
{"assets": [AssetImportPayload]}
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
CIEntity
Description
An item managed in the CMDB.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID for an entity in the CMDB. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the entity. Stability Level: 3 - Stable |
category -
EntityCategory!
|
The category of the entity. Stability Level: 3 - Stable |
comments -
String
|
The comments about the entity. Stability Level: 3 - Stable |
created -
Time!
|
The date and time at which the entity was stored in the CMDB. Stability Level: 3 - Stable |
updated -
Time!
|
The date and time at which the entity was last updated in the CMDB. Stability Level: 3 - Stable |
private -
Boolean!
|
Indicates that the entity is not viewable by service agents. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity. Stability Level: 3 - Stable |
Possible Types
| CIEntity Types |
|---|
Example
{
"id": "4",
"name": "abc123",
"category": "ManagedEndpoint",
"comments": "abc123",
"created": "10:15:30Z",
"updated": "10:15:30Z",
"private": false,
"details": Map
}
CloseDirectConnectionInput
Description
A request to close a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to close. |
Example
{"connectionID": "4"}
CloseDirectConnectionPayload
Description
A response to a request to close a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the connection is closed. Stability Level: 3 - Stable |
Example
{"result": false}
ComputerGroup
Description
Defines a set of endpoints that is managed as a group.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the computer group. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the computer group. Stability Level: 3 - Stable |
managementRightsEnabled -
Boolean!
|
Indicates that this is a computer management group. Stability Level: 3 - Stable |
filterEnabled -
Boolean!
|
Indicates that this is a computer filter group. Stability Level: 3 - Stable |
contentSet -
NamedRef
|
The content set to which the filter group is available. Stability Level: 3 - Stable |
type -
ComputerGroupType!
|
The type of the computer group. Stability Level: 3 - Stable |
expression -
String!
|
A sensor filter expression used to define membership in the computer group, such as Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"managementRightsEnabled": true,
"filterEnabled": true,
"contentSet": NamedRef,
"type": "STANDARD",
"expression": "xyz789"
}
ComputerGroupConnection
Description
A page of computer group edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ComputerGroupEdge!]!
|
The list of computer group edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the computer group collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of computer group records available. Stability Level: 3 - Stable |
Example
{
"edges": [ComputerGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ComputerGroupCreateInput
Description
A request to create a standard computer group.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the computer group. |
managementRightsEnabled -
Boolean!
|
Indicates that this is a computer management group. |
contentSetRef -
NamedRefInput
|
The content set to which this computer group belongs. This defines the computer group as a filter group. |
filter -
ComputerGroupFilter!
|
The filter condition that must be met for a computer to be part of this group. |
Example
{
"name": "abc123",
"managementRightsEnabled": false,
"contentSetRef": NamedRefInput,
"filter": ComputerGroupFilter
}
ComputerGroupCreatePayload
Description
A response to a request to create a standard computer group.
Fields
| Field Name | Description |
|---|---|
group -
ComputerGroup
|
The standard computer group created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"group": ComputerGroup,
"error": SystemError
}
ComputerGroupDeletePayload
Description
A response to a request to delete a computer group.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The unique identifier of the deleted computer group. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"id": 4, "error": SystemError}
ComputerGroupEdge
Description
A computer group within a page.
Fields
| Field Name | Description |
|---|---|
node -
ComputerGroup!
|
The computer group. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ComputerGroup,
"cursor": Cursor
}
ComputerGroupFilter
Description
An object containing the conditions for membership in a standard computer group.
Fields
| Input Field | Description |
|---|---|
memberOf -
EndpointFieldFilterComputerGroup
|
The computer group to which the endpoint must belong in order to pass the filter. |
sensor -
EndpointFieldFilterSensor
|
The sensor whose reading is used as the basis for the filter. |
op -
FieldFilterOp!
|
The operator by which to compare the specified value to the field value. Note that not all operators are valid for all fields or data sources. If the operator is not valid, the query returns an error. This defaults to the |
negated -
Boolean!
|
Indicates that the filter is negated. Records with field values matching the filter are excluded from the query results. This defaults to |
value -
String
|
The constant value to compare with the field value, expressed as a string. If this value cannot be interpreted as a valid value for the field type, the query returns an error. |
filters -
[ComputerGroupFilter!]
|
Describes the set of filters which comprise this compound filter. |
any -
Boolean!
|
Indicates that if any of the filters comprising this compound filter passes, the compound filter passes. This defaults to |
Example
{
"memberOf": EndpointFieldFilterComputerGroup,
"sensor": EndpointFieldFilterSensor,
"op": "EQ",
"negated": false,
"value": "xyz789",
"filters": [ComputerGroupFilter],
"any": false
}
ComputerGroupType
Description
The computer group type values.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"STANDARD"
ComputerGroupsFilter
Description
Describes a filter for computer groups.
Fields
| Input Field | Description |
|---|---|
type -
ComputerGroupType
|
The type of the computer group. |
managementRightsEnabled -
Boolean
|
Indicates that this is a computer management group. |
filterEnabled -
Boolean
|
Indicates that this is a computer filter group. |
Example
{"type": "STANDARD", "managementRightsEnabled": false, "filterEnabled": true}
ConfigurationItem
Description
The CMDB reference IDs for an asset.
Fields
| Field Name | Description |
|---|---|
entityID -
ID!
|
The unique ID of an asset entity record in the CMDB. Stability Level: 3 - Stable |
entityClassIDs -
[ID!]!
|
The unique IDs of the class records of an asset in the CMDB. Stability Level: 3 - Stable |
namespace -
String!
|
The namespace of an asset entity record in the CMDB. Examples: tds, discover Stability Level: 3 - Stable |
Example
{
"entityID": 4,
"entityClassIDs": [4],
"namespace": "xyz789"
}
ConfigurationItemEntityConnection
Description
A page of configuration item entity edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConfigurationItemEntityEdge]!
|
The list of configuration item entity edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the configuration item entity collection. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total number of configuration item entities in the list. Stability Level: 3 - Stable |
Example
{
"edges": [ConfigurationItemEntityEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
ConfigurationItemEntityEdge
ConfigurationItemProperties
Description
Properties of the configuration item CMDB.
Fields
| Field Name | Description |
|---|---|
customerItemsLimit -
Int
|
The total limit for entities provided by the customer. For on-premises deployments, select Administration > Configuration > Platform Settings to configure this. For TaaS deployments, contact Tanium support to configure this. Stability Level: 3 - Stable |
userSpecifiedAssetsMaxAge -
Int
|
The maximum age in seconds of user-specified Unmanaged Assets. Stability Level: 3 - Stable |
Example
{"customerItemsLimit": 987, "userSpecifiedAssetsMaxAge": 987}
ConfigurationItemRelationshipConnection
Description
A page of configuration item relationship edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConfigurationItemRelationshipEdge]!
|
The list of configuration item relationship edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the configuration item relationship collection. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total number of configuration item relationships in the list. Stability Level: 3 - Stable |
Example
{
"edges": [ConfigurationItemRelationshipEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
ConfigurationItemRelationshipEdge
Description
A configuration item relationship within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
Relationship!
|
The configuration item relationship. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": Relationship
}
ConnectedState
Description
The set of connected states of wireless adapters.
Values
| Enum Value | Description |
|---|---|
|
|
The wireless adapter is connected. Stability Level: 3 - Stable |
|
|
The wireless adapter is disconnected. Stability Level: 3 - Stable |
|
|
The wireless adapter connected state is unknown. Stability Level: 3 - Stable |
Example
"CONNECTED"
Connection
Cursor
Description
A relay pagination cursor, which is an opaque string that specifies a record within a connection.
Example
Cursor
Date
Description
A string date in RFC 3339 long-date format.
Example
"2007-12-03"
DateTimeComponent
Example
DateTimeComponent
DefaultRangeEnd
Fields
| Field Name | Description |
|---|---|
model -
ParameterDefinitionType!
|
|
parameterType -
ParameterDefinitionType!
|
|
type -
DateTimeComponent
|
|
interval -
Int
|
|
intervalCount -
Int
|
|
unixTimeStamp -
Int
|
Example
{
"model": ParameterDefinitionType,
"parameterType": ParameterDefinitionType,
"type": DateTimeComponent,
"interval": 123,
"intervalCount": 123,
"unixTimeStamp": 987
}
DeleteConfigurationItemElementInput
Description
A request to delete a configuration item element.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
The ID of the configuration item element to delete. |
Example
{"id": "4"}
DeleteConfigurationItemElementResult
Description
A response to a request to delete a configuration item element.
Fields
| Field Name | Description |
|---|---|
error -
String
|
If the delete operation failed, the error message logged. Stability Level: 3 - Stable |
Example
{"error": "abc123"}
DeleteRelationshipInput
Description
A request to delete relationships between configuration item entities.
Fields
| Input Field | Description |
|---|---|
ids -
[ID!]!
|
The set of relationship IDs to delete. |
Example
{"ids": ["4"]}
DirectConnect
Description
Data from an endpoint, obtained using a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
performance -
DirectConnectPerf
|
Performance data from the endpoint. Stability Level: 3 - Stable |
processes -
DirectConnectProcesses
|
Processes running on the endpoint. Stability Level: 3 - Stable |
alerts -
DirectConnectAlerts
|
Performance alerts from the endpoint. Stability Level: 3 - Stable |
Example
{
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
DirectConnectAlertScope
Description
Defines a window of time for filtering performance alerts.
Example
{
"startTime": "10:15:30Z",
"endTime": "10:15:30Z"
}
DirectConnectAlerts
Description
Performance alerts from an endpoint.
Fields
| Field Name | Description |
|---|---|
all -
[EndpointAlert!]
|
All performance alerts for the endpoint. Stability Level: 3 - Stable |
Arguments
|
|
Example
{"all": [EndpointAlert]}
DirectConnectCloseInput
Description
A request to close a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to close. |
Example
{"connectionID": "4"}
DirectConnectClosePayload
Description
A response to a request to close a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the connection was closed. Stability Level: 3 - Stable |
Example
{"result": true}
DirectConnectConnectionStatus
Description
The set of statuses for a Direct Connect connection.
Values
| Enum Value | Description |
|---|---|
|
|
The connection state is unknown. Stability Level: 3 - Stable |
|
|
The connection is open and ready for use. Stability Level: 3 - Stable |
|
|
The connection is being established. Stability Level: 3 - Stable |
|
|
This connection has encountered an error. Stability Level: 3 - Stable |
|
|
This connection was not found. The connection may have expired and been closed after 5 minutes of inactivity. Stability Level: 3 - Stable |
Example
"UNKNOWN"
DirectConnectConnectionStatusInput
Description
A request to get the status for a Direct Connect connection.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to check. |
Example
{"connectionID": "4"}
DirectConnectConnectionStatusPayload
Description
A response to a request to get the status for a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
status -
DirectConnectConnectionStatus!
|
The current status of the connection. Stability Level: 3 - Stable |
Example
{"status": "UNKNOWN"}
DirectConnectEndpointInput
Description
A request to get data from an endpoint using an open Direct Connect connection.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to use. |
Example
{"connectionID": "4"}
DirectConnectOpenInput
Description
A request to initiate a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
endpointID -
ID!
|
The ID of the endpoint. |
Example
{"endpointID": "4"}
DirectConnectOpenPayload
Description
A response to a request to initiate a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
connectionID -
ID!
|
A connection ID, used for Direct Connect requests. Stability Level: 3 - Stable |
status -
DirectConnectConnectionStatus!
|
The status of the connection. Stability Level: 3 - Stable |
Example
{"connectionID": "4", "status": "UNKNOWN"}
DirectConnectPerf
Description
Performance data from an endpoint.
Fields
| Field Name | Description |
|---|---|
cpuUsagePercent -
Float!
|
The current CPU usage as a percent from 0 to 100. Stability Level: 3 - Stable |
memoryUsedPercent -
Float!
|
The current memory usage as a percent from 0 to 100. Stability Level: 3 - Stable |
_dev_query -
[EndpointMetric!]
|
Raw PromQL queries. Stability Level: 1.2 - Experimental (Release Candidate) |
Arguments
|
|
Example
{
"cpuUsagePercent": 123.45,
"memoryUsedPercent": 987.65,
"_dev_query": [EndpointMetric]
}
DirectConnectPingInput
Description
A request to ping an endpoint over a Direct Connect connection (for example, to test connectivity).
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to ping. |
Example
{"connectionID": 4}
DirectConnectPingPayload
Description
A response to a request to ping an endpoint over a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the ping is acknowledged. Stability Level: 3 - Stable |
Example
{"result": true}
DirectConnectProcessTerminateInput
Description
A request to terminate a process running on an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the Direct Connect connection to the endpoint on which the process is running. |
pid -
Int!
|
The ID of the process to terminate. |
name -
String!
|
The name of the process to terminate. |
signal -
Signal!
|
The signal to use when terminating the process. |
Example
{
"connectionID": 4,
"pid": 123,
"name": "abc123",
"signal": "SIGINT"
}
DirectConnectProcessTerminatePayload
Description
A response to a request to terminate a process.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the process is terminated. Stability Level: 3 - Stable |
Example
{"result": false}
DirectConnectProcesses
Description
Processes running on an endpoint.
Fields
| Field Name | Description |
|---|---|
all -
[Process!]
|
All processes running on the endpoint. Stability Level: 3 - Stable |
Example
{"all": [Process]}
DiscoverCloudInstance
Description
A Discover cloud instance.
Fields
| Field Name | Description |
|---|---|
id -
String
|
The identifier of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
imageId -
String
|
The identifier of the cloud instance image. Stability Level: 1.1 - Experimental (Active Development) |
type -
String
|
The type of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
state -
String
|
The state of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
launchTime -
Time
|
The time that the cloud instance was launched. Stability Level: 1.1 - Experimental (Active Development) |
zone -
String
|
The data center where the cloud instance is hosted. Stability Level: 1.1 - Experimental (Active Development) |
provider -
String
|
The provider of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
networkId -
String
|
The network identifier of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
account -
String
|
The account associated with the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"id": "abc123",
"imageId": "abc123",
"type": "xyz789",
"state": "abc123",
"launchTime": "10:15:30Z",
"zone": "abc123",
"provider": "abc123",
"networkId": "abc123",
"account": "abc123"
}
DiscoverCloudTag
Description
A Discover cloud tag associated with an interface and assigned to an instance.
Example
{
"name": "abc123",
"value": "abc123"
}
DiscoverInterface
Description
An interface found in a Discover network scan.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the interface. Stability Level: 1.1 - Experimental (Active Development) |
macAddress -
String
|
The MAC address of the interface. Stability Level: 1.1 - Experimental (Active Development) |
manufacturer -
String
|
The manufacturer of the interface. Stability Level: 1.1 - Experimental (Active Development) |
hostnames -
[String!]
|
The hostnames associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
ipAddresses -
[String!]
|
The IP addresses associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
labels -
[DiscoverLabel!]!
|
The labels associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
osPlatform -
String
|
The platform of the operating system associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
openPorts -
[Int!]
|
The interface open ports. If this value is null, the network scan did not identify open ports for this interface. Stability Level: 1.1 - Experimental (Active Development) |
discoveryMethods -
[DiscoveryMethod!]!
|
The discovery methods by which this interface has been scanned. Stability Level: 1.1 - Experimental (Active Development) |
lastSeenTime -
Time!
|
The time the interface was last found with any discovery method. This value is not used to flag an interface as Lost. Stability Level: 1.1 - Experimental (Active Development) |
computerId -
String
|
The Tanium Client computer ID of the managed interface. If this value is null and Stability Level: 1.1 - Experimental (Active Development) |
natIPAddresses -
[String!]
|
The network address translation (NAT) IP addresses associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
osGeneration -
String
|
The generation of the operating system associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
profiles -
[DiscoverProfile!]!
|
The profiles that have scanned this interface. Stability Level: 1.1 - Experimental (Active Development) |
cloudInstances -
[DiscoverCloudInstance!]!
|
The cloud instances where this interface is hosted. Stability Level: 1.1 - Experimental (Active Development) |
cloudTags -
[DiscoverCloudTag!]!
|
The cloud tags associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
firstSeenTime -
Time!
|
The time the interface was first seen. Stability Level: 1.1 - Experimental (Active Development) |
firstManagedTime -
Time
|
The time the interface was first managed. If this value is Stability Level: 1.1 - Experimental (Active Development) |
lastManagedTime -
Time
|
The last time the interface was returned as a managed interface. Stability Level: 1.1 - Experimental (Active Development) |
lastDiscoveredTime -
Time
|
The time the interface was last discovered. By default, if an interface has not been identified as managed for at least 24 hours, has been identified as unmanaged in the past 4 hours by an active discovery method, and has a Stability Level: 1.1 - Experimental (Active Development) |
isManaged -
Boolean!
|
Whether this interface is managed by Tanium and has the Tanium Client installed. Stability Level: 1.1 - Experimental (Active Development) |
isUnmanageable -
Boolean!
|
Whether this interface has been marked as unmanageable. Stability Level: 1.1 - Experimental (Active Development) |
isIgnored -
Boolean!
|
Whether this interface has been marked as ignored by a user or automatic label. Stability Level: 1.1 - Experimental (Active Development) |
satellites -
[DiscoverSatellite!]!
|
The satellites that returned data about this interface in scans. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"id": "4",
"macAddress": "abc123",
"manufacturer": "xyz789",
"hostnames": ["abc123"],
"ipAddresses": ["xyz789"],
"labels": [DiscoverLabel],
"osPlatform": "xyz789",
"openPorts": [123],
"discoveryMethods": ["ARP"],
"lastSeenTime": "10:15:30Z",
"computerId": "abc123",
"natIPAddresses": ["xyz789"],
"osGeneration": "abc123",
"profiles": [DiscoverProfile],
"cloudInstances": [DiscoverCloudInstance],
"cloudTags": [DiscoverCloudTag],
"firstSeenTime": "10:15:30Z",
"firstManagedTime": "10:15:30Z",
"lastManagedTime": "10:15:30Z",
"lastDiscoveredTime": "10:15:30Z",
"isManaged": true,
"isUnmanageable": false,
"isIgnored": false,
"satellites": [DiscoverSatellite]
}
DiscoverInterfaceAddLabelInput
Description
A request to add one or more standard labels to specific Discover interfaces.
Fields
| Input Field | Description |
|---|---|
names -
[String!]!
|
The unique names of the standard labels to add. |
ids -
[ID!]!
|
The unique identifiers of the interfaces to add the labels to. |
cursor -
Cursor
|
The cursor value from a previous 'discoverInterfaceAddLabel' request. Add a cursor value if a prior |
Example
{
"names": ["abc123"],
"ids": ["4"],
"cursor": Cursor
}
DiscoverInterfaceAddLabelPayload
Description
A response to a request to add one or more standard labels to specific Discover interfaces.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor
|
Indicates the request is not complete and provides an identifier for subsequent calls to determine the request's terminal state. Stability Level: 1.1 - Experimental (Active Development) |
success -
Boolean
|
Indicates the request completed successfully or failed. Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"cursor": Cursor,
"success": false,
"error": SystemError
}
DiscoverInterfaceConnection
Description
A page of Discover interface edges.
Fields
| Field Name | Description |
|---|---|
edges -
[DiscoverInterfaceEdge!]!
|
The list of Discover interface edges. Stability Level: 1.1 - Experimental (Active Development) |
pageInfo -
PageInfo!
|
Information about the Discover interface collection. Stability Level: 1.1 - Experimental (Active Development) |
totalRecords -
Int!
|
The total number of Discover interface records available. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"edges": [DiscoverInterfaceEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
DiscoverInterfaceEdge
Description
A Discover interface within a page.
Fields
| Field Name | Description |
|---|---|
node -
DiscoverInterface!
|
The Discover interface. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"node": DiscoverInterface,
"cursor": Cursor
}
DiscoverInterfaceRemoveLabelInput
Description
A request to remove one or more standard labels from specific Discover interfaces.
Fields
| Input Field | Description |
|---|---|
names -
[String!]!
|
The unique names of the standard labels to add. |
ids -
[ID!]!
|
The unique identifiers of the interfaces to remove the labels from. |
cursor -
Cursor
|
The cursor value from a previous Add a cursor value if a prior |
Example
{
"names": ["abc123"],
"ids": ["4"],
"cursor": Cursor
}
DiscoverLabel
Description
A Discover label, used to tag interfaces found during Discover network scans.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The unique name for the label. Stability Level: 1.1 - Experimental (Active Development) |
type -
DiscoverLabelType!
|
The type of the label. Stability Level: 1.1 - Experimental (Active Development) |
createdTime -
Time!
|
The time at which the label was created. Stability Level: 1.1 - Experimental (Active Development) |
modifiedTime -
Time!
|
The time at which the label was most recently modified. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"name": "abc123",
"type": "STANDARD",
"createdTime": "10:15:30Z",
"modifiedTime": "10:15:30Z"
}
DiscoverLabelConnection
Description
A page of Discover label edges.
Fields
| Field Name | Description |
|---|---|
edges -
[DiscoverLabelEdge!]!
|
The list of Discover label edges. Stability Level: 1.1 - Experimental (Active Development) |
pageInfo -
PageInfo!
|
Information about the Discover label collection. Stability Level: 1.1 - Experimental (Active Development) |
totalRecords -
Int!
|
The total number of Discover label records available. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"edges": [DiscoverLabelEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
DiscoverLabelCreateInput
Description
A request to create a standard Discover label.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the label. Note that labels are required to have unique names. |
Example
{"name": "xyz789"}
DiscoverLabelCreatePayload
Description
A response to a request to create a Discover label.
Fields
| Field Name | Description |
|---|---|
label -
DiscoverLabel
|
The newly created label. If the request fails, this is Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"label": DiscoverLabel,
"error": SystemError
}
DiscoverLabelDeletePayload
Description
A response to a request to delete a Discover label.
Fields
| Field Name | Description |
|---|---|
name -
String
|
The name of the deleted label. If the request fails, this is Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"name": "xyz789",
"error": SystemError
}
DiscoverLabelEdge
Description
A Discover label within a page.
Fields
| Field Name | Description |
|---|---|
node -
DiscoverLabel!
|
The Discover label. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"node": DiscoverLabel,
"cursor": Cursor
}
DiscoverLabelType
Description
The Discover label type.
Values
| Enum Value | Description |
|---|---|
|
|
The label can be manually associated with interfaces. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The label is automatically associated with interfaces based on conditions. Note that the addition or removal of automatic labels through the API Gateway is not supported at this time. Stability Level: 1.1 - Experimental (Active Development) |
Example
"STANDARD"
DiscoverProfile
Description
A Discover profile definition used to scan networks.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the profile. Stability Level: 1.1 - Experimental (Active Development) |
Example
{"name": "abc123"}
DiscoverSatellite
Description
An endpoint configured as a satellite to scan remote subnets.
Example
{
"id": "xyz789",
"name": "xyz789"
}
DiscoveryMethod
Description
The method by which an interface was discovered.
Values
| Enum Value | Description |
|---|---|
|
|
The interface was discovered by using the Address Resolution Protocol (ARP) cache. This method is part of a distributed level 1 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using interface connections discovery. This method is part of a distributed level 1 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using targeted pings. This method is part of a distributed level 2 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using Nmap to perform host discovery. This method is part of a distributed level 3 or 4 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using the Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was found in an Amazon EC2 centralized scan from the Tanium Module server. Centralized scans are not available in Tanium Cloud deployments. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using an Nmap scan from the Tanium Module Server to an unmanaged environment. This is a centralized scan method, and equivalent to a distributed level 4 scan. Centralized scans are not available in Tanium Cloud deployments. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using an Nmap scan run from an endpoint configured as a satellite. This is a satellite scan method, and equivalent to a distributed level 4 scan. Stability Level: 1.1 - Experimental (Active Development) |
Example
"ARP"
Edge
Description
A record within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this record. Stability Level: 3 - Stable |
Possible Types
| Edge Types |
|---|
Example
{"cursor": Cursor}
EdgeDirection
Description
The set of directions of relationships between configuration item entities.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"AtoB"
Element
Description
An asset managed in the CMDB.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID for an element in the CMDB. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the element. Stability Level: 3 - Stable |
namespace -
String!
|
The namespace for an element in the CMDB. Examples: tds, discover Stability Level: 3 - Stable |
eid -
ID
|
The endpoint ID of the element in the CMDB. Stability Level: 3 - Stable |
category -
EntityCategory!
|
The category of the element. Stability Level: 3 - Stable |
comments -
String
|
The comments about the element. Stability Level: 3 - Stable |
created -
Time!
|
The date and time at which the element was stored in the CMDB. Stability Level: 3 - Stable |
updated -
Time!
|
The date and time at which the element was last updated in the CMDB. Stability Level: 3 - Stable |
private -
Boolean!
|
Indicates that the element is not viewable by service agents. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity class. The schema version can be specified as an argument. If it is not specified, the schema version defaults to the latest schema available. The schema version of the response is returned as the Stability Level: 3 - Stable |
Arguments
|
|
entityClassIDs -
[ID!]!
|
The IDs of the classes of the element classes in the CMDB. Stability Level: 3 - Stable |
classes -
EntityPagination
|
The paginated list of the classes of the element classes in the CMDB. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"namespace": "abc123",
"eid": "4",
"category": "ManagedEndpoint",
"comments": "abc123",
"created": "10:15:30Z",
"updated": "10:15:30Z",
"private": false,
"details": Map,
"entityClassIDs": [4],
"classes": EntityPagination
}
Endpoint
Description
An endpoint managed by the Tanium Client.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID. This is reasonably guaranteed to be stable. Sensor: Endpoint ID, Column: ID Use of this field requires the Interact solution. Stability Level: 3 - Stable |
eidFirstSeen -
Time
|
The datetime an endpoint was first seen. Sensor: EID First Seen Stability Level: 3 - Stable |
eidLastSeen -
Time
|
The datetime an endpoint was last seen. Sensor: EID Last Seen Stability Level: 3 - Stable |
namespace -
String!
|
The endpoint namespace. The standard Tanium endpoint namespace is an empty string. Sensor: Endpoint ID, Column: Namespace Use of this field requires the Interact solution. Stability Level: 3 - Stable |
computerID -
String!
|
The Tanium Client computer ID. This is temporally unique but not stable. Example: 4202979704 Sensor: Computer ID Stability Level: 3 - Stable |
systemUUID -
String!
|
The UUID of the endpoint hardware. Note that this has no real guarantee of uniqueness across platforms and a strong possibility of duplicates within platforms (for virtual endpoints in particular). Sensor: System UUID Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the endpoint. Example: workstation-1.example.com Sensor: Computer Name Stability Level: 3 - Stable |
domainName -
String!
|
The domain name of the endpoint. Example: intra.example.com Sensor: Domain Name Stability Level: 3 - Stable |
serialNumber -
String!
|
The serial number provided by the manufacturer. Sensor: Computer Serial Number Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
manufacturer -
String!
|
The manufacturer of the endpoint. Example: Dell Sensor: Manufacturer Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
model -
String!
|
The model of the endpoint. Example: OptiPlex 7050 Sensor: Model Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
configurationItem -
ConfigurationItem
|
The CMDB reference IDs for the endpoint. Use of this field requires the Atlas solution. Stability Level: 3 - Stable |
ipAddress -
String!
|
The IP addresses of the endpoint. Example: 192.168.1.1 Sensor: Tanium Client IP Address Stability Level: 3 - Stable |
ipAddresses -
[String!]
|
The current IP addresses of this endpoint. Examples: 192.168.1.1, 192.168.1.2 Sensor: IP Address Stability Level: 3 - Stable |
macAddresses -
[String!]
|
The MAC addresses for all IP enabled network connections. Examples: 00:0C:29:68:6A:D8, 11:22:33:44:55:66 Sensor: MAC Address Stability Level: 3 - Stable |
primaryUser -
EndpointUser!
|
The primary user of the endpoint. Stability Level: 3 - Stable |
lastLoggedInUser -
String!
|
The name of the user that last signed in to the endpoint. Sensor: Last Logged In User Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
isVirtual -
Boolean
|
Indicates that the endpoint is virtual. Sensor: Is Virtual Stability Level: 3 - Stable |
isEncrypted -
Boolean
|
Indicates that the endpoint storage is encrypted, such as with BitLocker on Windows or FileVault on Mac OS. Sensor: Storage Encryption Status, Column: Encryption Status Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
chassisType -
String!
|
The machine or chassis type of the endpoint. Examples: MacBookPro16,1, Server, Virtual Sensor: Chassis Type Stability Level: 3 - Stable |
os -
EndpointOS!
|
The operating system details of the endpoint. Stability Level: 3 - Stable |
disks -
[EndpointDisk!]
|
The disk space details per drive on the endpoint. Stability Level: 3 - Stable |
memory -
Memory!
|
The memory details of the endpoint. Stability Level: 3 - Stable |
processor -
Processor!
|
The processor details of the endpoint. Stability Level: 3 - Stable |
networking -
Networking!
|
The networking details of the endpoint. Stability Level: 3 - Stable |
eventCounts -
EndpointEventCounts!
|
The number of performance events on the endpoint. Use of this field requires the Performance solution. Stability Level: 3 - Stable |
services -
[EndpointService!]!
|
The details of services on the endpoint. These are only available for Windows platforms. Stability Level: 3 - Stable |
installedApplications -
[EndpointInstalledApplication!]!
|
The software applications installed on the endpoint, regardless of provenance. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Sensor: Installed Applications Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Arguments
|
|
deployedSoftwarePackages -
[EndpointDeploySoftwarePackage!]!
|
The Deploy software packages that are deployed or deployable on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Sensor: Deploy - Software Packages Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
Arguments
|
|
sensorReadings -
EndpointSensorReadings!
|
Returns readings from the list of named sensors, including parameterized sensors. If the sensors are not available from the data source, the query returns an error. Hidden columns are not included unless they are specified in the list of sensor columns, or the This field allows a filter argument for each requested sensor. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the Stability Level: 3 - Stable |
Arguments
|
|
compliance -
EndpointCompliance
|
The state of the endpoint's compliance with security policies. Use of this field requires the Comply solution. Stability Level: 3 - Stable |
discover -
EndpointDiscover
|
The Discover details. Stability Level: 3 - Stable |
risk -
EndpointRisk
|
The Risk details of the endpoint. Sensor: Risk Vectors, Column: Risk Score Missing Use of this field requires the Risk solution. Stability Level: 3 - Stable |
sentinel -
EndpointSentinel!
|
The Microsoft Sentinel details of the endpoint. Use of this field requires the Core Content, Core Content - SCCM solutions. Stability Level: 3 - Stable |
Example
{
"id": 4,
"eidFirstSeen": "10:15:30Z",
"eidLastSeen": "10:15:30Z",
"namespace": "xyz789",
"computerID": "abc123",
"systemUUID": "xyz789",
"name": "abc123",
"domainName": "abc123",
"serialNumber": "abc123",
"manufacturer": "xyz789",
"model": "xyz789",
"configurationItem": ConfigurationItem,
"ipAddress": "abc123",
"ipAddresses": ["xyz789"],
"macAddresses": ["xyz789"],
"primaryUser": EndpointUser,
"lastLoggedInUser": "xyz789",
"isVirtual": true,
"isEncrypted": false,
"chassisType": "abc123",
"os": EndpointOS,
"disks": [EndpointDisk],
"memory": Memory,
"processor": Processor,
"networking": Networking,
"eventCounts": EndpointEventCounts,
"services": [EndpointService],
"installedApplications": [EndpointInstalledApplication],
"deployedSoftwarePackages": [
EndpointDeploySoftwarePackage
],
"sensorReadings": EndpointSensorReadings,
"compliance": EndpointCompliance,
"discover": EndpointDiscover,
"risk": EndpointRisk,
"sentinel": EndpointSentinel
}
EndpointAlert
Description
A performance alert triggered on an endpoint.
Example
{
"schema": 123,
"key": "abc123",
"type": "xyz789",
"ref": "abc123",
"topProcessesExpr": "abc123",
"labels": Map,
"pendingAt": "10:15:30Z",
"start": "10:15:30Z",
"resolvedAt": "10:15:30Z",
"leadup": 123,
"value": 987.65,
"firing": false,
"evidenceToGather": ["abc123"],
"evidence": [EndpointAlertEvidence]
}
EndpointAlertEvidence
Description
Evidence collected as part of a performance alert on an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String
|
|
value -
String
|
|
values -
[EndpointAlertEvidenceValues]
|
Example
{
"name": "xyz789",
"value": "xyz789",
"values": [EndpointAlertEvidenceValues]
}
EndpointAlertEvidenceValues
EndpointCollectionInfo
Description
Information about the endpoint results that populate an EndpointConnection.
Fields
| Field Name | Description |
|---|---|
active -
Boolean!
|
Indicates results may still continue to accumulate in the underlying collection, and you may refresh the cursor if the paginated results are insufficient. Stability Level: 3 - Stable |
success -
Boolean!
|
Indicates the results in the paginated connection satisfy the criteria specified by the query's data source argument. Stability Level: 3 - Stable |
expectedTotal -
Int
|
The number of endpoints expected to evaluate the query, if known. Note that not all of these endpoints are necessarily expected to contribute results, and that this total may be smaller or larger than the total number of endpoints that responded. Stability Level: 3 - Stable |
respondedTotal -
Int
|
The number of endpoints that have evaluated the query, if known. Stability Level: 3 - Stable |
contributedTotal -
Int!
|
The number of endpoints that have contributed results to the query. Stability Level: 3 - Stable |
respondedPercentage -
Float
|
The number of endpoints that have evaluated the query divided by the number of endpoints expected to evaluate the query, if both are known, expressed as a decimal value between Stability Level: 3 - Stable |
startCursor -
Cursor
|
The cursor for the beginning of the collection. This will be populated even if the collection is empty, as long as the collection has the possibility of being refreshed with new results. Stability Level: 3 - Stable |
Example
{
"active": true,
"success": true,
"expectedTotal": 123,
"respondedTotal": 123,
"contributedTotal": 987,
"respondedPercentage": 123.45,
"startCursor": Cursor
}
EndpointCompliance
Description
The state of an endpoint's compliance with security policies.
Fields
| Field Name | Description |
|---|---|
cveFindings -
[EndpointComplianceCveFinding!]
|
The list of all vulnerability findings on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Note that the absoluteFirstFoundDate, firstFound, lastFound, and lastScanDate fields are not supported in the filter. Sensor: Comply - CVE Findings Sensor: Comply - Vulnerability Findings Details, Column: Check ID Stability Level: 3 - Stable |
Arguments
|
|
complianceFindings -
[EndpointComplianceComplianceFinding!]
|
The list of all compliance findings on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Note that the firstFoundDate and lastScanDate fields are not supported in the filter. Sensor: Comply - Compliance Findings Sensor: Comply - Compliance Findings Details, Column: Check ID Stability Level: 3 - Stable |
Arguments
|
|
Example
{
"cveFindings": [EndpointComplianceCveFinding],
"complianceFindings": [
EndpointComplianceComplianceFinding
]
}
EndpointComplianceComplianceFinding
Description
A compliance issue found on an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
String
|
The ID of the compliance finding. Sensor: Comply - Compliance Findings, Column: Check ID Sensor: Comply - Compliance Findings Details, Column: Check ID Stability Level: 3 - Stable |
excepted -
Boolean
|
Indicates whether the finding is an excepted finding. Sensor: Comply - Compliance Findings Details, Column: Excepted Stability Level: 1.2 - Experimental (Release Candidate) |
state -
String
|
The state of the compliance issue. Sensor: Comply - Compliance Findings, Column: State Sensor: Comply - Compliance Findings Details, Column: State Stability Level: 3 - Stable |
category -
String
|
The category of the compliance issue. Sensor: Comply - Compliance Findings, Column: Category Sensor: Comply - Compliance Findings Details, Column: Category Stability Level: 3 - Stable |
ruleId -
String
|
The ID of the rule violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Rule ID Sensor: Comply - Compliance Findings Details, Column: Rule ID Stability Level: 3 - Stable |
standard -
String
|
The standard violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Standard Sensor: Comply - Compliance Findings Details, Column: Standard Stability Level: 3 - Stable |
standardVersion -
String
|
The version of the standard violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Standard Version Sensor: Comply - Compliance Findings Details, Column: Standard Version Stability Level: 3 - Stable |
profile -
String
|
The profile violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Profile Sensor: Comply - Compliance Findings Details, Column: Profile Stability Level: 3 - Stable |
profileVersion -
String
|
The version of the profile violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Profile Version Sensor: Comply - Compliance Findings Details, Column: Profile Version Stability Level: 3 - Stable |
rule -
String
|
The rule violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Rule Sensor: Comply - Compliance Findings Details, Column: Rule Stability Level: 3 - Stable |
firstFoundDate -
Date
|
The date on which the compliance issue was first found on the endpoint. If the compliance finding state changes, this updates to the new discovery date. Sensor: Comply - Compliance Findings - First Found, Column: First Found - Date Sensor: Comply - Compliance Findings - First Found, Column: First Found - Check ID Stability Level: 3 - Stable |
lastScanDate -
Date
|
The date on which the compliance issue was last scanned for on the endpoint. Sensor: Comply - Compliance Findings - Last Scan, Column: Last Scan - Date Sensor: Comply - Compliance Findings - Last Scan, Column: Last Scan - Check ID Stability Level: 3 - Stable |
Example
{
"id": "xyz789",
"excepted": false,
"state": "xyz789",
"category": "xyz789",
"ruleId": "abc123",
"standard": "xyz789",
"standardVersion": "xyz789",
"profile": "xyz789",
"profileVersion": "xyz789",
"rule": "xyz789",
"firstFoundDate": "2007-12-03",
"lastScanDate": "2007-12-03"
}
EndpointComplianceCveFinding
Description
A vulnerability finding on an endpoint.
Fields
| Field Name | Description |
|---|---|
cveId -
String
|
The ID of the CVE. Sensor: Comply - CVE Findings, Column: Check ID Sensor: Comply - Vulnerability Findings Details, Column: Check ID Stability Level: 3 - Stable |
excepted -
Boolean
|
Indicates whether the finding is an excepted finding. Sensor: Comply - Vulnerability Findings Details, Column: Excepted Stability Level: 1.2 - Experimental (Release Candidate) |
scanType -
String
|
The method used to discover the finding. Examples: ras, sbom, oval Sensor: Comply - Vulnerability Findings Details, Column: Scan Type Stability Level: 1.2 - Experimental (Release Candidate) |
cvssScore -
Float
|
The CVSS v2 score of the CVE. Sensor: Comply - CVE Findings, Column: CVSS Score Sensor: Comply - Vulnerability Findings Details, Column: CVSS Score Stability Level: 3 - Stable |
severity -
String
|
The CVSS v2 severity of the CVE. Sensor: Comply - CVE Findings, Column: Severity Sensor: Comply - Vulnerability Findings Details, Column: Severity Stability Level: 3 - Stable |
cvssScoreV3 -
Float
|
The CVSS v3 score of the CVE. Sensor: Comply - CVE Findings, Column: CVSS v3 Base Score Sensor: Comply - Vulnerability Findings Details, Column: CVSS v3 Base Score Stability Level: 3 - Stable |
severityV3 -
String
|
The CVSS v3 severity of the CVE. Sensor: Comply - CVE Findings, Column: CVSS v3 Severity Sensor: Comply - Vulnerability Findings Details, Column: CVSS v3 Severity Stability Level: 3 - Stable |
cveYear -
String
|
The year in which the CVE ID was reserved, or the year in which the CVE became public. Sensor: Comply - CVE Findings, Column: CVE Year Sensor: Comply - Vulnerability Findings Details, Column: CVE Year Stability Level: 3 - Stable |
summary -
String
|
A brief summary of the CVE. Sensor: Comply - CVE Findings, Column: Summary Sensor: Comply - Vulnerability Findings Details, Column: Summary Stability Level: 3 - Stable |
firstFound -
Date
|
The date on which the CVE was first found on the endpoint. If the CVE is remediated, then detected on this endpoint at a later date, the date updates to the later detection date. Sensor: Comply - CVE Findings - First Found, Column: First Found - Date Sensor: Comply - CVE Findings - First Found, Column: First Found - CVE Stability Level: 3 - Stable |
lastFound -
Date
|
The date on which the CVE was last found on the endpoint. Sensor: Comply - CVE Findings - Last Found, Column: Last Found - Date Sensor: Comply - CVE Findings - Last Found, Column: Last Found - CVE Stability Level: 3 - Stable |
absoluteFirstFoundDate -
Date
|
The date on which the CVE was first found on the endpoint. If the CVE is remediated, then detected on this endpoint at a later date, this date does not change. Sensor: Comply - CVE Findings - Absolute First Found, Column: Absolute First Found - Date Sensor: Comply - CVE Findings - Absolute First Found, Column: Absolute First Found - CVE Stability Level: 3 - Stable |
lastScanDate -
Date
|
The date on which the CVE was last scanned for on the endpoint. Sensor: Comply - CVE Findings - Last Scan, Column: Last Scan - Date Sensor: Comply - CVE Findings - Last Scan, Column: Last Scan - CVE Stability Level: 3 - Stable |
isCisaKev -
Boolean
|
Indicates whether the CVE is included in the CISA Known Exploited Vulnerabilities (KEV) catalog. Sensor: Comply - Vulnerability Findings Details, Column: Is CISA KEV Stability Level: 1.2 - Experimental (Release Candidate) |
cisaVendor -
String
|
The vendor or project name associated with the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Vendor Stability Level: 1.2 - Experimental (Release Candidate) |
cisaProduct -
String
|
The product associated with the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Product Stability Level: 1.2 - Experimental (Release Candidate) |
cisaVulnerabilityName -
String
|
The vulnerability name. Sensor: Comply - Vulnerability Findings Details, Column: CISA Vulnerability Name Stability Level: 1.2 - Experimental (Release Candidate) |
cisaDateAdded -
Date
|
The date the vulnerability was added to the CISA KEV catalog. Sensor: Comply - Vulnerability Findings Details, Column: CISA Date Added Stability Level: 1.2 - Experimental (Release Candidate) |
cisaShortDescription -
String
|
A short description of the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Short Description Stability Level: 1.2 - Experimental (Release Candidate) |
cisaRequiredAction -
String
|
The action listed to address the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Required Action Stability Level: 1.2 - Experimental (Release Candidate) |
cisaDueDate -
Date
|
The due date for taking the action listed. Sensor: Comply - Vulnerability Findings Details, Column: CISA Due Date Stability Level: 1.2 - Experimental (Release Candidate) |
cisaNotes -
String
|
Additional notes about the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Notes Stability Level: 1.2 - Experimental (Release Candidate) |
cpes -
[String!]
|
A list of Common Platform Enumerations (CPE) for this CVE. Sensor: Comply - Vulnerability Findings Details, Column: CPEs Stability Level: 1.2 - Experimental (Release Candidate) |
affectedProducts -
[String!]
|
A list of affected products for this CVE. Sensor: Comply - Vulnerability Findings Details, Column: Products Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"cveId": "xyz789",
"excepted": true,
"scanType": "abc123",
"cvssScore": 987.65,
"severity": "abc123",
"cvssScoreV3": 987.65,
"severityV3": "xyz789",
"cveYear": "abc123",
"summary": "abc123",
"firstFound": "2007-12-03",
"lastFound": "2007-12-03",
"absoluteFirstFoundDate": "2007-12-03",
"lastScanDate": "2007-12-03",
"isCisaKev": true,
"cisaVendor": "xyz789",
"cisaProduct": "abc123",
"cisaVulnerabilityName": "abc123",
"cisaDateAdded": "2007-12-03",
"cisaShortDescription": "xyz789",
"cisaRequiredAction": "xyz789",
"cisaDueDate": "2007-12-03",
"cisaNotes": "abc123",
"cpes": ["abc123"],
"affectedProducts": ["abc123"]
}
EndpointConnection
Description
A page of endpoint edges.
Fields
| Field Name | Description |
|---|---|
edges -
[EndpointEdge!]!
|
The list of endpoint edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the endpoint collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of endpoint records available. Stability Level: 3 - Stable |
collectionInfo -
EndpointCollectionInfo!
|
Information about the endpoint results that contribute to the collection. Stability Level: 3 - Stable |
Example
{
"edges": [EndpointEdge],
"pageInfo": PageInfo,
"totalRecords": 987,
"collectionInfo": EndpointCollectionInfo
}
EndpointDeploySoftwarePackage
Description
A Deploy software package that is deployed or deployable on an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the software package. Sensor: Deploy - Software Packages, Column: Software Package ID Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
vendor -
String!
|
The name of the software vendor that produced the package. Sensor: Deploy - Software Packages, Column: Vendor Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
name -
String!
|
The name of the software package. Sensor: Deploy - Software Packages, Column: Name Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
version -
String!
|
The version of the software package. Sensor: Deploy - Software Packages, Column: Version Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
gallery -
String!
|
If Examples: Yes, No Sensor: Deploy - Software Packages, Column: Is Gallery Package Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
applicability -
String!
|
Indicates the applicability of the software package to the endpoint. Examples: Installed, Install Eligible, Not Applicable Sensor: Deploy - Software Packages, Column: Applicability Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
Example
{
"id": "4",
"vendor": "abc123",
"name": "abc123",
"version": "xyz789",
"gallery": "xyz789",
"applicability": "xyz789"
}
EndpointDiscover
Description
The details found by Discover.
Fields
| Field Name | Description |
|---|---|
discoverMethod -
String
|
The Discover Method Name. Example: ping Sensor: Discover Method Use of this field requires the Discover solution. Stability Level: 3 - Stable |
discoverProfile -
String
|
The Discover Method Profile. Example: Distributed Ping Sensor: Discover Profile Use of this field requires the Discover solution. Stability Level: 3 - Stable |
natIpAddress -
String
|
The IP Address of this client as seen from the Tanium Server. Example: 192.168.1.1 Sensor: NAT IP Address Use of this field requires the Discover solution. Stability Level: 3 - Stable |
openPorts -
[Int!]
|
The top 1000 (according to Nmap) open TCP ports. Examples: 1234, 2345 Sensor: Open Ports Use of this field requires the Discover solution. Stability Level: 3 - Stable |
Example
{
"discoverMethod": "xyz789",
"discoverProfile": "abc123",
"natIpAddress": "xyz789",
"openPorts": [987]
}
EndpointDisk
Description
The disk space details of a volume.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The disk drive name. Sensor: Disk Total Space Stability Level: 3 - Stable |