Login

Tanium GraphQL API Gateway

Tanium™ API Gateway provides a single and stable API integration point for various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium™ Core Platform.

API Endpoints
https://<customername>-api.cloud.tanium.com/plugin/products/gateway/graphql
Version:

Current


Release Comparison:

Getting Started

Visit the Documentation Site to find helpful information such as...

  • Overview and Requirements
  • Installation and Troubleshooting Instructions
  • Lots of Helpful Example Queries!
New to GraphQL?

GraphQL is a query language for APIs. Visit graphql.org to learn all about it.

Need Deprecated Content?

Alternate version of the Schema Documentation that includes deprecated queries and fields

Queries

action

Description

Finds the identified action.

Stability Level: 3 - Stable

Response

Returns an Action

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
query action($ref: IdRefInput!) {
  action(ref: $ref) {
    id
    name
    comment
    expireSeconds
    creationTime
    startTime
    expirationTime
    distributeSeconds
    status
    stoppedFlag
    targets {
      ...ActionTargetsFragment
    }
    package {
      ...PackageRefFragment
    }
    scheduledAction {
      ...ScheduledActionFragment
    }
    stopped
    creator {
      ...PrincipalFragment
    }
    approver {
      ...PrincipalFragment
    }
    metadata {
      ...MetadataFragment
    }
    results {
      ...ActionResultsFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "action": {
      "id": "4",
      "name": "xyz789",
      "comment": "xyz789",
      "expireSeconds": 123,
      "creationTime": "10:15:30Z",
      "startTime": "10:15:30Z",
      "expirationTime": "10:15:30Z",
      "distributeSeconds": 123,
      "status": "OPEN",
      "stoppedFlag": false,
      "targets": ActionTargets,
      "package": PackageRef,
      "scheduledAction": ScheduledAction,
      "stopped": false,
      "creator": Principal,
      "approver": Principal,
      "metadata": [Metadata],
      "results": ActionResults
    }
  }
}

actionGroup

Description

Returns an action group that matches the specified input.

Stability Level: 3 - Stable

Response

Returns an ActionGroup

Arguments
Name Description
ref - NamedRefInput!

The reference data the action group must match to be returned.

Stability Level: 3 - Stable

Example

Query
query actionGroup($ref: NamedRefInput!) {
  actionGroup(ref: $ref) {
    id
    name
    visibility
    userGroups {
      ...NamedRefFragment
    }
    computerGroups {
      ...ComputerGroupFragment
    }
    any
  }
}
Variables
{"ref": NamedRefInput}
Response
{
  "data": {
    "actionGroup": {
      "id": 4,
      "name": "abc123",
      "visibility": "ADMIN",
      "userGroups": [NamedRef],
      "computerGroups": [ComputerGroup],
      "any": false
    }
  }
}

actionGroups

Description

Stability Level: 3 - Stable

Response

Returns an ActionGroupConnection

Arguments
Name Description
after - Cursor

Returns the action groups after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n action groups from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the action groups before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n action groups from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

Example

Query
query actionGroups(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int
) {
  actionGroups(
    after: $after,
    first: $first,
    before: $before,
    last: $last
  ) {
    edges {
      ...ActionGroupEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 987
}
Response
{
  "data": {
    "actionGroups": {
      "edges": [ActionGroupEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

actions

Description

Returns the matching actions.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns an ActionConnection

Arguments
Name Description
after - Cursor

Returns the actions after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n actions from the list. This has a maximum value of 200.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the actions before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n actions from the list. This must be given if before is given and has a maximum value of 200.

Stability Level: 3 - Stable

filter - FieldFilter

Returns only the actions matching the filter. The filter must be either a simple filter or a compound filter with a single set of simple child filters which all must match.

The paths which support filtering include: id, name, comment, package.name, creator.user.name, creationTime, expirationTime, startTime, distributeSeconds, expireSeconds, and status.

This filter does not support the any field.

Stability Level: 3 - Stable

Example

Query
query actions(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter
) {
  actions(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...ActionEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter
}
Response
{
  "data": {
    "actions": {
      "edges": [ActionEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

assetProductEndpoints

Description

Retrieves endpoints based on Asset software inventory and usage.

Use of this field requires the Tanium permission asset api user read.

Stability Level: 3 - Stable

Response

Returns an AssetProductEndpointConnection

Arguments
Name Description
filter - AssetProductEndpointsFilter

Filter endpoints by the given criteria.

Stability Level: 3 - Stable

after - Cursor

Returns endpoints after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n endpoints from the list.

Stability Level: 3 - Stable

Example

Query
query assetProductEndpoints(
  $filter: AssetProductEndpointsFilter,
  $after: Cursor,
  $first: Int
) {
  assetProductEndpoints(
    filter: $filter,
    after: $after,
    first: $first
  ) {
    edges {
      ...AssetProductEndpointEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalCount
  }
}
Variables
{
  "filter": AssetProductEndpointsFilter,
  "after": Cursor,
  "first": 123
}
Response
{
  "data": {
    "assetProductEndpoints": {
      "edges": [AssetProductEndpointEdge],
      "pageInfo": PageInfo,
      "totalCount": 987
    }
  }
}

assetProducts

Description

Retrieves product usage for assets and endpoints.

Use of this field requires the Tanium permission asset api user read.

Stability Level: 3 - Stable

Response

Returns an AssetProductConnection

Arguments
Name Description
filter - AssetProductsFilter

Filter products by the given criteria.

Stability Level: 3 - Stable

after - Cursor

Returns products after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n products from the list.

Stability Level: 3 - Stable

Example

Query
query assetProducts(
  $filter: AssetProductsFilter,
  $after: Cursor,
  $first: Int
) {
  assetProducts(
    filter: $filter,
    after: $after,
    first: $first
  ) {
    edges {
      ...AssetProductEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalCount
  }
}
Variables
{
  "filter": AssetProductsFilter,
  "after": Cursor,
  "first": 123
}
Response
{
  "data": {
    "assetProducts": {
      "edges": [AssetProductEdge],
      "pageInfo": PageInfo,
      "totalCount": 123
    }
  }
}

computerGroup

Description

Returns a computer group that matches the specified input.

Stability Level: 3 - Stable

Response

Returns a ComputerGroup

Arguments
Name Description
ref - NamedRefInput!

The reference data the computer group must match to be returned.

Stability Level: 3 - Stable

Example

Query
query computerGroup($ref: NamedRefInput!) {
  computerGroup(ref: $ref) {
    id
    name
    managementRightsEnabled
    filterEnabled
    contentSet {
      ...NamedRefFragment
    }
    contentSetV2 {
      ...TaniumPlatformContentSetFragment
    }
    type
    expression
  }
}
Variables
{"ref": NamedRefInput}
Response
{
  "data": {
    "computerGroup": {
      "id": "4",
      "name": "xyz789",
      "managementRightsEnabled": true,
      "filterEnabled": true,
      "contentSet": NamedRef,
      "contentSetV2": TaniumPlatformContentSet,
      "type": "STANDARD",
      "expression": "abc123"
    }
  }
}

computerGroups

Description

Returns all computer groups matching the specified input.

Stability Level: 3 - Stable

Response

Returns a ComputerGroupConnection

Arguments
Name Description
after - Cursor

Returns the computer groups after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n computer groups from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the computer groups before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n computer groups from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - ComputerGroupsFilter

Returns only the computer groups matching the filter.

Stability Level: 3 - Stable

Example

Query
query computerGroups(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: ComputerGroupsFilter
) {
  computerGroups(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...ComputerGroupEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 987,
  "filter": ComputerGroupsFilter
}
Response
{
  "data": {
    "computerGroups": {
      "edges": [ComputerGroupEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

configurationItemEntities

Description

Returns configuration item entities from the CMDB.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
after - Cursor

Returns the configuration item entities after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n endpoints from the list.

Stability Level: 3 - Stable

before - Cursor

Returns the configuration item entities before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n endpoints from the list.

Stability Level: 3 - Stable

params - EntitiesQueryParams

Returns only the configuration item entities matching the given parameters.

Stability Level: 3 - Stable

sort - [EntitySortRequest]

Sorts the configuration item entities.

Stability Level: 3 - Stable

Example

Query
query configurationItemEntities(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $params: EntitiesQueryParams,
  $sort: [EntitySortRequest]
) {
  configurationItemEntities(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    params: $params,
    sort: $sort
  ) {
    edges {
      ...ConfigurationItemEntityEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalCount
  }
}
Variables
{
  "after": Cursor,
  "first": 987,
  "before": Cursor,
  "last": 987,
  "params": EntitiesQueryParams,
  "sort": [EntitySortRequest]
}
Response
{
  "data": {
    "configurationItemEntities": {
      "edges": [ConfigurationItemEntityEdge],
      "pageInfo": PageInfo,
      "totalCount": 987
    }
  }
}

configurationItemProperties

Description

Returns all properties related to configuration items.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Response

Returns a ConfigurationItemProperties

Example

Query
query configurationItemProperties {
  configurationItemProperties {
    customerItemsLimit
    userSpecifiedAssetsMaxAge
  }
}
Response
{
  "data": {
    "configurationItemProperties": {
      "customerItemsLimit": 987,
      "userSpecifiedAssetsMaxAge": 123
    }
  }
}

configurationItemRelationships

Description

Returns relationships for the identified configuration items from the CMDB.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
after - Cursor

Returns the relationships after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n relationships from the list.

Stability Level: 3 - Stable

before - Cursor

Returns the relationships before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n relationships from the list.

Stability Level: 3 - Stable

params - RelationshipQueryParams

Returns only the relationships matching the given parameters.

Stability Level: 3 - Stable

sort - [RelationshipSortRequest]

Sorts the relationships.

Stability Level: 3 - Stable

Example

Query
query configurationItemRelationships(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $params: RelationshipQueryParams,
  $sort: [RelationshipSortRequest]
) {
  configurationItemRelationships(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    params: $params,
    sort: $sort
  ) {
    edges {
      ...ConfigurationItemRelationshipEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalCount
  }
}
Variables
{
  "after": Cursor,
  "first": 123,
  "before": Cursor,
  "last": 123,
  "params": RelationshipQueryParams,
  "sort": [RelationshipSortRequest]
}
Response
{
  "data": {
    "configurationItemRelationships": {
      "edges": [ConfigurationItemRelationshipEdge],
      "pageInfo": PageInfo,
      "totalCount": 123
    }
  }
}

connectConnection

Description

Returns the connection that matches the referenced ID.

Use of this field requires the Tanium permission Connect - Read.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectConnection

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
query connectConnection($ref: IdRefInput!) {
  connectConnection(ref: $ref) {
    id
    displayName
    description
    currentRun {
      ...ConnectRunFragment
    }
    pastRuns {
      ...ConnectRunConnectionFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "connectConnection": {
      "id": "4",
      "displayName": "xyz789",
      "description": "abc123",
      "currentRun": ConnectRun,
      "pastRuns": ConnectRunConnection
    }
  }
}

connectConnections

Description

Returns the matching connections.

Use of this field requires the Tanium permission Connect - Read.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectGraphConnection

Arguments
Name Description
after - Cursor Stability Level: 1.2 - Experimental (Release Candidate)
first - Int Stability Level: 1.2 - Experimental (Release Candidate). Default = 20
before - Cursor Stability Level: 1.2 - Experimental (Release Candidate)
last - Int Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
query connectConnections(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int
) {
  connectConnections(
    after: $after,
    first: $first,
    before: $before,
    last: $last
  ) {
    edges {
      ...ConnectConnectionEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 987
}
Response
{
  "data": {
    "connectConnections": {
      "edges": [ConnectConnectionEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

connectRun

Description

Returns the connection run that matches the referenced connection run ID.

Use of this field requires the Tanium permission Connect - Read.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectRun

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
query connectRun($ref: IdRefInput!) {
  connectRun(ref: $ref) {
    id
    connectionID
    status
    createdTime
    updatedTime
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "connectRun": {
      "id": "4",
      "connectionID": 4,
      "status": "Starting",
      "createdTime": "10:15:30Z",
      "updatedTime": "10:15:30Z"
    }
  }
}

connectRuns

Description

Returns all connection runs started from a given connection configuration.

Use of this field requires the Tanium permission Connect - Read.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectRunConnection

Arguments
Name Description
after - Cursor Stability Level: 1.2 - Experimental (Release Candidate)
first - Int Stability Level: 1.2 - Experimental (Release Candidate). Default = 20
before - Cursor Stability Level: 1.2 - Experimental (Release Candidate)
last - Int Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
query connectRuns(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int
) {
  connectRuns(
    after: $after,
    first: $first,
    before: $before,
    last: $last
  ) {
    edges {
      ...ConnectRunEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123
}
Response
{
  "data": {
    "connectRuns": {
      "edges": [ConnectRunEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

currentUserContext

Description

Returns the current user and selected persona.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a TaniumPlatformUserContext!

Example

Query
query currentUserContext {
  currentUserContext {
    user {
      ...TaniumPlatformUserFragment
    }
    persona {
      ...TaniumPlatformUserPersonaFragment
    }
  }
}
Response
{
  "data": {
    "currentUserContext": {
      "user": TaniumPlatformUser,
      "persona": TaniumPlatformUserPersona
    }
  }
}

directConnectConnectionStatus

Description

Checks the status of a direct connection.

The input requires a direct endpoint connection opened using directConnectOpen.

Use of this field requires the Direct Connect solution.

Stability Level: 3 - Stable

Arguments
Name Description
input - DirectConnectConnectionStatusInput! Stability Level: 3 - Stable

Example

Query
query directConnectConnectionStatus($input: DirectConnectConnectionStatusInput!) {
  directConnectConnectionStatus(input: $input) {
    status
  }
}
Variables
{"input": DirectConnectConnectionStatusInput}
Response
{"data": {"directConnectConnectionStatus": {"status": "UNKNOWN"}}}

directConnectEndpoint

Description

Obtains data from the specified endpoint using an open Direct Connect connection.

The input requires a direct endpoint connection opened using directConnectOpen.

Use of this field requires the Direct Connect solution.

Stability Level: 3 - Stable

Response

Returns a DirectConnect

Arguments
Name Description
input - DirectConnectEndpointInput! Stability Level: 3 - Stable

Example

Query
query directConnectEndpoint($input: DirectConnectEndpointInput!) {
  directConnectEndpoint(input: $input) {
    performance {
      ...DirectConnectPerfFragment
    }
    processes {
      ...DirectConnectProcessesFragment
    }
    alerts {
      ...DirectConnectAlertsFragment
    }
  }
}
Variables
{"input": DirectConnectEndpointInput}
Response
{
  "data": {
    "directConnectEndpoint": {
      "performance": DirectConnectPerf,
      "processes": DirectConnectProcesses,
      "alerts": DirectConnectAlerts
    }
  }
}

directEndpoint

Description

Obtains data from the specified endpoint using a Direct Connect connection.

Use of this field requires the Direct Connect solution.

Stability Level: 2 - Legacy Use directConnectEndpoint instead. The directConnect APIs provide better support for tracking connections that take longer to establish.

Response

Returns a DirectConnect

Arguments
Name Description
input - OpenDirectConnectionInput! Stability Level: 3 - Stable

Example

Query
query directEndpoint($input: OpenDirectConnectionInput!) {
  directEndpoint(input: $input) {
    performance {
      ...DirectConnectPerfFragment
    }
    processes {
      ...DirectConnectProcessesFragment
    }
    alerts {
      ...DirectConnectAlertsFragment
    }
  }
}
Variables
{"input": OpenDirectConnectionInput}
Response
{
  "data": {
    "directEndpoint": {
      "performance": DirectConnectPerf,
      "processes": DirectConnectProcesses,
      "alerts": DirectConnectAlerts
    }
  }
}

discoverInterface

Description

Returns the Discover interface that matches the referenced ID.

Use of this field requires the Tanium permission Discover Asset - Read.

Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverInterface

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
query discoverInterface($ref: IdRefInput!) {
  discoverInterface(ref: $ref) {
    id
    macAddress
    manufacturer
    hostnames
    ipAddresses
    labels {
      ...DiscoverLabelFragment
    }
    osPlatform
    openPorts
    discoveryMethods
    lastSeenTime
    computerId
    natIPAddresses
    osGeneration
    profiles {
      ...DiscoverProfileFragment
    }
    cloudInstances {
      ...DiscoverCloudInstanceFragment
    }
    cloudTags {
      ...DiscoverCloudTagFragment
    }
    firstSeenTime
    firstManagedTime
    lastManagedTime
    lastDiscoveredTime
    isManaged
    isUnmanageable
    isIgnored
    satellites {
      ...DiscoverSatelliteFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "discoverInterface": {
      "id": "4",
      "macAddress": "abc123",
      "manufacturer": "xyz789",
      "hostnames": ["abc123"],
      "ipAddresses": ["abc123"],
      "labels": [DiscoverLabel],
      "osPlatform": "abc123",
      "openPorts": [123],
      "discoveryMethods": ["ARP"],
      "lastSeenTime": "10:15:30Z",
      "computerId": "abc123",
      "natIPAddresses": ["xyz789"],
      "osGeneration": "abc123",
      "profiles": [DiscoverProfile],
      "cloudInstances": [DiscoverCloudInstance],
      "cloudTags": [DiscoverCloudTag],
      "firstSeenTime": "10:15:30Z",
      "firstManagedTime": "10:15:30Z",
      "lastManagedTime": "10:15:30Z",
      "lastDiscoveredTime": "10:15:30Z",
      "isManaged": true,
      "isUnmanageable": false,
      "isIgnored": true,
      "satellites": [DiscoverSatellite]
    }
  }
}

discoverInterfaces

Description

Returns the matching Discover interfaces.

Use of this field requires the Tanium permission Discover Asset - Read.

Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverInterfaceConnection

Arguments
Name Description
after - Cursor

Returns the Discover interfaces after the given cursor.

Stability Level: 1.1 - Experimental (Active Development)

first - Int

Returns the first n Discover interfaces from the list.

Stability Level: 1.1 - Experimental (Active Development). Default = 20

before - Cursor

Returns the Discover interfaces before the given cursor.

Stability Level: 1.1 - Experimental (Active Development)

last - Int

Returns the last n Discover interfaces from the list.

Stability Level: 1.1 - Experimental (Active Development)

filter - FieldFilter

Returns only the Discover interfaces matching the filter.

Stability Level: 1.1 - Experimental (Active Development)

Example

Query
query discoverInterfaces(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter
) {
  discoverInterfaces(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...DiscoverInterfaceEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter
}
Response
{
  "data": {
    "discoverInterfaces": {
      "edges": [DiscoverInterfaceEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

discoverLabel

Description

Returns the Discover label that matches the referenced name.

Use of this field requires the Tanium permission Discover Asset - Read.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverLabel

Arguments
Name Description
ref - NamedOnlyRefInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
query discoverLabel($ref: NamedOnlyRefInput!) {
  discoverLabel(ref: $ref) {
    name
    type
    createdTime
    modifiedTime
  }
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
  "data": {
    "discoverLabel": {
      "name": "abc123",
      "type": "STANDARD",
      "createdTime": "10:15:30Z",
      "modifiedTime": "10:15:30Z"
    }
  }
}

discoverLabels

Description

Returns the matching Discover labels.

Use of this field requires the Tanium permission Discover Asset - Read.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverLabelConnection

Arguments
Name Description
after - Cursor

Returns the Discover labels after the given cursor.

Stability Level: 1.1 - Experimental (Active Development)

first - Int

Returns the first n Discover labels from the list.

Stability Level: 1.1 - Experimental (Active Development). Default = 20

before - Cursor

Returns the Discover labels before the given cursor.

Stability Level: 1.1 - Experimental (Active Development)

last - Int

Returns the last n Discover labels from the list.

Stability Level: 1.1 - Experimental (Active Development)

filter - FieldFilter

Returns only the Discover labels matching the filter.

Stability Level: 1.1 - Experimental (Active Development)

Example

Query
query discoverLabels(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter
) {
  discoverLabels(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...DiscoverLabelEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter
}
Response
{
  "data": {
    "discoverLabels": {
      "edges": [DiscoverLabelEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

emailServerSummaries

Description

Returns summary information for matching email servers, required to retrieve and use an email server to send emails. The response contains summary information only for email servers that are enabled to send emails.

Use of this field requires the Email solution.

Use of this field requires the Tanium permission Email Send.

Note: Only return summaries for email servers in content sets to which the user has the Email Send permission.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns an EmailServerSummaryConnection

Arguments
Name Description
after - Cursor

Returns the email server summaries after the given cursor.

Stability Level: 1.0 - Experimental (Early Development)

first - Int

Returns the first n email server summaries from the list.

Stability Level: 1.0 - Experimental (Early Development). Default = 20

Example

Query
query emailServerSummaries(
  $after: Cursor,
  $first: Int
) {
  emailServerSummaries(
    after: $after,
    first: $first
  ) {
    edges {
      ...EmailServerSummaryEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{"after": Cursor, "first": 20}
Response
{
  "data": {
    "emailServerSummaries": {
      "edges": [EmailServerSummaryEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

emailServerSummary

Description

Returns summary information for the email server matching the ID, required to retrieve and use an email server to send emails. The response contains the matching email server summary information only if the email server is enabled to send emails.

Use of this field requires the Email solution.

Use of this field requires the Tanium permission Email Send.

Note: Only returns a summary if the email server is in a content set to which the user has the Email Send permission.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns an EmailServerSummary

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
query emailServerSummary($ref: IdRefInput!) {
  emailServerSummary(ref: $ref) {
    id
    name
    description
    fromAddress
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "emailServerSummary": {
      "id": 4,
      "name": "xyz789",
      "description": "abc123",
      "fromAddress": "xyz789"
    }
  }
}

endpointCounts

Description

Returns the count of endpoints matching the input sensor column values. Requests might return an array of field values for a given column. For example, if you define the Installed Application sensor in EndpointCountsInput.sensors, the results include multiple applications per row count. For the Installed Application sensor Name column, the values field returns an array of multiple applications.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns an EndpointCountsConnection

Arguments
Name Description
input - EndpointCountsInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
query endpointCounts($input: EndpointCountsInput!) {
  endpointCounts(input: $input) {
    edges {
      ...EndpointCountsEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{"input": EndpointCountsInput}
Response
{
  "data": {
    "endpointCounts": {
      "edges": [EndpointCountsEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987
    }
  }
}

endpointIdChanges

Description

Changed endpoint IDs from Tanium Data Service for the given namespace and timespan.

Stability Level: 3 - Stable

Response

Returns an EndpointIdChangesPayload!

Arguments
Name Description
after - Time!

The date and time of the oldest record to retrieve. Retrieve records newer than this time.

Stability Level: 3 - Stable

namespace - String

Tanium Data Service (TDS) namespace to search against. If no value is specified, the TDS default namespace is used.

Example: unmanaged_user_specified

Stability Level: 3 - Stable

Example

Query
query endpointIdChanges(
  $after: Time!,
  $namespace: String
) {
  endpointIdChanges(
    after: $after,
    namespace: $namespace
  ) {
    changes {
      ...EndpointIdChangeFragment
    }
    before
  }
}
Variables
{
  "after": "10:15:30Z",
  "namespace": "xyz789"
}
Response
{
  "data": {
    "endpointIdChanges": {
      "changes": [EndpointIdChange],
      "before": "10:15:30Z"
    }
  }
}

endpoints

Description

Returns the matching endpoints from the specified source. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.

Stability Level: 3 - Stable

Response

Returns an EndpointConnection

Arguments
Name Description
after - Cursor

Returns the endpoints after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n endpoints from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the endpoints before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n endpoints from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - EndpointFieldFilter

Returns only the endpoints matching the filter.

Stability Level: 3 - Stable

sort - [EndpointFieldSort!]

Sorts the endpoints. Define up to one sort field.

If no sort is provided, the endpoints order is undefined and should not be relied on.

Stability Level: 3 - Stable

source - EndpointSource

Describes the data source from which to retrieve the endpoints.

This defaults to the Tanium Data Service source in the default Tanium endpoint namespace.

Stability Level: 3 - Stable

refresh - Cursor

Refreshes the endpoints collection identified by the given cursor, if possible. If so, this will invalidate the collection identified by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available.

This is primarily intended for use with the Tanium Server data source, where endpoint sensor readings may accumulate for many minutes beyond the original query response.

Stability Level: 3 - Stable

Example

Query
query endpoints(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: EndpointFieldFilter,
  $sort: [EndpointFieldSort!],
  $source: EndpointSource,
  $refresh: Cursor
) {
  endpoints(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter,
    sort: $sort,
    source: $source,
    refresh: $refresh
  ) {
    edges {
      ...EndpointEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
    collectionInfo {
      ...EndpointCollectionInfoFragment
    }
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": EndpointFieldFilter,
  "sort": [EndpointFieldSort],
  "source": EndpointSource,
  "refresh": Cursor
}
Response
{
  "data": {
    "endpoints": {
      "edges": [EndpointEdge],
      "pageInfo": PageInfo,
      "totalRecords": 987,
      "collectionInfo": EndpointCollectionInfo
    }
  }
}

myAPITokens

Description

Returns the API tokens for the current user.

Stability Level: 3 - Stable

Response

Returns an APITokenQueryPayload!

Example

Query
query myAPITokens {
  myAPITokens {
    tokens {
      ...APITokenFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Response
{
  "data": {
    "myAPITokens": {
      "tokens": [APIToken],
      "error": SystemError
    }
  }
}

now

Description

The current server time. Useful to test your ability to query the server.

Stability Level: 3 - Stable

Response

Returns a Time!

Example

Query
query now {
  now
}
Response
{"data": {"now": "10:15:30Z"}}

packageSpecs

Description

Returns the matching package specs. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.

Stability Level: 3 - Stable

Response

Returns a PackageSpecConnection

Arguments
Name Description
after - Cursor

Returns the package specs after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n package specs from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the package specs before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n package specs from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - FieldFilter

Returns only the package specs matching the filter.

Stability Level: 3 - Stable

Example

Query
query packageSpecs(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter
) {
  packageSpecs(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...PackageSpecEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter
}
Response
{
  "data": {
    "packageSpecs": {
      "edges": [PackageSpecEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

packages

Description

Returns the matching packages.

Stability Level: 2 - Legacy Use packageSpecs instead, which has improved pagination and parameter support.

Response

Returns a PackagePagination

Arguments
Name Description
paginationId - String

The ID of the paginated results.

Stability Level: 3 - Stable

page - Int

The page of records to return.

Stability Level: 3 - Stable. Default = 1

perPage - Int

The number of records to return.

Stability Level: 3 - Stable. Default = 100

filterSet - String

The name of the filter set to return.

Stability Level: 3 - Stable

Example

Query
query packages(
  $paginationId: String,
  $page: Int,
  $perPage: Int,
  $filterSet: String
) {
  packages(
    paginationId: $paginationId,
    page: $page,
    perPage: $perPage,
    filterSet: $filterSet
  ) {
    items {
      ...PackageFragment
    }
    pageInfo {
      ...PaginationInfoWithIDFragment
    }
  }
}
Variables
{
  "paginationId": "xyz789",
  "page": 1,
  "perPage": 100,
  "filterSet": "abc123"
}
Response
{
  "data": {
    "packages": {
      "items": [Package],
      "pageInfo": PaginationInfoWithID
    }
  }
}

patchDefinitions

Description

Returns the matching patch definitions.

Use of this field requires the Tanium permission Patch Show.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns a PatchDefinitionConnection!

Arguments
Name Description
filter - PatchDefinitionFieldFilter

Returns only patch definitions matching the filter.

Stability Level: 1.0 - Experimental (Early Development)

after - Cursor

Returns the patch definitions after the given cursor.

Stability Level: 1.0 - Experimental (Early Development)

first - Int

Returns the first n patch definitions from the list.

Stability Level: 1.0 - Experimental (Early Development). Default = 100

before - Cursor

Returns the patch definitions before the given cursor.

Stability Level: 1.0 - Experimental (Early Development)

last - Int

Returns the last n patch definitions from the list.

Stability Level: 1.0 - Experimental (Early Development)

sort - PatchDefinitionFieldSort!

Sorts the patch definitions.

Stability Level: 1.0 - Experimental (Early Development). Default = {field: releaseDate, order: desc}

Example

Query
query patchDefinitions(
  $filter: PatchDefinitionFieldFilter,
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $sort: PatchDefinitionFieldSort!
) {
  patchDefinitions(
    filter: $filter,
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    sort: $sort
  ) {
    edges {
      ...PatchDefinitionEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "filter": PatchDefinitionFieldFilter,
  "after": Cursor,
  "first": 100,
  "before": Cursor,
  "last": 123,
  "sort": {"field": "releaseDate", "order": "desc"}
}
Response
{
  "data": {
    "patchDefinitions": {
      "edges": [PatchDefinitionEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

patchDeployment

Description

Returns the Patch deployment that matches the referenced ID.

Use of this field requires the Tanium permission Patch Deployment - Read.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns a PatchDeployment

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
query patchDeployment($ref: IdRefInput!) {
  patchDeployment(ref: $ref) {
    id
    name
    type
    platform
    contentSet {
      ...IdRefFragment
    }
    description
    contentDeploymentType
    patchLists {
      ...PatchListRefFragment
    }
    patches {
      ...IdRefFragment
    }
    targets {
      ...PatchTargetsFragment
    }
    schedule {
      ...PatchScheduleFragment
    }
    downloadImmediately
    overrideBlocklists
    restart
    notifications {
      ...PatchNotificationsFragment
    }
    author {
      ...TaniumPlatformUserFragment
    }
    createdTime
    updatedTime
    stoppedTime
    status
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "patchDeployment": {
      "id": "4",
      "name": "abc123",
      "type": "INSTALL",
      "platform": "WINDOWS",
      "contentSet": IdRef,
      "description": "xyz789",
      "contentDeploymentType": "MANUAL_SELECTION",
      "patchLists": [PatchListRef],
      "patches": [IdRef],
      "targets": PatchTargets,
      "schedule": PatchSchedule,
      "downloadImmediately": true,
      "overrideBlocklists": false,
      "restart": true,
      "notifications": PatchNotifications,
      "author": TaniumPlatformUser,
      "createdTime": "10:15:30Z",
      "updatedTime": "10:15:30Z",
      "stoppedTime": "10:15:30Z",
      "status": "INACTIVE"
    }
  }
}

relationshipTypes

Description

Returns all configuration item relationship types from the CMDB.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Response

Returns a RelationshipTypeResult

Example

Query
query relationshipTypes {
  relationshipTypes {
    items {
      ...RelationshipTypeFragment
    }
  }
}
Response
{
  "data": {
    "relationshipTypes": {"items": [RelationshipType]}
  }
}

report

Description

Returns the report that matches the referenced ID.

Stability Level: 3 - Stable

Response

Returns a Report

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
query report($ref: IdRefInput!) {
  report(ref: $ref) {
    id
    name
    description
    contentSet {
      ...NamedRefFragment
    }
    labels
    createdTime
    author {
      ...PrincipalFragment
    }
    modifiedTime
    lastModifiedBy {
      ...PrincipalFragment
    }
    moduleName
    favorite
    viewDetails {
      ...ReportViewFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "report": {
      "id": "4",
      "name": "abc123",
      "description": "abc123",
      "contentSet": NamedRef,
      "labels": ["xyz789"],
      "createdTime": "10:15:30Z",
      "author": Principal,
      "modifiedTime": "10:15:30Z",
      "lastModifiedBy": Principal,
      "moduleName": "xyz789",
      "favorite": false,
      "viewDetails": ReportView
    }
  }
}

reportExport

Description

Exports the definition of the identified report. The exported definition can be used with the API Gateway reportImport mutation to recreate the report in a different Tanium environment.

Stability Level: 3 - Stable

Response

Returns a ReportExportPayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
query reportExport($ref: IdRefInput!) {
  reportExport(ref: $ref) {
    reportDefinition
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "reportExport": {
      "reportDefinition": "xyz789"
    }
  }
}

reportResultData

Description

Retrieves data for the specified report, including details of the report definition. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 15 minutes.

Stability Level: 3 - Stable

Response

Returns a ReportResultDataConnection

Arguments
Name Description
id - ID!

The unique identifier of the report to retrieve result data for.

Stability Level: 3 - Stable

after - Cursor

Returns the report result data records after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n report result data records from the list. This defaults to 20 and has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the report result data records before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n report result data records from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

refresh - Cursor

Refreshes the report result data collection identified by the given cursor, if possible. If so, this will invalidate the collection identified by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available.

Stability Level: 3 - Stable

summarize - Boolean!

Summarize the results by combining duplicate rows. Include the count field in the response to retrieve the number of duplicate rows. Set this to true for query requests using this endpoint. The prior behavior of not summarizing results is deprecated.

Stability Level: 3 - Stable. Default = false

Example

Query
query reportResultData(
  $id: ID!,
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $refresh: Cursor,
  $summarize: Boolean!
) {
  reportResultData(
    id: $id,
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    refresh: $refresh,
    summarize: $summarize
  ) {
    viewDetails {
      ...ReportViewFragment
    }
    edges {
      ...ReportResultDataEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
    collectionInfo {
      ...ReportResultDataCollectionInfoFragment
    }
  }
}
Variables
{
  "id": "4",
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "refresh": Cursor,
  "summarize": false
}
Response
{
  "data": {
    "reportResultData": {
      "viewDetails": ReportView,
      "edges": [ReportResultDataEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123,
      "collectionInfo": ReportResultDataCollectionInfo
    }
  }
}

reports

Description

Returns the matching reports.

Stability Level: 3 - Stable

Response

Returns a ReportConnection

Arguments
Name Description
after - Cursor

Returns the reports after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n reports from the list. This defaults to 20 and has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the reports before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n reports from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - ReportFieldFilter

Returns only the reports matching the filter.

Stability Level: 3 - Stable

Example

Query
query reports(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: ReportFieldFilter
) {
  reports(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...ReportEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": ReportFieldFilter
}
Response
{
  "data": {
    "reports": {
      "edges": [ReportEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

scheduledAction

Description

Finds the identified scheduled action.

Stability Level: 3 - Stable

Response

Returns a ScheduledAction

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
query scheduledAction($ref: IdRefInput!) {
  scheduledAction(ref: $ref) {
    id
    targets {
      ...ActionTargetsFragment
    }
    package {
      ...PackageRefFragment
    }
    distributeSeconds
    expireSeconds
    endTime
    issueSeconds
    startTime
    name
    comment
    approved
    issueCount
    lastStartTime
    nextStartTime
    status
    creator {
      ...PrincipalFragment
    }
    approver {
      ...PrincipalFragment
    }
    metadata {
      ...MetadataFragment
    }
    lastAction {
      ...ActionFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "scheduledAction": {
      "id": "4",
      "targets": ActionTargets,
      "package": PackageRef,
      "distributeSeconds": 123,
      "expireSeconds": 123,
      "endTime": "10:15:30Z",
      "issueSeconds": 987,
      "startTime": "10:15:30Z",
      "name": "xyz789",
      "comment": "xyz789",
      "approved": false,
      "issueCount": 987,
      "lastStartTime": "10:15:30Z",
      "nextStartTime": "10:15:30Z",
      "status": "ENABLED",
      "creator": Principal,
      "approver": Principal,
      "metadata": [Metadata],
      "lastAction": Action
    }
  }
}

scheduledActions

Description

Returns the matching scheduled actions. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.

Stability Level: 3 - Stable

Response

Returns a ScheduledActionConnection

Arguments
Name Description
after - Cursor

Returns the scheduled actions after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n scheduled actions from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 20

before - Cursor

Returns the scheduled actions before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n scheduled actions from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - FieldFilter

Returns only the scheduled actions matching the filter. The filter must be either a simple filter or a compound filter with a single set of simple child filters which all must match.

The paths which support filtering include: id, name, comment, package.name, creator.user.name, nextStartTime, lastStartTime, distributeSeconds, expireSeconds, issueSeconds, issueCount, startTime, and endTime.

This filter does not support the any field.

Stability Level: 3 - Stable

Example

Query
query scheduledActions(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter
) {
  scheduledActions(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter
  ) {
    edges {
      ...ScheduledActionEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 20,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter
}
Response
{
  "data": {
    "scheduledActions": {
      "edges": [ScheduledActionEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

sensors

Description

Returns the matching sensors. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.

Stability Level: 3 - Stable

Response

Returns a SensorConnection

Arguments
Name Description
after - Cursor

Returns the sensors after the given cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n sensors from the list. This has a maximum value of 5,000.

Stability Level: 3 - Stable. Default = 2000

before - Cursor

Returns the sensors before the given cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n sensors from the list. This must be given if before is given and has a maximum value of 5,000.

Stability Level: 3 - Stable

filter - FieldFilter

Returns only the sensors matching the filter.

Stability Level: 3 - Stable

includeHidden - Boolean!

Whether to include hidden sensors in the results.

Stability Level: 3 - Stable. Default = false

Example

Query
query sensors(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int,
  $filter: FieldFilter,
  $includeHidden: Boolean!
) {
  sensors(
    after: $after,
    first: $first,
    before: $before,
    last: $last,
    filter: $filter,
    includeHidden: $includeHidden
  ) {
    edges {
      ...SensorEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalRecords
  }
}
Variables
{
  "after": Cursor,
  "first": 2000,
  "before": Cursor,
  "last": 123,
  "filter": FieldFilter,
  "includeHidden": false
}
Response
{
  "data": {
    "sensors": {
      "edges": [SensorEdge],
      "pageInfo": PageInfo,
      "totalRecords": 123
    }
  }
}

softwareDeployment

Description

Returns the details of software package deployments. If you specify a deployment ID, this returns the details of that deployment. If you do not specify a deployment ID, this returns the details of all deployments.

Use of this field requires the Deploy solution.

Stability Level: 3 - Stable

Arguments
Name Description
id - ID

The ID of a software package deployment, such as the ID returned by manageSoftware.

Stability Level: 3 - Stable

Example

Query
query softwareDeployment($id: ID) {
  softwareDeployment(id: $id) {
    ID
    name
    errors {
      ...SoftwareDeploymentErrorCountFragment
    }
    status {
      ...SoftwareDeploymentStatusFragment
    }
  }
}
Variables
{"id": "4"}
Response
{
  "data": {
    "softwareDeployment": [
      {
        "ID": 4,
        "name": "abc123",
        "errors": [SoftwareDeploymentErrorCount],
        "status": SoftwareDeploymentStatus
      }
    ]
  }
}

softwarePackages

Description

Returns the software package catalog from Deploy.

Use of this field requires the Deploy solution.

Stability Level: 3 - Stable

Response

Returns a SoftwarePackageConnection

Arguments
Name Description
after - Cursor

Returns the software packages after the cursor.

Stability Level: 3 - Stable

first - Int

Returns the first n software packages from the list.

Stability Level: 3 - Stable

before - Cursor

Returns the software packages before the cursor.

Stability Level: 3 - Stable

last - Int

Returns the last n software packages from the list.

Stability Level: 3 - Stable

Example

Query
query softwarePackages(
  $after: Cursor,
  $first: Int,
  $before: Cursor,
  $last: Int
) {
  softwarePackages(
    after: $after,
    first: $first,
    before: $before,
    last: $last
  ) {
    edges {
      ...SoftwarePackageEdgeFragment
    }
    pageInfo {
      ...PageInfoFragment
    }
    totalCount
  }
}
Variables
{
  "after": Cursor,
  "first": 123,
  "before": Cursor,
  "last": 123
}
Response
{
  "data": {
    "softwarePackages": {
      "edges": [SoftwarePackageEdge],
      "pageInfo": PageInfo,
      "totalCount": 123
    }
  }
}

Mutations

actionCreate

Description

Creates an action.

Stability Level: 3 - Stable

Response

Returns an ActionCreatePayload!

Arguments
Name Description
input - ActionCreateInput! Stability Level: 3 - Stable

Example

Query
mutation actionCreate($input: ActionCreateInput!) {
  actionCreate(input: $input) {
    action {
      ...ActionFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ActionCreateInput}
Response
{
  "data": {
    "actionCreate": {
      "action": Action,
      "error": SystemError
    }
  }
}

actionGroupCreate

Description

Creates an action group from the given input.

Stability Level: 3 - Stable

Response

Returns an ActionGroupCreatePayload!

Arguments
Name Description
input - ActionGroupCreateInput! Stability Level: 3 - Stable

Example

Query
mutation actionGroupCreate($input: ActionGroupCreateInput!) {
  actionGroupCreate(input: $input) {
    group {
      ...ActionGroupFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ActionGroupCreateInput}
Response
{
  "data": {
    "actionGroupCreate": {
      "group": ActionGroup,
      "error": SystemError
    }
  }
}

actionGroupDelete

Description

Deletes an action group with the given input.

Stability Level: 3 - Stable

Response

Returns an ActionGroupDeletePayload!

Arguments
Name Description
ref - NamedRefInput! Stability Level: 3 - Stable

Example

Query
mutation actionGroupDelete($ref: NamedRefInput!) {
  actionGroupDelete(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": NamedRefInput}
Response
{
  "data": {
    "actionGroupDelete": {
      "id": "4",
      "error": SystemError
    }
  }
}

actionPerform

Description

Creates the actions or scheduled actions necessary to perform the request. This can run a specific package or a registered operation.

Stability Level: 3 - Stable

Response

Returns an ActionPerformPayload!

Arguments
Name Description
input - ActionPerformInput! Stability Level: 3 - Stable

Example

Query
mutation actionPerform($input: ActionPerformInput!) {
  actionPerform(input: $input) {
    scheduledActions {
      ...ActionPerformPlatformFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ActionPerformInput}
Response
{
  "data": {
    "actionPerform": {
      "scheduledActions": [ActionPerformPlatform],
      "error": SystemError
    }
  }
}

actionStop

Description

Stops an action in progress.

Stability Level: 3 - Stable

Response

Returns an ActionStopPayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
mutation actionStop($ref: IdRefInput!) {
  actionStop(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "actionStop": {
      "id": "4",
      "error": SystemError
    }
  }
}

apiTokenGrant

Description

Creates an API token for the current user.

If you specify a persona, the created token uses the persona's permissions.

Stability Level: 3 - Stable

Response

Returns an APITokenGrantPayload!

Arguments
Name Description
input - APITokenGrantInput! Stability Level: 3 - Stable

Example

Query
mutation apiTokenGrant($input: APITokenGrantInput!) {
  apiTokenGrant(input: $input) {
    token {
      ...APITokenFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": APITokenGrantInput}
Response
{
  "data": {
    "apiTokenGrant": {
      "token": APIToken,
      "error": SystemError
    }
  }
}

apiTokenRevoke

Description

Deletes the API token with the specified ID.

Stability Level: 3 - Stable

Response

Returns an APITokenRevokePayload!

Arguments
Name Description
input - APITokenRevokeInput! Stability Level: 3 - Stable

Example

Query
mutation apiTokenRevoke($input: APITokenRevokeInput!) {
  apiTokenRevoke(input: $input) {
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": APITokenRevokeInput}
Response
{"data": {"apiTokenRevoke": {"error": SystemError}}}

apiTokenRotate

Description

Rotates the API token with the specified token string.

The new API token maintains applicable properties of the original API token, including persona, trusted IP addresses and notes.

Stability Level: 3 - Stable

Response

Returns an APITokenRotatePayload!

Arguments
Name Description
input - APITokenRotateInput! Stability Level: 3 - Stable

Example

Query
mutation apiTokenRotate($input: APITokenRotateInput!) {
  apiTokenRotate(input: $input) {
    token {
      ...APITokenFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": APITokenRotateInput}
Response
{
  "data": {
    "apiTokenRotate": {
      "token": APIToken,
      "error": SystemError
    }
  }
}

assetProducts

Description

Changes product usage gathering metrics

Use of this field requires the Tanium permission asset api user write.

Stability Level: 3 - Stable

Response

Returns an AssetProductsPayload

Arguments
Name Description
input - [AssetProductsInput!]! Stability Level: 3 - Stable

Example

Query
mutation assetProducts($input: [AssetProductsInput!]!) {
  assetProducts(input: $input) {
    products {
      ...AssetProductsResultFragment
    }
  }
}
Variables
{"input": [AssetProductsInput]}
Response
{
  "data": {
    "assetProducts": {"products": [AssetProductsResult]}
  }
}

assetsImport

Description

Creates or updates assets for the Asset solution.

Use of this field requires the Tanium permission asset api user write.

Stability Level: 3 - Stable

Response

Returns an AssetsImportPayload!

Arguments
Name Description
input - AssetsImportInput! Stability Level: 3 - Stable

Example

Query
mutation assetsImport($input: AssetsImportInput!) {
  assetsImport(input: $input) {
    assets {
      ...AssetImportPayloadFragment
    }
  }
}
Variables
{"input": AssetsImportInput}
Response
{
  "data": {
    "assetsImport": {"assets": [AssetImportPayload]}
  }
}

closeDirectConnection

Description

Closes an open Direct Connect connection.

The input requires a direct endpoint connection opened using openDirectConnection.

Use of this field requires the Direct Connect solution.

Stability Level: 2 - Legacy Use directConnectClose instead. The directConnect APIs provide better support for tracking connections that take longer to establish.

Response

Returns a CloseDirectConnectionPayload!

Arguments
Name Description
input - CloseDirectConnectionInput! Stability Level: 3 - Stable

Example

Query
mutation closeDirectConnection($input: CloseDirectConnectionInput!) {
  closeDirectConnection(input: $input) {
    result
  }
}
Variables
{"input": CloseDirectConnectionInput}
Response
{"data": {"closeDirectConnection": {"result": false}}}

computerGroupCreate

Description

Creates a standard computer group from the given input.

Stability Level: 3 - Stable

Response

Returns a ComputerGroupCreatePayload!

Arguments
Name Description
input - ComputerGroupCreateInput! Stability Level: 3 - Stable

Example

Query
mutation computerGroupCreate($input: ComputerGroupCreateInput!) {
  computerGroupCreate(input: $input) {
    group {
      ...ComputerGroupFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ComputerGroupCreateInput}
Response
{
  "data": {
    "computerGroupCreate": {
      "group": ComputerGroup,
      "error": SystemError
    }
  }
}

computerGroupDelete

Description

Deletes a computer group with the given input.

Stability Level: 3 - Stable

Response

Returns a ComputerGroupDeletePayload!

Arguments
Name Description
ref - NamedRefInput! Stability Level: 3 - Stable

Example

Query
mutation computerGroupDelete($ref: NamedRefInput!) {
  computerGroupDelete(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": NamedRefInput}
Response
{
  "data": {
    "computerGroupDelete": {"id": 4, "error": SystemError}
  }
}

connectConnectionStart

Description

Starts a connection run.

Use of this field requires the Tanium permission Connect - Run.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectConnectionStartPayload!

Arguments
Name Description
input - ConnectConnectionStartInput! Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
mutation connectConnectionStart($input: ConnectConnectionStartInput!) {
  connectConnectionStart(input: $input) {
    run {
      ...ConnectRunFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ConnectConnectionStartInput}
Response
{
  "data": {
    "connectConnectionStart": {
      "run": ConnectRun,
      "error": SystemError
    }
  }
}

connectConnectionStop

Description

Stops an in-progress connection run. This has no effect on connection runs that are not in progress.

Use of this field requires the Tanium permission Connect - Run.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ConnectConnectionStopPayload!

Arguments
Name Description
input - ConnectConnectionStopInput! Stability Level: 1.2 - Experimental (Release Candidate)

Example

Query
mutation connectConnectionStop($input: ConnectConnectionStopInput!) {
  connectConnectionStop(input: $input) {
    run {
      ...ConnectRunFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ConnectConnectionStopInput}
Response
{
  "data": {
    "connectConnectionStop": {
      "run": ConnectRun,
      "error": SystemError
    }
  }
}

deleteConfigurationItemElement

Description

Deletes the specified configuration item elements. Only customer-supplied elements can be deleted.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
input - DeleteConfigurationItemElementInput! Stability Level: 3 - Stable

Example

Query
mutation deleteConfigurationItemElement($input: DeleteConfigurationItemElementInput!) {
  deleteConfigurationItemElement(input: $input) {
    error
  }
}
Variables
{"input": DeleteConfigurationItemElementInput}
Response
{
  "data": {
    "deleteConfigurationItemElement": {
      "error": "abc123"
    }
  }
}

deleteRelationship

Description

Deletes the specified relationships.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Response

Returns a RelationshipResult

Arguments
Name Description
relationships - DeleteRelationshipInput Stability Level: 3 - Stable

Example

Query
mutation deleteRelationship($relationships: DeleteRelationshipInput) {
  deleteRelationship(relationships: $relationships) {
    items {
      ...RelationshipFragment
    }
  }
}
Variables
{"relationships": DeleteRelationshipInput}
Response
{
  "data": {
    "deleteRelationship": {"items": [Relationship]}
  }
}

directConnectClose

Description

Closes an open Direct Connect connection.

The input requires a direct endpoint connection opened using directConnectOpen.

Use of this field requires the Direct Connect solution.

Use of this field requires the Tanium permission Direct Connect Session Write.

Stability Level: 3 - Stable

Response

Returns a DirectConnectClosePayload!

Arguments
Name Description
input - DirectConnectCloseInput! Stability Level: 3 - Stable

Example

Query
mutation directConnectClose($input: DirectConnectCloseInput!) {
  directConnectClose(input: $input) {
    result
  }
}
Variables
{"input": DirectConnectCloseInput}
Response
{"data": {"directConnectClose": {"result": true}}}

directConnectOpen

Description

Initiates a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.

A response will be returned within 25 seconds. If the connection has not been successfully established within that time frame, you can use the directConnectConnectionStatus query with the returned connection ID to poll for readiness.

An open connection is closed after 5 minutes of inactivity.

Connections opened with directConnectOpen are compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.

Connections opened with directConnectOpen are not compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.

Use of this field requires the Direct Connect solution.

Use of this field requires the Tanium permission Direct Connect Session Write.

Stability Level: 3 - Stable

Response

Returns a DirectConnectOpenPayload!

Arguments
Name Description
input - DirectConnectOpenInput! Stability Level: 3 - Stable

Example

Query
mutation directConnectOpen($input: DirectConnectOpenInput!) {
  directConnectOpen(input: $input) {
    connectionID
    status
  }
}
Variables
{"input": DirectConnectOpenInput}
Response
{
  "data": {
    "directConnectOpen": {
      "connectionID": "4",
      "status": "UNKNOWN"
    }
  }
}

directConnectPing

Description

Performs a ping to an endpoint using an open Direct Connect connection.

The input requires a direct endpoint connection opened using directConnectOpen.

Use of this field requires the Direct Connect solution.

Use of this field requires the Tanium permission Direct Connect Session Write.

Stability Level: 3 - Stable

Response

Returns a DirectConnectPingPayload!

Arguments
Name Description
input - DirectConnectPingInput! Stability Level: 3 - Stable

Example

Query
mutation directConnectPing($input: DirectConnectPingInput!) {
  directConnectPing(input: $input) {
    result
  }
}
Variables
{"input": DirectConnectPingInput}
Response
{"data": {"directConnectPing": {"result": false}}}

directConnectProcessTerminate

Description

Terminates the specified process on an endpoint using an open Direct Connect connection.

The input requires a direct endpoint connection opened using directConnectOpen.

Use of this field requires the Direct Connect, Performance solutions.

Use of this field requires the Tanium permission Performance Kill Process.

Stability Level: 3 - Stable

Arguments
Name Description
input - DirectConnectProcessTerminateInput! Stability Level: 3 - Stable

Example

Query
mutation directConnectProcessTerminate($input: DirectConnectProcessTerminateInput!) {
  directConnectProcessTerminate(input: $input) {
    result
  }
}
Variables
{"input": DirectConnectProcessTerminateInput}
Response
{"data": {"directConnectProcessTerminate": {"result": true}}}

discoverInterfaceAddLabel

Description

Adds standard labels to specific Discover interfaces.

Use of this field requires the Tanium permission Discover Tag - Write.

Stability Level: 1.1 - Experimental (Active Development)

Arguments
Name Description
input - DiscoverInterfaceAddLabelInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
mutation discoverInterfaceAddLabel($input: DiscoverInterfaceAddLabelInput!) {
  discoverInterfaceAddLabel(input: $input) {
    cursor
    success
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": DiscoverInterfaceAddLabelInput}
Response
{
  "data": {
    "discoverInterfaceAddLabel": {
      "cursor": Cursor,
      "success": true,
      "error": SystemError
    }
  }
}

discoverInterfaceRemoveLabel

Description

Removes standard labels from specific Discover interfaces.

Use of this field requires the Tanium permission Discover Tag - Write.

Stability Level: 1.1 - Experimental (Active Development)

Arguments
Name Description
input - DiscoverInterfaceRemoveLabelInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
mutation discoverInterfaceRemoveLabel($input: DiscoverInterfaceRemoveLabelInput!) {
  discoverInterfaceRemoveLabel(input: $input) {
    cursor
    success
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": DiscoverInterfaceRemoveLabelInput}
Response
{
  "data": {
    "discoverInterfaceRemoveLabel": {
      "cursor": Cursor,
      "success": false,
      "error": SystemError
    }
  }
}

discoverLabelCreate

Description

Creates a Discover label from the given input.

Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write.

Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverLabelCreatePayload!

Arguments
Name Description
input - DiscoverLabelCreateInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
mutation discoverLabelCreate($input: DiscoverLabelCreateInput!) {
  discoverLabelCreate(input: $input) {
    label {
      ...DiscoverLabelFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": DiscoverLabelCreateInput}
Response
{
  "data": {
    "discoverLabelCreate": {
      "label": DiscoverLabel,
      "error": SystemError
    }
  }
}

discoverLabelDelete

Description

Deletes a Discover label with the given input.

Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write.

Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.

Stability Level: 1.1 - Experimental (Active Development)

Response

Returns a DiscoverLabelDeletePayload!

Arguments
Name Description
ref - NamedOnlyRefInput! Stability Level: 1.1 - Experimental (Active Development)

Example

Query
mutation discoverLabelDelete($ref: NamedOnlyRefInput!) {
  discoverLabelDelete(ref: $ref) {
    name
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
  "data": {
    "discoverLabelDelete": {
      "name": "abc123",
      "error": SystemError
    }
  }
}

emailSend

Description

Submits a request to the Tanium Email service to send an email using a selected email server.

Use of this field requires the Email solution.

Use of this field requires the Tanium permission Email Send.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns an EmailSendPayload!

Arguments
Name Description
input - EmailSendInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
mutation emailSend($input: EmailSendInput!) {
  emailSend(input: $input) {
    queuedTime
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": EmailSendInput}
Response
{
  "data": {
    "emailSend": {
      "queuedTime": "10:15:30Z",
      "error": SystemError
    }
  }
}

importConfigurationItemEntities

Description

Imports the specified entities. If an id is specified, the existing entity matching that id is updated. If no id is specified, a new entity is created.

You can specify a maximum of 100 entities. The request fails if you exceed 100 entities. The response returns entities in the same order as specified in the input. Entities that fail to import have an errorMessage.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
input - [EntityInput!]! Stability Level: 3 - Stable

Example

Query
mutation importConfigurationItemEntities($input: [EntityInput!]!) {
  importConfigurationItemEntities(input: $input) {
    entities {
      ...ImportConfigurationItemEntityPayloadFragment
    }
    importedCount
    failedCount
  }
}
Variables
{"input": [EntityInput]}
Response
{
  "data": {
    "importConfigurationItemEntities": {
      "entities": [ImportConfigurationItemEntityPayload],
      "importedCount": 123,
      "failedCount": 123
    }
  }
}

killProcess

Description

Terminates the specified process on an endpoint using a Direct Connect connection.

The input requires a direct endpoint connection opened using openDirectConnection.

Use of this field requires the Direct Connect solution.

Stability Level: 2 - Legacy Use directConnectProcessTerminate instead. The directConnect APIs provide better support for tracking connections that take longer to establish.

Response

Returns a KillProcessPayload!

Arguments
Name Description
input - KillProcessInput! Stability Level: 3 - Stable

Example

Query
mutation killProcess($input: KillProcessInput!) {
  killProcess(input: $input) {
    result
  }
}
Variables
{"input": KillProcessInput}
Response
{"data": {"killProcess": {"result": true}}}

manageSoftware

Description

Creates a new Deploy software package deployment to install, update, or remove a software package.

Use of this field requires the Deploy solution.

Stability Level: 3 - Stable

Response

Returns a SoftwareDeploymentDetails!

Arguments
Name Description
operation - SoftwareOperation!

The operation to perform.

Stability Level: 3 - Stable

softwarePackageID - ID!

The ID of the software package in Deploy.

Stability Level: 3 - Stable

target - SoftwareTarget

The endpoints on which to perform the operation.

Stability Level: 3 - Stable

start - Time!

The date and time at which the operation runs on the endpoints.

Stability Level: 3 - Stable

end - Time!

The date and time after which endpoints will not run the operation. Operations that started might continue running after this time.

Stability Level: 3 - Stable

description - String

A description of the operation.

Stability Level: 3 - Stable

Example

Query
mutation manageSoftware(
  $operation: SoftwareOperation!,
  $softwarePackageID: ID!,
  $target: SoftwareTarget,
  $start: Time!,
  $end: Time!,
  $description: String
) {
  manageSoftware(
    operation: $operation,
    softwarePackageID: $softwarePackageID,
    target: $target,
    start: $start,
    end: $end,
    description: $description
  ) {
    ID
    name
    errors {
      ...SoftwareDeploymentErrorCountFragment
    }
    status {
      ...SoftwareDeploymentStatusFragment
    }
  }
}
Variables
{
  "operation": "INSTALL",
  "softwarePackageID": "4",
  "target": SoftwareTarget,
  "start": "10:15:30Z",
  "end": "10:15:30Z",
  "description": "xyz789"
}
Response
{
  "data": {
    "manageSoftware": {
      "ID": 4,
      "name": "xyz789",
      "errors": [SoftwareDeploymentErrorCount],
      "status": SoftwareDeploymentStatus
    }
  }
}

mergeConfigurationItemElements

Description

Merges two configuration item elements. The target element must be private if the duplicate element is private. The two elements must inherit from the same class. The target element must be in the category of "ManagedEndpoint" or "UnmanagedEndpoint". The duplicate element must be in the category of "UnmanagedEndpoint" or "CustomerItem". If the duplicate element category is "UnmanagedEndpoint", it must have a namespace of "unmanaged_user_specified". Comments, details, and the relationships are copied. Duplicate relationships or inverse relationships are deleted. The duplicate element is deleted.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
input - MergeConfigurationItemElementsInput! Stability Level: 3 - Stable

Example

Query
mutation mergeConfigurationItemElements($input: MergeConfigurationItemElementsInput!) {
  mergeConfigurationItemElements(input: $input) {
    element {
      ...ElementFragment
    }
  }
}
Variables
{"input": MergeConfigurationItemElementsInput}
Response
{
  "data": {
    "mergeConfigurationItemElements": {"element": Element}
  }
}

openDirectConnection

Description

Establishes a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.

The connection is closed after 2 minutes of inactivity.

Connections opened with openDirectConnection are compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.

Connections opened with openDirectConnection are not compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.

Use of this field requires the Direct Connect solution.

Stability Level: 2 - Legacy Use directConnectOpen instead. The directConnect APIs provide better support for tracking connections that take longer to establish.

Response

Returns an OpenDirectConnectionPayload!

Arguments
Name Description
input - OpenDirectConnectionInput! Stability Level: 3 - Stable

Example

Query
mutation openDirectConnection($input: OpenDirectConnectionInput!) {
  openDirectConnection(input: $input) {
    connectionID
  }
}
Variables
{"input": OpenDirectConnectionInput}
Response
{"data": {"openDirectConnection": {"connectionID": 4}}}

patchCreateDeployment

Description

Creates a Patch deployment.

Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns a PatchCreateDeploymentPayload!

Arguments
Name Description
input - PatchCreateDeploymentInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
mutation patchCreateDeployment($input: PatchCreateDeploymentInput!) {
  patchCreateDeployment(input: $input) {
    deployment {
      ...PatchDeploymentFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": PatchCreateDeploymentInput}
Response
{
  "data": {
    "patchCreateDeployment": {
      "deployment": PatchDeployment,
      "error": SystemError
    }
  }
}

patchStopDeployment

Description

Stops the in-progress Patch deployment that matches the reference ID, or prevents the future-scheduled Patch deployment that matches the reference ID from starting at the start time. This has no effect on finished deployments.

Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write.

Stability Level: 1.0 - Experimental (Early Development)

Response

Returns a PatchStopDeploymentPayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 1.0 - Experimental (Early Development)

Example

Query
mutation patchStopDeployment($ref: IdRefInput!) {
  patchStopDeployment(ref: $ref) {
    deployment {
      ...PatchDeploymentFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "patchStopDeployment": {
      "deployment": PatchDeployment,
      "error": SystemError
    }
  }
}

ping

Description

Returns true. Useful to test your ability to issue commands to the server.

Stability Level: 3 - Stable

Response

Returns a Boolean!

Example

Query
mutation ping {
  ping
}
Response
{"data": {"ping": false}}

pingDirectConnection

Description

Performs a ping to an endpoint using a Direct Connect connection.

The input requires a direct endpoint connection opened using openDirectConnection.

Use of this field requires the Direct Connect solution.

Stability Level: 2 - Legacy Use directConnectPing instead. The directConnect APIs provide better support for tracking connections that take longer to establish.

Response

Returns a PingDirectConnectionPayload!

Arguments
Name Description
input - PingDirectConnectionInput! Stability Level: 3 - Stable

Example

Query
mutation pingDirectConnection($input: PingDirectConnectionInput!) {
  pingDirectConnection(input: $input) {
    result
  }
}
Variables
{"input": PingDirectConnectionInput}
Response
{"data": {"pingDirectConnection": {"result": false}}}

reportDelete

Description

Deletes a report.

Use of this field requires the Tanium permission Report Write.

Stability Level: 1.2 - Experimental (Release Candidate)

Response

Returns a ReportDeletePayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
mutation reportDelete($ref: IdRefInput!) {
  reportDelete(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "reportDelete": {"id": 4, "error": SystemError}
  }
}

reportImport

Description

Imports a report definition that was previously exported using the API Gateway reportExport query.

Stability Level: 3 - Stable

Response

Returns a ReportImportPayload!

Arguments
Name Description
input - ReportImportInput! Stability Level: 3 - Stable

Example

Query
mutation reportImport($input: ReportImportInput!) {
  reportImport(input: $input) {
    report {
      ...ReportFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ReportImportInput}
Response
{
  "data": {
    "reportImport": {
      "report": Report,
      "error": SystemError
    }
  }
}

reportingDashboardDelete

Description

Deletes a Reporting dashboard.

Use of this field requires the Tanium permission Dashboard Write.

Stability Level: 1.1 - Experimental (Active Development)

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
mutation reportingDashboardDelete($ref: IdRefInput!) {
  reportingDashboardDelete(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "reportingDashboardDelete": {
      "id": "4",
      "error": SystemError
    }
  }
}

scheduledActionApprove

Description

Approves a pending scheduled action.

Stability Level: 3 - Stable

Response

Returns a ScheduledActionApprovePayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
mutation scheduledActionApprove($ref: IdRefInput!) {
  scheduledActionApprove(ref: $ref) {
    id
    approved
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "scheduledActionApprove": {
      "id": "4",
      "approved": false,
      "error": SystemError
    }
  }
}

scheduledActionCreate

Description

Creates a scheduled action.

Stability Level: 3 - Stable

Response

Returns a ScheduledActionCreatePayload!

Arguments
Name Description
input - ScheduledActionCreateInput! Stability Level: 3 - Stable

Example

Query
mutation scheduledActionCreate($input: ScheduledActionCreateInput!) {
  scheduledActionCreate(input: $input) {
    scheduledAction {
      ...ScheduledActionFragment
    }
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": ScheduledActionCreateInput}
Response
{
  "data": {
    "scheduledActionCreate": {
      "scheduledAction": ScheduledAction,
      "error": SystemError
    }
  }
}

scheduledActionDelete

Description

Deletes a scheduled action.

Stability Level: 3 - Stable

Response

Returns a ScheduledActionDeletePayload!

Arguments
Name Description
ref - IdRefInput! Stability Level: 3 - Stable

Example

Query
mutation scheduledActionDelete($ref: IdRefInput!) {
  scheduledActionDelete(ref: $ref) {
    id
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": IdRefInput}
Response
{
  "data": {
    "scheduledActionDelete": {
      "id": "4",
      "error": SystemError
    }
  }
}

sensorHarvest

Description

Manages the registration of a sensor for harvest by TDS.

Note that when registering a sensor for harvest, the system must verify that the sensor is valid for harvest. This analysis may take several minutes. To accommodate this, the response may contain a cursor instead of a success or an error. When a response contains a cursor, the caller must call the mutation again with the cursor added to the input in order to poll for the terminal response.

It is not necessary to poll for the terminal response in order for a harvest to be successful, but it is not guaranteed that a harvest is successful unless the caller obtains a terminal successful response.

Stability Level: 3 - Stable

Response

Returns a SensorHarvestPayload!

Arguments
Name Description
input - SensorHarvestInput! Stability Level: 3 - Stable

Example

Query
mutation sensorHarvest($input: SensorHarvestInput!) {
  sensorHarvest(input: $input) {
    cursor
    success
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"input": SensorHarvestInput}
Response
{
  "data": {
    "sensorHarvest": {
      "cursor": Cursor,
      "success": false,
      "error": SystemError
    }
  }
}

syncAssets

Description

Synchronizes assets from TDS.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Response

Returns a SyncAssetResult

Example

Query
mutation syncAssets {
  syncAssets {
    success
  }
}
Response
{"data": {"syncAssets": {"success": false}}}

threatResponseAlertResolve

Description

Resolves the identified Threat Response alert.

Use of this field requires the Threat Response solution.

Stability Level: 3 - Stable

Arguments
Name Description
ref - ThreatResponseAlertRef! Stability Level: 3 - Stable

Example

Query
mutation threatResponseAlertResolve($ref: ThreatResponseAlertRef!) {
  threatResponseAlertResolve(ref: $ref) {
    resolved
    guid
    error {
      ...SystemErrorFragment
    }
  }
}
Variables
{"ref": ThreatResponseAlertRef}
Response
{
  "data": {
    "threatResponseAlertResolve": {
      "resolved": true,
      "guid": 4,
      "error": SystemError
    }
  }
}

updateConfigurationItemProperties

Description

Updates properties related to configuration items.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Arguments
Name Description
input - UpdateConfigurationItemPropertiesInput! Stability Level: 3 - Stable

Example

Query
mutation updateConfigurationItemProperties($input: UpdateConfigurationItemPropertiesInput!) {
  updateConfigurationItemProperties(input: $input) {
    userSpecifiedAssetsMaxAge
  }
}
Variables
{"input": UpdateConfigurationItemPropertiesInput}
Response
{
  "data": {
    "updateConfigurationItemProperties": {"userSpecifiedAssetsMaxAge": 987}
  }
}

upsertRelationship

Description

Creates or updates relationships between configuration items within the CMDB. Returns the created or updated relationships.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Response

Returns a RelationshipResult

Arguments
Name Description
payload - [RelationshipPayload]! Stability Level: 3 - Stable

Example

Query
mutation upsertRelationship($payload: [RelationshipPayload]!) {
  upsertRelationship(payload: $payload) {
    items {
      ...RelationshipFragment
    }
  }
}
Variables
{"payload": [RelationshipPayload]}
Response
{
  "data": {
    "upsertRelationship": {"items": [Relationship]}
  }
}

Types

APIToken

Description

An authentication token that a user can use to make requests.

Fields
Field Name Description
id - ID!

The unique identifier of the API token.

Stability Level: 3 - Stable

tokenString - String

The API token string value.

This response field contains the string value only when the request creates or rotates a token, and otherwise does not contain a value.

Stability Level: 3 - Stable

trustedIPAddresses - [String!]!

The list of trusted IP addresses in CIDR format that can use the API token.

Examples: 92.0.2.0/24, 198.51.100.10

Stability Level: 3 - Stable

notes - String!

The notes for the API token.

Stability Level: 3 - Stable

persona - Persona

The persona associated with the API token.

Stability Level: 3 - Stable

expiration - Time!

The time at which the API token expires and is no longer valid.

Stability Level: 3 - Stable

lastUsed - Time!

The time at which the API token was last used.

Stability Level: 3 - Stable

created - Time!

The time at which the token was created.

Stability Level: 3 - Stable

Example
{
  "id": "4",
  "tokenString": "xyz789",
  "trustedIPAddresses": ["xyz789"],
  "notes": "abc123",
  "persona": Persona,
  "expiration": "10:15:30Z",
  "lastUsed": "10:15:30Z",
  "created": "10:15:30Z"
}

APITokenGrantInput

Description

A request to create an API token for the current user.

Fields
Input Field Description
trustedIPAddresses - [String!]!

The list of trusted IP addresses in CIDR format that can use the API token.

Examples: 92.0.2.0/24, 198.51.100.10

Stability Level: 3 - Stable

expiresInDays - Int

The number of days before the API token expires.

Stability Level: 3 - Stable

personaName - String

The persona associated with the API token.

Stability Level: 3 - Stable

notes - String

The notes for the usage of the API token.

Stability Level: 3 - Stable

Example
{
  "trustedIPAddresses": ["abc123"],
  "expiresInDays": 123,
  "personaName": "xyz789",
  "notes": "xyz789"
}

APITokenGrantPayload

Description

A response to a request to create an API token.

Fields
Field Name Description
token - APIToken

The token created by the request.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "token": APIToken,
  "error": SystemError
}

APITokenQueryPayload

Description

A response to a request to query API tokens.

Fields
Field Name Description
tokens - [APIToken!]

API tokens returned by the request.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "tokens": [APIToken],
  "error": SystemError
}

APITokenRevokeInput

Description

A request to revoke an API token.

Fields
Input Field Description
id - ID!

The unique identifier of the API token to revoke.

Stability Level: 3 - Stable

Example
{"id": "4"}

APITokenRevokePayload

Description

A response to a request to revoke an API token.

Fields
Field Name Description
error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{"error": SystemError}

APITokenRotateInput

Description

A request to create an API token for the current user.

Fields
Input Field Description
tokenString - String!

The token string of the API token to rotate.

Stability Level: 3 - Stable

Example
{"tokenString": "abc123"}

APITokenRotatePayload

Description

A response to a request to rotate an API token.

Fields
Field Name Description
token - APIToken

The token created by the request.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "token": APIToken,
  "error": SystemError
}

Action

Description

An action.

Fields
Field Name Description
id - ID!

The ID of the action.

Stability Level: 3 - Stable

name - String!

The name of the action.

Stability Level: 3 - Stable

comment - String!

A short description of the action.

Stability Level: 3 - Stable

expireSeconds - Int

The time for which the action is active.

Stability Level: 3 - Stable

creationTime - Time

The time at which the action was created.

Stability Level: 3 - Stable

startTime - Time

The time at which the action started.

Stability Level: 3 - Stable

expirationTime - Time

The time at which the action expired.

Stability Level: 3 - Stable

distributeSeconds - Int

The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption.

Stability Level: 3 - Stable

status - ActionStatus

The status of the action.

Stability Level: 3 - Stable

stoppedFlag - Boolean

Indicates the action is stopped.

Stability Level: 3 - Stable

targets - ActionTargets!

The endpoints on which the action runs.

Stability Level: 3 - Stable

package - PackageRef!

The package containing the action script and any other files.

Stability Level: 3 - Stable

scheduledAction - ScheduledAction

The scheduled action that created this action.

Stability Level: 3 - Stable

stopped - Boolean!

Indicates the action is stopped.

Stability Level: 3 - Stable

creator - Principal!

The action's creator.

Stability Level: 3 - Stable

approver - Principal

The action's approver, if any.

Stability Level: 3 - Stable

metadata - [Metadata!]!

The Tanium server metadata about the action.

Stability Level: 3 - Stable

results - ActionResults!

The results of running the action.

Stability Level: 3 - Stable

Example
{
  "id": 4,
  "name": "abc123",
  "comment": "abc123",
  "expireSeconds": 987,
  "creationTime": "10:15:30Z",
  "startTime": "10:15:30Z",
  "expirationTime": "10:15:30Z",
  "distributeSeconds": 123,
  "status": "OPEN",
  "stoppedFlag": true,
  "targets": ActionTargets,
  "package": PackageRef,
  "scheduledAction": ScheduledAction,
  "stopped": true,
  "creator": Principal,
  "approver": Principal,
  "metadata": [Metadata],
  "results": ActionResults
}

ActionActionGroupInput

Description

Identifies an existing action group.

Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the action group, and the name is ignored.

Fields
Input Field Description
id - ID

The ID of the action group.

Stability Level: 3 - Stable

name - String

The name of the action group.

Stability Level: 3 - Stable

Example
{"id": 4, "name": "xyz789"}

ActionConnection

Description

A page of action edges.

Fields
Field Name Description
edges - [ActionEdge!]!

The list of action edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about the action collection.

Stability Level: 3 - Stable

totalRecords - Int!

The total number of action records available.

Stability Level: 3 - Stable

Example
{
  "edges": [ActionEdge],
  "pageInfo": PageInfo,
  "totalRecords": 123
}

ActionCreateInput

Description

A request to create an action.

Fields
Input Field Description
targets - ActionTargetsInput!

The endpoints on which the action runs.

Stability Level: 3 - Stable

package - PackageRefInput!

The package containing the action script and any other files.

Stability Level: 3 - Stable

schedule - ActionScheduleInput

The schedule on which the action runs. By default, the action runs immediately.

Stability Level: 3 - Stable

name - String

The action name. Note that actions are not required to have unique names.

Stability Level: 3 - Stable

comment - String

A short description.

Stability Level: 3 - Stable

Example
{
  "targets": ActionTargetsInput,
  "package": PackageRefInput,
  "schedule": ActionScheduleInput,
  "name": "abc123",
  "comment": "abc123"
}

ActionCreatePayload

Description

The result of creating an action.

Fields
Field Name Description
action - Action

The newly created action.

Stability Level: 3 - Stable

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "action": Action,
  "error": SystemError
}

ActionEdge

Description

An action within a page.

Fields
Field Name Description
node - Action!

The action.

Stability Level: 3 - Stable

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

Example
{"node": Action, "cursor": Cursor}

ActionGroup

Description

Defines which endpoints are the targets for actions.

Fields
Field Name Description
id - ID!

The unique identifier of the action group.

Stability Level: 3 - Stable

name - String!

The assigned name of the action group.

Stability Level: 3 - Stable

visibility - ActionGroupVisibility!

Defines which visibility setting to use.

Stability Level: 3 - Stable

userGroups - [NamedRef!]

Defines which user groups can see the action group.

This applies only when visibility is set to USER_GROUPS.

Stability Level: 3 - Stable

computerGroups - [ComputerGroup!]!

The set of computer groups that the action group targets.

Stability Level: 3 - Stable

any - Boolean!

Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups.

Stability Level: 3 - Stable

Example
{
  "id": 4,
  "name": "abc123",
  "visibility": "ADMIN",
  "userGroups": [NamedRef],
  "computerGroups": [ComputerGroup],
  "any": false
}

ActionGroupConnection

Description

A page of action group edges.

Fields
Field Name Description
edges - [ActionGroupEdge!]!

The list of action group edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about the action group collection.

Stability Level: 3 - Stable

totalRecords - Int!

The total number of action group records available.

Stability Level: 3 - Stable

Example
{
  "edges": [ActionGroupEdge],
  "pageInfo": PageInfo,
  "totalRecords": 987
}

ActionGroupCreateInput

Description

Creates an action group from the given input.

Fields
Input Field Description
name - String!

The assigned name of the action group.

Stability Level: 3 - Stable

visibility - ActionGroupVisibility!

Defines which visibility setting to use.

Stability Level: 3 - Stable

userGroups - [NamedRefInput!]

Defines which user groups can see the action group.

This applies only when visibility is set to USER_GROUPS.

Stability Level: 3 - Stable

computerGroups - [NamedRefInput!]!

The set of computer groups that the action group targets.

Stability Level: 3 - Stable

any - Boolean!

Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups.

Stability Level: 3 - Stable

Example
{
  "name": "abc123",
  "visibility": "ADMIN",
  "userGroups": [NamedRefInput],
  "computerGroups": [NamedRefInput],
  "any": false
}

ActionGroupCreatePayload

Description

A response to a request to create an action group.

Fields
Field Name Description
group - ActionGroup

The action group created by the request.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "group": ActionGroup,
  "error": SystemError
}

ActionGroupDeletePayload

Description

A response to a request to delete an action group.

Fields
Field Name Description
id - ID

The unique identifier of the deleted action group.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "id": "4",
  "error": SystemError
}

ActionGroupEdge

Description

An action group within a page.

Fields
Field Name Description
node - ActionGroup!

The action group.

Stability Level: 3 - Stable

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

Example
{
  "node": ActionGroup,
  "cursor": Cursor
}

ActionGroupVisibility

Description

Defines the visibility of action groups.

Values
Enum Value Description

ADMIN

Only admins can see this action group.

Stability Level: 3 - Stable

ALL

All users can see this action group.

Stability Level: 3 - Stable

USER_GROUPS

Only specific user groups can see this action group.

Stability Level: 3 - Stable

Example
"ADMIN"

ActionOperationChangeClientSettingInput

Description

A request to change a Tanium Client setting on an endpoint.

Fields
Input Field Description
name - ActionOperationChangeClientSettingName!

The name of the client setting to change.

Stability Level: 3 - Stable

value - String!

The new client setting value.

Stability Level: 3 - Stable

Example
{
  "name": "LogVerbosityLevel",
  "value": "abc123"
}

ActionOperationChangeClientSettingName

Description

A Tanium Client setting name.

Values
Enum Value Description

LogVerbosityLevel

Sets the amount of logging.

Stability Level: 3 - Stable

RandomSensorDelayInSeconds

Randomizes sensor execution (useful for VDI environments). The maximum randomization value is 3600 seconds. Note that this does not affect intrinsic sensors like Computer Name.

Stability Level: 3 - Stable

StateProtectedFlag

Enables encryption and protection of sensor queries in sensor.db, NodeState, and ActionManager state.

Stability Level: 3 - Stable

HotCachePercentage

The hot cache to cold cache setting percentage.

Stability Level: 3 - Stable

Example
"LogVerbosityLevel"

ActionOperationCollectActiveDirectoryInfoInput

Description

A request to collect Active Directory information on an endpoint.

Fields
Input Field Description
minimumMinutesBetweenRuns - Int

The minimum number of minutes to allow between collection runs. This must be a non-negative number.

Stability Level: 3 - Stable

Example
{"minimumMinutesBetweenRuns": 987}

ActionOperationInput

Description

A request to perform a registered operation. You can choose only one operation.

Fields
Input Field Description
addTags - [String!]

Adds the set of custom tags to the endpoints. Tags may not contain whitespace or the "#|#" character sequence.

This uses the Custom Tagging - Add Tags and Custom Tagging - Add Tags (Non-Windows) packages.

Stability Level: 3 - Stable

removeTags - [String!]

Removes the set of custom tags from the endpoints. Tags may not contain whitespace or the "#|#" character sequence.

This uses the Custom Tagging - Remove Tags and Custom Tagging - Remove Tags (Non-Windows) packages.

Stability Level: 3 - Stable

changeClientSetting - ActionOperationChangeClientSettingInput

Changes the specified Tanium Client setting on the endpoints. The string value must be coercible to the correct type for the named setting.

This uses the Modify Tanium Client Setting and Modify Tanium Client Setting [Non-Windows] packages.

Stability Level: 3 - Stable

startService - String

Starts the named service on the endpoints.

This uses the Start Service - ||Service Details_Service Name|| and Start Service [Non-Windows] - ||Service Details_Service Name|| packages.

Stability Level: 3 - Stable

stopService - String

Stops the named service on the endpoints.

This uses the Stop Service - ||Service Details_Service Name|| and Stop Service [Non-Windows] - ||Service Details_Service Name|| packages.

Stability Level: 3 - Stable

restartService - String

Restarts the named service on the endpoints.

This uses the Restart Service - ||Service Details_Service Name|| and Restart Service [Non-Windows] - ||Service Details_Service Name|| packages.

Stability Level: 3 - Stable

reboot - ActionOperationRebootInput

Reboots the endpoints.

This uses the Reboot Windows Machine and Reboot Non-Windows Machine packages.

Stability Level: 3 - Stable

collectActiveDirectoryInfo - ActionOperationCollectActiveDirectoryInfoInput

Collects Active Directory information about the endpoints. This is only available for Windows and Mac operating systems.

This uses the Collect Active Directory Info and Collect Active Directory Info [Mac] packages.

Stability Level: 3 - Stable

Example
{
  "addTags": ["xyz789"],
  "removeTags": ["abc123"],
  "changeClientSetting": ActionOperationChangeClientSettingInput,
  "startService": "abc123",
  "stopService": "xyz789",
  "restartService": "xyz789",
  "reboot": ActionOperationRebootInput,
  "collectActiveDirectoryInfo": ActionOperationCollectActiveDirectoryInfoInput
}

ActionOperationRebootInput

Description

A request to reboot an endpoint.

Fields
Input Field Description
randomDelaySeconds - Int

Specifies the total potential number of seconds to delay before rebooting. The actual delay on each endpoint will be randomly chosen. This must be a non-negative number.

Stability Level: 3 - Stable

Example
{"randomDelaySeconds": 987}

ActionPerformInput

Description

A request to create the actions or scheduled actions necessary to run a package or a registered operation. Exactly one of package or operation must be given.

If an operation is specified, an action or scheduled action will be created for each set of endpoint operating systems supported by the underlying packages. If the targets input specifies any platforms, they must be included in the set of operating systems supported by the operation's packages.

The schedule field controls the schedule on which the actions run, including if it runs only once or recurs.

The top-level result of performing an action are always scheduled actions for consistency, even if they only create a single action.

Fields
Input Field Description
targets - ActionTargetsInput!

The endpoints on which the actions run.

Stability Level: 3 - Stable

package - PackageRefInput

The package containing the action script and any other files.

Stability Level: 3 - Stable

operation - ActionOperationInput

The single registered operation to run. Operations are abstractions declared atop one or more packages that perform the same logical job on various endpoint operating systems.

Stability Level: 3 - Stable

schedule - ActionPerformScheduleInput

The schedule on which the actions run.

Stability Level: 3 - Stable

name - String

The action name. Note that actions are not required to have unique names.

Stability Level: 3 - Stable

comment - String

A short description.

Stability Level: 3 - Stable

Example
{
  "targets": ActionTargetsInput,
  "package": PackageRefInput,
  "operation": ActionOperationInput,
  "schedule": ActionPerformScheduleInput,
  "name": "xyz789",
  "comment": "xyz789"
}

ActionPerformPayload

Description

The result of performing an action.

Fields
Field Name Description
scheduledActions - [ActionPerformPlatform!]

The list of scheduled actions and the operating systems on which they run, if known.

Stability Level: 3 - Stable

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "scheduledActions": [ActionPerformPlatform],
  "error": SystemError
}

ActionPerformPlatform

Description

A scheduled action and the operating systems on which it runs.

Fields
Field Name Description
platforms - [EndpointPlatform!]

The list of operating systems on which the scheduled action runs. This is only populated for actions performed for a registered operation.

Stability Level: 3 - Stable

scheduledAction - ScheduledAction!

The scheduled action.

Stability Level: 3 - Stable

Example
{
  "platforms": ["Unknown"],
  "scheduledAction": ScheduledAction
}

ActionPerformScheduleInput

Description

The schedule on which the action should run.

Fields
Input Field Description
distributeSeconds - Int

The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. A value of 0 indicates the action will immediately begin distributing to all targeted endpoints at once.

Stability Level: 3 - Stable

expireSeconds - Int

The time for which any given action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the distributeSeconds value, whichever is larger.

Stability Level: 3 - Stable

reissueSeconds - Int

The time between recurring action runs. If this is null, the action will run only once. Otherwise, this must be greater than the expireSeconds value.

Stability Level: 3 - Stable

startTime - Time

The start time of the action. This defaults to the current time.

Stability Level: 3 - Stable

endTime - Time

The end time of a scheduled action. If reissueSeconds is null (the action only runs once), this value must also be null. The default value is null, which for recurring actions yields actions which recur indefinitely until deleted.

Stability Level: 3 - Stable

Example
{
  "distributeSeconds": 987,
  "expireSeconds": 123,
  "reissueSeconds": 123,
  "startTime": "10:15:30Z",
  "endTime": "10:15:30Z"
}

ActionResults

Description

The results of an action.

Fields
Field Name Description
id - ID!

The unique ID of the action.

Stability Level: 3 - Stable

waiting - Int!

The number of endpoints waiting to run the action.

Stability Level: 3 - Stable

downloading - Int!

The number of endpoints downloading the action package.

Stability Level: 3 - Stable

running - Int!

The number of endpoints currently running the action.

Stability Level: 3 - Stable

waitingToRetry - Int!

The number of endpoints waiting to retry a failed action run.

Stability Level: 3 - Stable

completed - Int!

The number of endpoints that have completed the action.

Stability Level: 3 - Stable

expired - Int!

The number of endpoints for which the action has expired.

Stability Level: 3 - Stable

failed - Int!

The number of endpoints for which the action run failed.

Stability Level: 3 - Stable

pendingVerification - Int!

The number of endpoints waiting to verify the action.

Stability Level: 3 - Stable

verified - Int!

The number of endpoints that have verified the action.

Stability Level: 3 - Stable

failedVerification - Int!

The number of endpoints that failed to verify the action.

Stability Level: 3 - Stable

Example
{
  "id": "4",
  "waiting": 987,
  "downloading": 123,
  "running": 123,
  "waitingToRetry": 987,
  "completed": 123,
  "expired": 987,
  "failed": 123,
  "pendingVerification": 123,
  "verified": 987,
  "failedVerification": 123
}

ActionScheduleInput

Description

The schedule on which the action should run.

Fields
Input Field Description
distributeSeconds - Int

The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. A value of 0 indicates the action will immediately begin distributing to all targeted endpoints at once.

Stability Level: 3 - Stable

expireSeconds - Int

The time for which the action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the distributeSeconds value, whichever is larger.

Stability Level: 3 - Stable

startTime - Time

The start time of the action. This defaults to the current time.

Stability Level: 3 - Stable

Example
{
  "distributeSeconds": 123,
  "expireSeconds": 123,
  "startTime": "10:15:30Z"
}

ActionStatus

Description

The action status values.

Values
Enum Value Description

OPEN

The action is in progress.

Stability Level: 3 - Stable

PENDING

The action is not yet started.

Stability Level: 3 - Stable

STOPPED

The action is stopped.

Stability Level: 3 - Stable

CLOSED

The action reached its expiration time and is no longer active.

Stability Level: 3 - Stable

Example
"OPEN"

ActionStopPayload

Description

The result of stopping an action.

Fields
Field Name Description
id - ID

The ID of the action.

Stability Level: 3 - Stable

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "id": "4",
  "error": SystemError
}

ActionTargetGroupInput

Description

Identifies or describes a target group. Exactly one of id, name, or filter must be specified. The first two fields (id, name) identify an existing group. The last field (filter) describes a transient group, created for this action.

If you define name and id, only the id is used to identify the computer group, and the name is ignored.

Fields
Input Field Description
id - ID

The ID of the group.

Stability Level: 3 - Stable

name - String

The name of the group.

Stability Level: 3 - Stable

filter - ComputerGroupFilter

The filter describing the endpoints that comprise the group.

Stability Level: 3 - Stable

Example
{
  "id": 4,
  "name": "xyz789",
  "filter": ComputerGroupFilter
}

ActionTargets

Description

The endpoints on which an action runs. An endpoint must belong to both groups in order to run the action.

Fields
Field Name Description
actionGroup - NamedRef!

The identity of the action group.

Stability Level: 3 - Stable

targetGroup - NamedRef!

The identity of the target group.

Stability Level: 3 - Stable

Example
{
  "actionGroup": NamedRef,
  "targetGroup": NamedRef
}

ActionTargetsInput

Description

The endpoints on which an action runs. Each field describes a condition; the action runs on only the endpoints that satisfy every condition.

Fields
Input Field Description
actionGroup - ActionActionGroupInput

Identifies the existing action group to which the endpoints must belong. This defaults to the "Default" action group.

Stability Level: 3 - Stable

targetGroup - ActionTargetGroupInput

Identifies or describes the target group to which the endpoints must belong. This defaults to the "All Computers" group.

Stability Level: 3 - Stable

platforms - [EndpointPlatform!]

Specifies the set of endpoint operating systems on which the action runs (Windows, Linux, Mac, AIX, Solaris); the Unknown value is not allowed. The endpoint operating system is determined by corresponding Tanium sensor, e.g. "Is Windows". By default, actions will run on all endpoint operating systems.

Stability Level: 3 - Stable

endpoints - [ID!]

Specifies a set of 25 or fewer identified endpoints on which the action runs. Retrieve endpoint IDs using the endpoints query. By default, actions are not constrained to specific endpoint IDs.

Stability Level: 3 - Stable

Example
{
  "actionGroup": ActionActionGroupInput,
  "targetGroup": ActionTargetGroupInput,
  "platforms": ["Unknown"],
  "endpoints": ["4"]
}

Any

Description

An untyped value.

Example
Any

Asset

Description

A generic asset, such as an endpoint.

Fields
Field Name Description
id - ID!

The unique ID. This is reasonably guaranteed to be stable.

Stability Level: 3 - Stable

name - String!

The assigned name of the asset.

Example: workstation-1.company.com

Stability Level: 3 - Stable

serialNumber - String!

The serial number provided by the manufacturer.

Example: 123ABC1

Stability Level: 3 - Stable

manufacturer - String!

The asset manufacturer.

Example: Dell

Stability Level: 3 - Stable

model - String!

The asset model.

Example: OptiPlex 7050

Stability Level: 3 - Stable

configurationItem - ConfigurationItem

The CMDB reference IDs for the asset.

Use of this field requires the Atlas solution.

Stability Level: 3 - Stable

Possible Types
Asset Types

Endpoint

Example
{
  "id": 4,
  "name": "abc123",
  "serialNumber": "abc123",
  "manufacturer": "abc123",
  "model": "xyz789",
  "configurationItem": ConfigurationItem
}

AssetImportPayload

Description

Result for a single asset import.

Fields
Field Name Description
id - Int

The unique asset ID.

Stability Level: 3 - Stable

index - Int!

Index from the AssetsImportInput object json field value.

Stability Level: 3 - Stable

status - AssetImportStatus!

Status of the asset import.

Stability Level: 3 - Stable

error - String

Reason for Error/Failure.

Stability Level: 3 - Stable

Example
{
  "id": 123,
  "index": 987,
  "status": "NoChange",
  "error": "xyz789"
}

AssetImportStatus

Description

Status of a given asset's import.

Values
Enum Value Description

NoChange

Asset import is successful. Existing asset did not update.

Stability Level: 3 - Stable

Updated

Asset import is successful, updated an existing asset.

Stability Level: 3 - Stable

Created

Asset import is successful, created a new asset.

Stability Level: 3 - Stable

ErrorInvalidState

Asset import is unsuccessful, key(s) became invalid because of conversions.

Stability Level: 3 - Stable

ErrorMissingKey

Asset import is unsuccessful, key(s) is missing or empty.

Stability Level: 3 - Stable

ErrorDuplicateItemInProcess

Asset import is unsuccessful, already imported in this mutation.

Stability Level: 3 - Stable

ErrorImportFailed

Asset import is unsuccessful.

Stability Level: 3 - Stable

Example
"NoChange"

AssetProduct

Description

The Asset product.

Fields
Field Name Description
vendor - String!

The product vendor name.

Stability Level: 3 - Stable

name - String!

The product name.

Stability Level: 3 - Stable

installation - AssetProductInstallation

Product installation details.

Stability Level: 3 - Stable

tracking - AssetProductTracking

Product tracking details.

Stability Level: 3 - Stable

usage - AssetProductUsage

Product usage details.

Stability Level: 3 - Stable

versions - [AssetProductVersion!]

Product version details.

Stability Level: 3 - Stable

Example
{
  "vendor": "xyz789",
  "name": "xyz789",
  "installation": AssetProductInstallation,
  "tracking": AssetProductTracking,
  "usage": AssetProductUsage,
  "versions": [AssetProductVersion]
}

AssetProductConnection

Description

A page of product edges.

Fields
Field Name Description
edges - [AssetProductEdge]!

The list of Asset product edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about this Asset product page.

Stability Level: 3 - Stable

totalCount - Int!

The total count of returned records.

Stability Level: 3 - Stable

Example
{
  "edges": [AssetProductEdge],
  "pageInfo": PageInfo,
  "totalCount": 987
}

AssetProductEdge

Description

A product within a page.

Fields
Field Name Description
cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

node - AssetProduct!

The Asset product.

Stability Level: 3 - Stable

Example
{
  "cursor": Cursor,
  "node": AssetProduct
}

AssetProductEndpoint

Description

The Asset product endpoint.

Fields
Field Name Description
id - Int

Asset ID.

Stability Level: 3 - Stable

eid - Int

Endpoint ID (eid).

Stability Level: 3 - Stable

computerName - String

The computer Name.

Stability Level: 3 - Stable

computerId - String

The computer ID.

Stability Level: 3 - Stable

serialNumber - String

The serial number.

Stability Level: 3 - Stable

osPlatform - String

The OS platform.

Stability Level: 3 - Stable

operatingSystem - String

The Operating System.

Stability Level: 3 - Stable

servicePack - String

The service pack.

Stability Level: 3 - Stable

manufacturer - String

The manufacturer.

Stability Level: 3 - Stable

ipAddress - String

The IP address.

Stability Level: 3 - Stable

userName - String

The user name.

Stability Level: 3 - Stable

createdAt - Time

When asset record was created.

Stability Level: 3 - Stable

updatedAt - Time

When asset record was last updated.

Stability Level: 3 - Stable

Example
{
  "id": 123,
  "eid": 123,
  "computerName": "xyz789",
  "computerId": "xyz789",
  "serialNumber": "xyz789",
  "osPlatform": "xyz789",
  "operatingSystem": "xyz789",
  "servicePack": "xyz789",
  "manufacturer": "xyz789",
  "ipAddress": "xyz789",
  "userName": "abc123",
  "createdAt": "10:15:30Z",
  "updatedAt": "10:15:30Z"
}

AssetProductEndpointConnection

Description

A page of product endpoint edges.

Fields
Field Name Description
edges - [AssetProductEndpointEdge]!

The list of Asset product edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about this Asset product page.

Stability Level: 3 - Stable

totalCount - Int!

The total count of returned records.

Stability Level: 3 - Stable

Example
{
  "edges": [AssetProductEndpointEdge],
  "pageInfo": PageInfo,
  "totalCount": 987
}

AssetProductEndpointEdge

Description

A product endpoint within a page.

Fields
Field Name Description
cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

node - AssetProductEndpoint!

The Asset product.

Stability Level: 3 - Stable

Example
{
  "cursor": Cursor,
  "node": AssetProductEndpoint
}

AssetProductEndpointsFilter

Description

Describes an asset product endpoint value filter. Records with field values matching the filter are included in the query results. Asset product endpoint filters may be single or compound. Any filter that is not valid causes the query to return an error.

For a single filter definition with one set of fields, if an endpoint record matches any filter condition, it satisfies the filter.

For a compound filter with multiple filter sets, an endpoint record must match every filter set to satisfy the filter, but can match any single filter condition within a filter set.

Fields
Input Field Description
vendor - String

The product vendor name must match.

Stability Level: 3 - Stable

name - String

The product name must match.

Stability Level: 3 - Stable

version - String

The product version must match.

Stability Level: 3 - Stable

usage - AssetProductUsageEnum

The product usage must match.

Stability Level: 3 - Stable

Example
{
  "vendor": "xyz789",
  "name": "abc123",
  "version": "abc123",
  "usage": "NotInstalled"
}

AssetProductInstallation

Description

Product installation metrics.

Fields
Field Name Description
installedCount - Int

The total number of product installations.

Stability Level: 3 - Stable

usedCount - Int

The number of product installations on which usage was detected in the reporting period by the Tanium Client.

Stability Level: 3 - Stable

unusedCount - Int

The number of product installations on which usage was not detected in the reporting period by the Tanium Client.

Stability Level: 3 - Stable

pendingUsage - Int

The number of product installations on which the product is installed but the Tanium Client has not yet reported any usage.

Stability Level: 3 - Stable

Example
{
  "installedCount": 987,
  "usedCount": 123,
  "unusedCount": 987,
  "pendingUsage": 987
}

AssetProductState

Description

The product tracking state.

Values
Enum Value Description

Tracked

Asset is actively tracking the product.

Stability Level: 3 - Stable

Cataloged

Asset is not actively tracking the product.

Stability Level: 3 - Stable

Ignored

Asset is ignoring the product tracking.

Stability Level: 3 - Stable

Example
"Tracked"

AssetProductTracking

Description

Product tracking metrics.

Fields
Field Name Description
state - AssetProductState

The current product tracking state.

Stability Level: 3 - Stable

reportingPeriodDays - Int

The number of days that the Tanium Client reports for product usage.

Stability Level: 3 - Stable

normalMinutesUsedPerDay - Int

Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes.

Stability Level: 3 - Stable

highMinutesUsedPerDay - Int

Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes.

Stability Level: 3 - Stable

baselinePeriodDays - Int

The minimum number of days before a newly installed product starts reporting usage in Asset.

Stability Level: 3 - Stable

Example
{
  "state": "Tracked",
  "reportingPeriodDays": 123,
  "normalMinutesUsedPerDay": 123,
  "highMinutesUsedPerDay": 123,
  "baselinePeriodDays": 123
}

AssetProductTrackingInput

Description

Product tracking metrics input.

Fields
Input Field Description
state - AssetProductState!

The current product tracking state.

Stability Level: 3 - Stable

reportingPeriodDays - Int!

The number of days that the Tanium Client reports for product usage.

Stability Level: 3 - Stable

normalMinutesUsedPerDay - Int!

Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes.

Stability Level: 3 - Stable

highMinutesUsedPerDay - Int!

Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes.

Stability Level: 3 - Stable

baselinePeriodDays - Int!

The minimum number of days before a newly installed product starts reporting usage in Asset.

Stability Level: 3 - Stable

Example
{
  "state": "Tracked",
  "reportingPeriodDays": 123,
  "normalMinutesUsedPerDay": 123,
  "highMinutesUsedPerDay": 123,
  "baselinePeriodDays": 987
}

AssetProductUsage

Description

Product usage metrics.

Fields
Field Name Description
usageNotDetected - Int!

Number of assets where product usage was not detected.

Stability Level: 3 - Stable

notInstalled - Int!

Number of assets where the product was not installed.

Stability Level: 3 - Stable

baselining - Int!

Number of assets where the product is newly installed and not yet reporting usage.

Stability Level: 3 - Stable

limited - Int!

Number of assets where product usage level is limited.

Stability Level: 3 - Stable

normal - Int!

Number of assets where product usage level is normal.

Stability Level: 3 - Stable

high - Int!

Number of assets where product usage level is high.

Stability Level: 3 - Stable

Example
{
  "usageNotDetected": 987,
  "notInstalled": 987,
  "baselining": 123,
  "limited": 987,
  "normal": 123,
  "high": 123
}

AssetProductUsageEnum

Description

The product usage values.

Values
Enum Value Description

NotInstalled

Product not installed.

Stability Level: 3 - Stable

UsageNotDetected

Product usage not detected.

Stability Level: 3 - Stable

Baselining

Product is newly installed and not yet reporting usage.

Stability Level: 3 - Stable

Limited

Product usage level is limited.

Stability Level: 3 - Stable

Normal

Product usage level is normal.

Stability Level: 3 - Stable

High

Product usage level is high.

Stability Level: 3 - Stable

Example
"NotInstalled"

AssetProductVersion

Description

Product version metrics.

Fields
Field Name Description
version - String!

Software version.

Stability Level: 3 - Stable

installs - Int!

Number of assets with this version installed.

Stability Level: 3 - Stable

Example
{"version": "xyz789", "installs": 123}

AssetProductsFilter

Description

Describes a filter for Asset product field values. Records with field values matching the filter are included in the query results. Software installed on an endpoint must match every included filter condition to satisfy the filter.

Fields
Input Field Description
vendors - [String!]

The product vendor name must match one of the specified values.

Stability Level: 3 - Stable

search - String

The product vendor name or product name must contain the specified value.

Stability Level: 3 - Stable

states - [AssetProductState!]

The product tracking state must match one of the specified values (Tracked, Cataloged, or Ignored).

Stability Level: 3 - Stable

Example
{
  "vendors": ["xyz789"],
  "search": "abc123",
  "states": ["Tracked"]
}

AssetProductsInput

Description

Input for mutating product tracking gathering metrics.

Fields
Input Field Description
vendor - String!

The product vendor name.

Stability Level: 3 - Stable

name - String!

The product name.

Stability Level: 3 - Stable

tracking - AssetProductTrackingInput!

Product tracking details.

Stability Level: 3 - Stable

Example
{
  "vendor": "xyz789",
  "name": "abc123",
  "tracking": AssetProductTrackingInput
}

AssetProductsPayload

Fields
Field Name Description
products - [AssetProductsResult!]

Assets Products

Stability Level: 3 - Stable

Example
{"products": [AssetProductsResult]}

AssetProductsResult

Description

The Asset product mutation result.

Fields
Field Name Description
vendor - String

The product vendor name.

Stability Level: 3 - Stable

name - String

The product name.

Stability Level: 3 - Stable

tracking - AssetProductTracking

Product tracking details.

Stability Level: 3 - Stable

Example
{
  "vendor": "xyz789",
  "name": "xyz789",
  "tracking": AssetProductTracking
}

AssetsImportInput

Description

Input fields for creating or updating assets.

Fields
Input Field Description
sourceName - String!

Asset source name.

Stability Level: 3 - Stable

json - String!

Stringify JSON input without line breaks and escaped special characters.

Stability Level: 3 - Stable

Example
{
  "sourceName": "xyz789",
  "json": "xyz789"
}

AssetsImportPayload

Description

Results for an asset import.

Fields
Field Name Description
assets - [AssetImportPayload!]

Assets to create or update.

Stability Level: 3 - Stable

Example
{"assets": [AssetImportPayload]}

Boolean

Description

The Boolean scalar type represents true or false.

Example
true

CIEntity

Description

An item managed in the CMDB.

Fields
Field Name Description
id - ID!

The unique ID for an entity in the CMDB.

Stability Level: 3 - Stable

name - String!

The assigned name of the entity.

Stability Level: 3 - Stable

category - EntityCategory!

The category of the entity.

Stability Level: 3 - Stable

comments - String

The comments about the entity.

Stability Level: 3 - Stable

created - Time!

The date and time at which the entity was stored in the CMDB.

Stability Level: 3 - Stable

updated - Time!

The date and time at which the entity was last updated in the CMDB.

Stability Level: 3 - Stable

private - Boolean!

Indicates that the entity is not viewable by service agents.

Stability Level: 3 - Stable

details - Map

The semi-structured data for the entity.

Stability Level: 3 - Stable

Possible Types
CIEntity Types

Element

Example
{
  "id": "4",
  "name": "xyz789",
  "category": "ManagedEndpoint",
  "comments": "xyz789",
  "created": "10:15:30Z",
  "updated": "10:15:30Z",
  "private": true,
  "details": Map
}

CloseDirectConnectionInput

Description

A request to close a Direct Connect connection to an endpoint.

Fields
Input Field Description
connectionID - ID!

The ID of the connection to close.

Stability Level: 3 - Stable

Example
{"connectionID": 4}

CloseDirectConnectionPayload

Description

A response to a request to close a Direct Connect connection to an endpoint.

Fields
Field Name Description
result - Boolean!

Indicates that the connection is closed.

Stability Level: 3 - Stable

Example
{"result": true}

ComputerGroup

Description

Defines a set of endpoints that is managed as a group.

Fields
Field Name Description
id - ID!

The unique identifier of the computer group.

Stability Level: 3 - Stable

name - String!

The assigned name of the computer group.

Stability Level: 3 - Stable

managementRightsEnabled - Boolean!

Indicates that this is a computer management group.

Stability Level: 3 - Stable

filterEnabled - Boolean!

Indicates that this is a computer filter group.

Stability Level: 3 - Stable

contentSet - NamedRef

The content set assigned to the filter group. The content set controls access to the filter group.

Stability Level: 2 - Legacy Use contentSetV2 instead, which supports additional data related to content sets.

contentSetV2 - TaniumPlatformContentSet

The content set assigned to the filter group. The content set controls access to the filter group.

Stability Level: 1.2 - Experimental (Release Candidate)

type - ComputerGroupType!

The type of the computer group.

Stability Level: 3 - Stable

expression - String!

A sensor filter expression used to define membership in the computer group, such as is Windows equals true.

Stability Level: 3 - Stable

Example
{
  "id": 4,
  "name": "xyz789",
  "managementRightsEnabled": false,
  "filterEnabled": true,
  "contentSet": NamedRef,
  "contentSetV2": TaniumPlatformContentSet,
  "type": "STANDARD",
  "expression": "abc123"
}

ComputerGroupConnection

Description

A page of computer group edges.

Fields
Field Name Description
edges - [ComputerGroupEdge!]!

The list of computer group edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about the computer group collection.

Stability Level: 3 - Stable

totalRecords - Int!

The total number of computer group records available.

Stability Level: 3 - Stable

Example
{
  "edges": [ComputerGroupEdge],
  "pageInfo": PageInfo,
  "totalRecords": 987
}

ComputerGroupCreateInput

Description

A request to create a standard computer group.

Fields
Input Field Description
name - String!

The assigned name of the computer group.

Stability Level: 3 - Stable

managementRightsEnabled - Boolean!

Indicates that this is a computer management group.

Stability Level: 3 - Stable

contentSetRef - NamedRefInput

The content set to which this computer group belongs.

This defines the computer group as a filter group.

Stability Level: 3 - Stable

filter - ComputerGroupFilter!

The filter condition that must be met for a computer to be part of this group.

Stability Level: 3 - Stable

Example
{
  "name": "abc123",
  "managementRightsEnabled": false,
  "contentSetRef": NamedRefInput,
  "filter": ComputerGroupFilter
}

ComputerGroupCreatePayload

Description

A response to a request to create a standard computer group.

Fields
Field Name Description
group - ComputerGroup

The standard computer group created by the request.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{
  "group": ComputerGroup,
  "error": SystemError
}

ComputerGroupDeletePayload

Description

A response to a request to delete a computer group.

Fields
Field Name Description
id - ID

The unique identifier of the deleted computer group.

Stability Level: 3 - Stable

error - SystemError

Specifies that the request terminated in an error.

Stability Level: 3 - Stable

Example
{"id": 4, "error": SystemError}

ComputerGroupEdge

Description

A computer group within a page.

Fields
Field Name Description
node - ComputerGroup!

The computer group.

Stability Level: 3 - Stable

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

Example
{
  "node": ComputerGroup,
  "cursor": Cursor
}

ComputerGroupFilter

Description

An object containing the conditions for membership in a standard computer group.

Fields
Input Field Description
memberOf - EndpointFieldFilterComputerGroup

The computer group to which the endpoint must belong in order to pass the filter.

Stability Level: 3 - Stable

sensor - EndpointFieldFilterSensor

The sensor whose reading is used as the basis for the filter.

Stability Level: 3 - Stable

op - FieldFilterOp!

The operator by which to compare the specified value to the field value. Note that not all operators are valid for all fields or data sources. If the operator is not valid, the query returns an error.

This defaults to the EQ operator.

Stability Level: 1.0 - Experimental (Early Development)

negated - Boolean!

Indicates that the filter is negated. Records with field values matching the filter are excluded from the query results.

This defaults to false.

Stability Level: 1.0 - Experimental (Early Development)

value - String

The constant value to compare with the field value, expressed as a string. If this value cannot be interpreted as a valid value for the field type, the query returns an error.

Stability Level: 3 - Stable

filters - [ComputerGroupFilter!]

Describes the set of filters which comprise this compound filter.

Stability Level: 3 - Stable

any - Boolean!

Indicates that if any of the filters comprising this compound filter passes, the compound filter passes.

This defaults to false, which means all of the filters must pass for the compound filter to pass.

Stability Level: 3 - Stable

Example
{
  "memberOf": EndpointFieldFilterComputerGroup,
  "sensor": EndpointFieldFilterSensor,
  "op": "EQ",
  "negated": true,
  "value": "xyz789",
  "filters": [ComputerGroupFilter],
  "any": true
}

ComputerGroupType

Description

The computer group type values.

Values
Enum Value Description

STANDARD

Stability Level: 3 - Stable

MANUAL

Stability Level: 3 - Stable
Example
"STANDARD"

ComputerGroupsFilter

Description

Describes a filter for computer groups.

Fields
Input Field Description
type - ComputerGroupType

The type of the computer group.

Stability Level: 3 - Stable

managementRightsEnabled - Boolean

Indicates that this is a computer management group.

Stability Level: 3 - Stable

filterEnabled - Boolean

Indicates that this is a computer filter group.

Stability Level: 3 - Stable

Example
{"type": "STANDARD", "managementRightsEnabled": true, "filterEnabled": true}

ConfigurationItem

Description

The CMDB reference IDs for an asset.

Fields
Field Name Description
entityID - ID!

The unique ID of an asset entity record in the CMDB.

Stability Level: 3 - Stable

entityClassIDs - [ID!]!

The unique IDs of the class records of an asset in the CMDB.

Stability Level: 3 - Stable

namespace - String!

The namespace of an asset entity record in the CMDB.

Examples: tds, discover

Stability Level: 3 - Stable

Example
{
  "entityID": "4",
  "entityClassIDs": ["4"],
  "namespace": "xyz789"
}

ConfigurationItemEntityConnection

Description

A page of configuration item entity edges.

Fields
Field Name Description
edges - [ConfigurationItemEntityEdge]!

The list of configuration item entity edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about the configuration item entity collection.

Stability Level: 3 - Stable

totalCount - Int!

The total number of configuration item entities in the list.

Stability Level: 3 - Stable

Example
{
  "edges": [ConfigurationItemEntityEdge],
  "pageInfo": PageInfo,
  "totalCount": 123
}

ConfigurationItemEntityEdge

Description

A configuration item entity within a page.

Fields
Field Name Description
cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

node - CIEntity!

The configuration item entity.

Stability Level: 3 - Stable

Example
{"cursor": Cursor, "node": CIEntity}

ConfigurationItemProperties

Description

Properties of the configuration item CMDB.

Fields
Field Name Description
customerItemsLimit - Int

The total limit for entities provided by the customer. For on-premises deployments, select Administration > Configuration > Platform Settings to configure this. For TaaS deployments, contact Tanium support to configure this.

Stability Level: 3 - Stable

userSpecifiedAssetsMaxAge - Int

The maximum age in seconds of user-specified Unmanaged Assets.

Stability Level: 3 - Stable

Example
{"customerItemsLimit": 123, "userSpecifiedAssetsMaxAge": 987}

ConfigurationItemRelationshipConnection

Description

A page of configuration item relationship edges.

Fields
Field Name Description
edges - [ConfigurationItemRelationshipEdge]!

The list of configuration item relationship edges.

Stability Level: 3 - Stable

pageInfo - PageInfo!

Information about the configuration item relationship collection.

Stability Level: 3 - Stable

totalCount - Int!

The total number of configuration item relationships in the list.

Stability Level: 3 - Stable

Example
{
  "edges": [ConfigurationItemRelationshipEdge],
  "pageInfo": PageInfo,
  "totalCount": 123
}

ConfigurationItemRelationshipEdge

Description

A configuration item relationship within a page.

Fields
Field Name Description
cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 3 - Stable

node - Relationship!

The configuration item relationship.

Stability Level: 3 - Stable

Example
{
  "cursor": Cursor,
  "node": Relationship
}

ConnectConnection

Description

A connection found in a Connect service.

Fields
Field Name Description
id - ID!

The connection's unique ID.

Stability Level: 1.2 - Experimental (Release Candidate)

displayName - String!

The connection's unique display name.

Stability Level: 1.2 - Experimental (Release Candidate)

description - String

The connection description.

Stability Level: 1.2 - Experimental (Release Candidate)

currentRun - ConnectRun

The connection's currently active run, if any.

Stability Level: 1.2 - Experimental (Release Candidate)

pastRuns - ConnectRunConnection

The collection of this connection's previous runs.

Stability Level: 1.2 - Experimental (Release Candidate)

Arguments
after - Cursor

Stability Level: 1.2 - Experimental (Release Candidate)

first - Int

Stability Level: 1.2 - Experimental (Release Candidate)

before - Cursor

Stability Level: 1.2 - Experimental (Release Candidate)

last - Int

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "id": 4,
  "displayName": "xyz789",
  "description": "abc123",
  "currentRun": ConnectRun,
  "pastRuns": ConnectRunConnection
}

ConnectConnectionEdge

Description

A connection within a page.

Fields
Field Name Description
node - ConnectConnection!

The connection.

Stability Level: 1.2 - Experimental (Release Candidate)

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "node": ConnectConnection,
  "cursor": Cursor
}

ConnectConnectionStartInput

Description

The input of starting a connection run.

Fields
Input Field Description
connectionID - ID!

The ID of the connection to start.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{"connectionID": 4}

ConnectConnectionStartPayload

Description

The result of starting a connection.

Fields
Field Name Description
run - ConnectRun

The connection run that was created.

Stability Level: 1.2 - Experimental (Release Candidate)

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "run": ConnectRun,
  "error": SystemError
}

ConnectConnectionStopInput

Description

The input of stopping an in-progress connection run.

Fields
Input Field Description
connectRunID - ID!

The ID of the connection run input to stop.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{"connectRunID": "4"}

ConnectConnectionStopPayload

Description

The result of stopping an in-progress connection run.

Fields
Field Name Description
run - ConnectRun

The connection run that stopped.

Stability Level: 1.2 - Experimental (Release Candidate)

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "run": ConnectRun,
  "error": SystemError
}

ConnectGraphConnection

Description

A page of connection edges.

Fields
Field Name Description
edges - [ConnectConnectionEdge!]!

The list of connections.

Stability Level: 1.2 - Experimental (Release Candidate)

pageInfo - PageInfo!

Information about the connection collection.

Stability Level: 1.2 - Experimental (Release Candidate)

totalRecords - Int!

The total number of connection records available.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "edges": [ConnectConnectionEdge],
  "pageInfo": PageInfo,
  "totalRecords": 123
}

ConnectRun

Description

A connection run found in a Connect service.

Fields
Field Name Description
id - ID!

The connection run ID.

Stability Level: 1.2 - Experimental (Release Candidate)

connectionID - ID!

The ID of the connection from which this connection run was generated.

Stability Level: 1.2 - Experimental (Release Candidate)

status - ConnectRunStatus!

The connection run status.

Stability Level: 1.2 - Experimental (Release Candidate)

createdTime - Time!

The time at which the connection run was created.

Stability Level: 1.2 - Experimental (Release Candidate)

updatedTime - Time!

The time at which the connection run was most recently modified.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "id": "4",
  "connectionID": "4",
  "status": "Starting",
  "createdTime": "10:15:30Z",
  "updatedTime": "10:15:30Z"
}

ConnectRunConnection

Description

A page of connection run edges.

Fields
Field Name Description
edges - [ConnectRunEdge!]!

The list of connection run edges.

Stability Level: 1.2 - Experimental (Release Candidate)

pageInfo - PageInfo!

Information about this connection run page.

Stability Level: 1.2 - Experimental (Release Candidate)

totalRecords - Int!

The total number of connection run records available.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "edges": [ConnectRunEdge],
  "pageInfo": PageInfo,
  "totalRecords": 123
}

ConnectRunEdge

Description

A connection run within a page.

Fields
Field Name Description
node - ConnectRun!

The connection run.

Stability Level: 1.2 - Experimental (Release Candidate)

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
{
  "node": ConnectRun,
  "cursor": Cursor
}

ConnectRunStatus

Description

The status of the last connection run.

Values
Enum Value Description

Starting

The connection run is starting.

Stability Level: 1.2 - Experimental (Release Candidate)

Waiting

The connection run is waiting to start.

Stability Level: 1.2 - Experimental (Release Candidate)

Running

The connection run is in progress.

Stability Level: 1.2 - Experimental (Release Candidate)

Finished

The connection run finished successfully.

Stability Level: 1.2 - Experimental (Release Candidate)

Failed

The connection run failed with an error.

Stability Level: 1.2 - Experimental (Release Candidate)

Example
"Starting"

ConnectedState

Description

The set of connected states of wireless adapters.

Values
Enum Value Description

CONNECTED

The wireless adapter is connected.

Stability Level: 3 - Stable

DISCONNECTED

The wireless adapter is disconnected.

Stability Level: 3 - Stable

UNKNOWN

The wireless adapter connected state is unknown.

Stability Level: 3 - Stable

Example
"CONNECTED"

Connection

Cursor

Description

A relay pagination cursor, which is an opaque string that specifies a record within a connection.

Example
Cursor

Date

Description

A string date in RFC 3339 long-date format.

Example
"2007-12-03"

DateTimeComponent

Example
DateTimeComponent

DefaultRangeEnd

Fields
Field Name Description
model - ParameterDefinitionType! Stability Level: 3 - Stable
parameterType - ParameterDefinitionType! Stability Level: 3 - Stable
type - DateTimeComponent Stability Level: 3 - Stable
interval - Int Stability Level: 3 - Stable
intervalCount - Int Stability Level: 3 - Stable
unixTimeStamp - Int Stability Level: 3 - Stable
Example
{
  "model": ParameterDefinitionType,
  "parameterType": ParameterDefinitionType,
  "type": DateTimeComponent,
  "interval": 123,
  "intervalCount": 987,
  "unixTimeStamp": 987
}

DeleteConfigurationItemElementInput

Description

A request to delete a configuration item element.

Fields
Input Field Description
id - ID!

The ID of the configuration item element to delete.

Stability Level: 3 - Stable

Example
{"id": 4}

DeleteConfigurationItemElementResult

Description

A response to a request to delete a configuration item element.

Fields
Field Name Description
error - String

If the delete operation failed, the error message logged.

Stability Level: 3 - Stable

Example
{"error": "xyz789"}

DeleteRelationshipInput

Description

A request to delete relationships between configuration item entities.

Fields
Input Field Description
ids - [ID!]!

The set of relationship IDs to delete.

Stability Level: 3 - Stable

Example
{"ids": ["4"]}

DirectConnect

Description

Data from an endpoint, obtained using a Direct Connect connection.

Fields
Field Name Description
performance - DirectConnectPerf

Performance data from the endpoint.

Stability Level: 3 - Stable

processes - DirectConnectProcesses

Processes running on the endpoint.

Stability Level: 3 - Stable

alerts - DirectConnectAlerts

Performance alerts from the endpoint.

Stability Level: 3 - Stable

Example
{
  "performance": DirectConnectPerf,
  "processes": DirectConnectProcesses,
  "alerts": DirectConnectAlerts
}

DirectConnectAlertScope

Description

Defines a window of time for filtering performance alerts.

Fields
Input Field Description
startTime - Time!

The window start time. This cannot be later than the end time.

Stability Level: 3 - Stable

endTime - Time

The window end time. This defaults to and cannot be later than the current time.

Stability Level: 3 - Stable

Example
{
  "startTime": "10:15:30Z",
  "endTime": "10:15:30Z"
}

DirectConnectAlerts

Description

Performance alerts from an endpoint.

Fields
Field Name Description
all - [EndpointAlert!]

All performance alerts for the endpoint.

Stability Level: 3 - Stable

Arguments
scope - DirectConnectAlertScope

The scope of time to filter alerts. If not specified, returns alerts from the past 24 hours.

Stability Level: 3 - Stable

Example
{"all": [EndpointAlert]}

DirectConnectCloseInput

Description

A request to close a Direct Connect connection to an endpoint.

Fields
Input Field Description
connectionID - ID!

The ID of the connection to close.

Stability Level: 3 - Stable

Example
{"connectionID": 4}

DirectConnectClosePayload

Description

A response to a request to close a Direct Connect connection to an endpoint.

Fields
Field Name Description
result - Boolean!

Indicates that the connection was closed.

Stability Level: 3 - Stable

Example
{"result": false}

DirectConnectConnectionStatus

Description

The set of statuses for a Direct Connect connection.

Values
Enum Value Description

UNKNOWN

The connection state is unknown.

Stability Level: 3 - Stable

READY

The connection is open and ready for use.

Stability Level: 3 - Stable

CONNECTING

The connection is being established.

Stability Level: 3 - Stable

ERROR

This connection has encountered an error.

Stability Level: 3 - Stable

NOT_FOUND

This connection was not found.

The connection may have expired and been closed after 5 minutes of inactivity.

Stability Level: 3 - Stable

Example
"UNKNOWN"

DirectConnectConnectionStatusInput

Description

A request to get the status for a Direct Connect connection.

Fields
Input Field Description
connectionID - ID!

The ID of the connection to check.

Stability Level: 3 - Stable

Example
{"connectionID": "4"}

DirectConnectConnectionStatusPayload

Description

A response to a request to get the status for a Direct Connect connection.

Fields
Field Name Description
status - DirectConnectConnectionStatus!

The current status of the connection.

Stability Level: 3 - Stable

Example
{"status": "UNKNOWN"}

DirectConnectEndpointInput

Description

A request to get data from an endpoint using an open Direct Connect connection.

Fields
Input Field Description
connectionID - ID!

The ID of the connection to use.

Stability Level: 3 - Stable

Example
{"connectionID": "4"}

DirectConnectOpenInput

Description

A request to initiate a Direct Connect connection to an endpoint.

Fields
Input Field Description
endpointID - ID!

The ID of the endpoint.

Stability Level: 3 - Stable

Example
{"endpointID": 4}

DirectConnectOpenPayload

Description

A response to a request to initiate a Direct Connect connection to an endpoint.

Fields
Field Name Description
connectionID - ID!

A connection ID, used for Direct Connect requests.

Stability Level: 3 - Stable

status - DirectConnectConnectionStatus!

The status of the connection.

Stability Level: 3 - Stable

Example
{"connectionID": 4, "status": "UNKNOWN"}

DirectConnectPerf

Description

Performance data from an endpoint.

Fields
Field Name Description
cpuUsagePercent - Float!

The current CPU usage as a percent from 0 to 100.

Stability Level: 3 - Stable

memoryUsedPercent - Float!

The current memory usage as a percent from 0 to 100.

Stability Level: 3 - Stable

_dev_query - [EndpointMetric!]

Raw PromQL queries.

Stability Level: 1.2 - Experimental (Release Candidate)

Arguments
query - PerfQuery!

Stability Level: 3 - Stable

Example
{
  "cpuUsagePercent": 123.45,
  "memoryUsedPercent": 123.45,
  "_dev_query": [EndpointMetric]
}

DirectConnectPingInput

Description

A request to ping an endpoint over a Direct Connect connection (for example, to test connectivity).

Fields
Input Field Description
connectionID - ID!

The ID of the connection to ping.

Stability Level: 3 - Stable

Example
{"connectionID": 4}

DirectConnectPingPayload

Description

A response to a request to ping an endpoint over a Direct Connect connection.

Fields
Field Name Description
result - Boolean!

Indicates that the ping is acknowledged.

Stability Level: 3 - Stable

Example
{"result": true}

DirectConnectProcessTerminateInput

Description

A request to terminate a process running on an endpoint.

Fields
Input Field Description
connectionID - ID!

The ID of the Direct Connect connection to the endpoint on which the process is running.

Stability Level: 3 - Stable

pid - Int!

The ID of the process to terminate.

Stability Level: 3 - Stable

name - String!

The name of the process to terminate.

Stability Level: 3 - Stable

signal - Signal!

The signal to use when terminating the process.

Stability Level: 3 - Stable

Example
{
  "connectionID": "4",
  "pid": 987,
  "name": "xyz789",
  "signal": "SIGINT"
}

DirectConnectProcessTerminatePayload

Description

A response to a request to terminate a process.

Fields
Field Name Description
result - Boolean!

Indicates that the process is terminated.

Stability Level: 3 - Stable

Example
{"result": false}

DirectConnectProcesses

Description

Processes running on an endpoint.

Fields
Field Name Description
all - [Process!]

All processes running on the endpoint.

Stability Level: 3 - Stable

Example
{"all": [Process]}

DiscoverCloudInstance

Description

A Discover cloud instance.

Fields
Field Name Description
id - String

The identifier of the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

imageId - String

The identifier of the cloud instance image.

Stability Level: 1.1 - Experimental (Active Development)

type - String

The type of the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

state - String

The state of the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

launchTime - Time

The time that the cloud instance was launched.

Stability Level: 1.1 - Experimental (Active Development)

zone - String

The data center where the cloud instance is hosted.

Stability Level: 1.1 - Experimental (Active Development)

provider - String

The provider of the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

networkId - String

The network identifier of the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

account - String

The account associated with the cloud instance.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "id": "xyz789",
  "imageId": "xyz789",
  "type": "abc123",
  "state": "abc123",
  "launchTime": "10:15:30Z",
  "zone": "abc123",
  "provider": "xyz789",
  "networkId": "abc123",
  "account": "xyz789"
}

DiscoverCloudTag

Description

A Discover cloud tag associated with an interface and assigned to an instance.

Fields
Field Name Description
name - String!

The name of the tag.

Stability Level: 1.1 - Experimental (Active Development)

value - String!

The value of the tag.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "name": "abc123",
  "value": "abc123"
}

DiscoverInterface

Description

An interface found in a Discover network scan.

Fields
Field Name Description
id - ID!

The unique identifier of the interface.

Stability Level: 1.1 - Experimental (Active Development)

macAddress - String

The MAC address of the interface.

Stability Level: 1.1 - Experimental (Active Development)

manufacturer - String

The manufacturer of the interface.

Stability Level: 1.1 - Experimental (Active Development)

hostnames - [String!]

The hostnames associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

ipAddresses - [String!]

The IP addresses associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

labels - [DiscoverLabel!]!

The labels associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

osPlatform - String

The platform of the operating system associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

openPorts - [Int!]

The interface open ports.

If this value is null, the network scan did not identify open ports for this interface.

Stability Level: 1.1 - Experimental (Active Development)

discoveryMethods - [DiscoveryMethod!]!

The discovery methods by which this interface has been scanned.

Stability Level: 1.1 - Experimental (Active Development)

lastSeenTime - Time!

The time the interface was last found with any discovery method. This value is not used to flag an interface as Lost.

Stability Level: 1.1 - Experimental (Active Development)

computerId - String

The Tanium Client computer ID of the managed interface.

If this value is null and isManaged is false, this interface is unmanaged.

Stability Level: 1.1 - Experimental (Active Development)

natIPAddresses - [String!]

The network address translation (NAT) IP addresses associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

osGeneration - String

The generation of the operating system associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

profiles - [DiscoverProfile!]!

The profiles that have scanned this interface.

Stability Level: 1.1 - Experimental (Active Development)

cloudInstances - [DiscoverCloudInstance!]!

The cloud instances where this interface is hosted.

Stability Level: 1.1 - Experimental (Active Development)

cloudTags - [DiscoverCloudTag!]!

The cloud tags associated with the interface.

Stability Level: 1.1 - Experimental (Active Development)

firstSeenTime - Time!

The time the interface was first seen.

Stability Level: 1.1 - Experimental (Active Development)

firstManagedTime - Time

The time the interface was first managed.

If this value is null, the interface is unmanaged.

Stability Level: 1.1 - Experimental (Active Development)

lastManagedTime - Time

The last time the interface was returned as a managed interface.

Stability Level: 1.1 - Experimental (Active Development)

lastDiscoveredTime - Time

The time the interface was last discovered. By default, if an interface has not been identified as managed for at least 24 hours, has been identified as unmanaged in the past 4 hours by an active discovery method, and has a lastDiscoveredTime value, it is flagged as Lost.

Stability Level: 1.1 - Experimental (Active Development)

isManaged - Boolean!

Whether this interface is managed by Tanium and has the Tanium Client installed.

Stability Level: 1.1 - Experimental (Active Development)

isUnmanageable - Boolean!

Whether this interface has been marked as unmanageable.

Stability Level: 1.1 - Experimental (Active Development)

isIgnored - Boolean!

Whether this interface has been marked as ignored by a user or automatic label.

Stability Level: 1.1 - Experimental (Active Development)

satellites - [DiscoverSatellite!]!

The satellites that returned data about this interface in scans.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "id": 4,
  "macAddress": "abc123",
  "manufacturer": "abc123",
  "hostnames": ["xyz789"],
  "ipAddresses": ["abc123"],
  "labels": [DiscoverLabel],
  "osPlatform": "xyz789",
  "openPorts": [123],
  "discoveryMethods": ["ARP"],
  "lastSeenTime": "10:15:30Z",
  "computerId": "xyz789",
  "natIPAddresses": ["abc123"],
  "osGeneration": "abc123",
  "profiles": [DiscoverProfile],
  "cloudInstances": [DiscoverCloudInstance],
  "cloudTags": [DiscoverCloudTag],
  "firstSeenTime": "10:15:30Z",
  "firstManagedTime": "10:15:30Z",
  "lastManagedTime": "10:15:30Z",
  "lastDiscoveredTime": "10:15:30Z",
  "isManaged": true,
  "isUnmanageable": false,
  "isIgnored": true,
  "satellites": [DiscoverSatellite]
}

DiscoverInterfaceAddLabelInput

Description

A request to add one or more standard labels to specific Discover interfaces.

Fields
Input Field Description
names - [String!]!

The unique names of the standard labels to add.

Stability Level: 1.1 - Experimental (Active Development)

ids - [ID!]!

The unique identifiers of the interfaces to add the labels to.

Stability Level: 1.1 - Experimental (Active Development)

cursor - Cursor

The cursor value from a previous 'discoverInterfaceAddLabel' request.

Add a cursor value if a prior discoverInterfaceAddLabel request returned a cursor and you want to check if the prior request completed.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "names": ["xyz789"],
  "ids": [4],
  "cursor": Cursor
}

DiscoverInterfaceAddLabelPayload

Description

A response to a request to add one or more standard labels to specific Discover interfaces.

Fields
Field Name Description
cursor - Cursor

Indicates the request is not complete and provides an identifier for subsequent calls to determine the request's terminal state.

Stability Level: 1.1 - Experimental (Active Development)

success - Boolean

Indicates the request completed successfully or failed.

Stability Level: 1.1 - Experimental (Active Development)

error - SystemError

Indicates that the request terminated in an error.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "cursor": Cursor,
  "success": true,
  "error": SystemError
}

DiscoverInterfaceConnection

Description

A page of Discover interface edges.

Fields
Field Name Description
edges - [DiscoverInterfaceEdge!]!

The list of Discover interface edges.

Stability Level: 1.1 - Experimental (Active Development)

pageInfo - PageInfo!

Information about the Discover interface collection.

Stability Level: 1.1 - Experimental (Active Development)

totalRecords - Int!

The total number of Discover interface records available.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "edges": [DiscoverInterfaceEdge],
  "pageInfo": PageInfo,
  "totalRecords": 123
}

DiscoverInterfaceEdge

Description

A Discover interface within a page.

Fields
Field Name Description
node - DiscoverInterface!

The Discover interface.

Stability Level: 1.1 - Experimental (Active Development)

cursor - Cursor!

The cursor of this edge within the collection.

Stability Level: 1.1 - Experimental (Active Development)

Example
{
  "node": DiscoverInterface,
  "cursor": Cursor
}

DiscoverInterfaceRemoveLabelInput

Description

A request to remove one or more standard labels from specific Discover interfaces.

Fields
Input Field Description
names - [String!]!

The unique names of the standard labels to add.

Stability Level: 1.1 - Experimental (Active Development)

ids -