Tanium GraphQL API Gateway
Tanium™ API Gateway provides a single and stable API integration point for various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium™ Core Platform.
API Endpoints
https://<customername>-api.cloud.tanium.com/plugin/products/gateway/graphqlVersion:
Current
Release Comparison:
Getting Started
Visit the Documentation Site to find helpful information such as...
- Overview and Requirements
- Installation and Troubleshooting Instructions
- Lots of Helpful Example Queries!
New to GraphQL?
GraphQL is a query language for APIs. Visit graphql.org to learn all about it.
Need Deprecated Content?
Alternate version of the Schema Documentation
that includes deprecated queries and fields
Queries
action
Description
Finds the identified action.
Stability Level: 3 - Stable
Response
Returns an
Action
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
query action($ref: IdRefInput!) {
action(ref: $ref) {
id
name
comment
expireSeconds
creationTime
startTime
expirationTime
distributeSeconds
status
stoppedFlag
targets {
...ActionTargetsFragment
}
package {
...PackageRefFragment
}
scheduledAction {
...ScheduledActionFragment
}
stopped
creator {
...PrincipalFragment
}
approver {
...PrincipalFragment
}
metadata {
...MetadataFragment
}
results {
...ActionResultsFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"action": {
"id": "4",
"name": "abc123",
"comment": "abc123",
"expireSeconds": 987,
"creationTime": "10:15:30Z",
"startTime": "10:15:30Z",
"expirationTime": "10:15:30Z",
"distributeSeconds": 987,
"status": "OPEN",
"stoppedFlag": false,
"targets": ActionTargets,
"package": PackageRef,
"scheduledAction": ScheduledAction,
"stopped": true,
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"results": ActionResults
}
}
}
actionGroup
Description
Returns an action group that matches the specified input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroup
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
The reference data the action group must match to be returned. Stability Level: 3 - Stable |
Example
Query
query actionGroup($ref: NamedRefInput!) {
actionGroup(ref: $ref) {
id
name
visibility
userGroups {
...NamedRefFragment
}
computerGroups {
...ComputerGroupFragment
}
any
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"actionGroup": {
"id": "4",
"name": "xyz789",
"visibility": "ADMIN",
"userGroups": [NamedRef],
"computerGroups": [ComputerGroup],
"any": false
}
}
}
actionGroups
Description
Stability Level: 3 - Stable
Response
Returns an
ActionGroupConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the action groups after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n action groups from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the action groups before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n action groups from the list. This must be given if Stability Level: 3 - Stable |
Example
Query
query actionGroups(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
actionGroups(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...ActionGroupEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987
}
Response
{
"data": {
"actionGroups": {
"edges": [ActionGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
actions
Description
Returns the matching actions.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns an
ActionConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the actions after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n actions from the list. This has a maximum value of 200.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the actions before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n actions from the list. This must be given if Stability Level: 3 - Stable |
filter -
FieldFilter
|
Returns only the actions matching the filter. The filter must be either a simple filter or a compound filter with a single set of simple child filters which all must match. The paths which support filtering include: This filter does not support the Stability Level: 3 - Stable |
Example
Query
query actions(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
actions(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ActionEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": FieldFilter
}
Response
{
"data": {
"actions": {
"edges": [ActionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
assetProductEndpoints
Description
Retrieves endpoints based on Asset software inventory and usage.
Use of this field requires the Tanium permission asset api user read.
Stability Level: 3 - Stable
Response
Returns an
AssetProductEndpointConnection
Arguments
| Name | Description |
|---|---|
filter -
AssetProductEndpointsFilter
|
Filter endpoints by the given criteria. Stability Level: 3 - Stable |
after -
Cursor
|
Returns endpoints after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n endpoints from the list. Stability Level: 3 - Stable |
Example
Query
query assetProductEndpoints(
$filter: AssetProductEndpointsFilter,
$after: Cursor,
$first: Int
) {
assetProductEndpoints(
filter: $filter,
after: $after,
first: $first
) {
edges {
...AssetProductEndpointEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"filter": AssetProductEndpointsFilter,
"after": Cursor,
"first": 123
}
Response
{
"data": {
"assetProductEndpoints": {
"edges": [AssetProductEndpointEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
}
}
assetProducts
Description
Retrieves product usage for assets and endpoints.
Use of this field requires the Tanium permission asset api user read.
Stability Level: 3 - Stable
Response
Returns an
AssetProductConnection
Arguments
| Name | Description |
|---|---|
filter -
AssetProductsFilter
|
Filter products by the given criteria. Stability Level: 3 - Stable |
after -
Cursor
|
Returns products after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n products from the list. Stability Level: 3 - Stable |
Example
Query
query assetProducts(
$filter: AssetProductsFilter,
$after: Cursor,
$first: Int
) {
assetProducts(
filter: $filter,
after: $after,
first: $first
) {
edges {
...AssetProductEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"filter": AssetProductsFilter,
"after": Cursor,
"first": 123
}
Response
{
"data": {
"assetProducts": {
"edges": [AssetProductEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
}
}
computerGroup
Description
Returns a computer group that matches the specified input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroup
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
The reference data the computer group must match to be returned. Stability Level: 3 - Stable |
Example
Query
query computerGroup($ref: NamedRefInput!) {
computerGroup(ref: $ref) {
id
name
managementRightsEnabled
filterEnabled
contentSet {
...NamedRefFragment
}
type
expression
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"computerGroup": {
"id": "4",
"name": "xyz789",
"managementRightsEnabled": false,
"filterEnabled": false,
"contentSet": NamedRef,
"type": "STANDARD",
"expression": "abc123"
}
}
}
computerGroups
Description
Returns all computer groups matching the specified input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the computer groups after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n computer groups from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the computer groups before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n computer groups from the list. This must be given if Stability Level: 3 - Stable |
filter -
ComputerGroupsFilter
|
Returns only the computer groups matching the filter. Stability Level: 3 - Stable |
Example
Query
query computerGroups(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: ComputerGroupsFilter
) {
computerGroups(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ComputerGroupEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": ComputerGroupsFilter
}
Response
{
"data": {
"computerGroups": {
"edges": [ComputerGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
configurationItemEntities
Description
Returns configuration item entities from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemEntityConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the configuration item entities after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n endpoints from the list. Stability Level: 3 - Stable |
before -
Cursor
|
Returns the configuration item entities before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last n endpoints from the list. Stability Level: 3 - Stable |
params -
EntitiesQueryParams
|
Returns only the configuration item entities matching the given parameters. Stability Level: 3 - Stable |
sort -
[EntitySortRequest]
|
Sorts the configuration item entities. Stability Level: 3 - Stable |
Example
Query
query configurationItemEntities(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$params: EntitiesQueryParams,
$sort: [EntitySortRequest]
) {
configurationItemEntities(
after: $after,
first: $first,
before: $before,
last: $last,
params: $params,
sort: $sort
) {
edges {
...ConfigurationItemEntityEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 123,
"before": Cursor,
"last": 123,
"params": EntitiesQueryParams,
"sort": [EntitySortRequest]
}
Response
{
"data": {
"configurationItemEntities": {
"edges": [ConfigurationItemEntityEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
}
}
configurationItemProperties
Description
Returns all properties related to configuration items.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemProperties
Example
Query
query configurationItemProperties {
configurationItemProperties {
customerItemsLimit
userSpecifiedAssetsMaxAge
}
}
Response
{
"data": {
"configurationItemProperties": {
"customerItemsLimit": 123,
"userSpecifiedAssetsMaxAge": 987
}
}
}
configurationItemRelationships
Description
Returns relationships for the identified configuration items from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
ConfigurationItemRelationshipConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the relationships after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n relationships from the list. Stability Level: 3 - Stable |
before -
Cursor
|
Returns the relationships before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last n relationships from the list. Stability Level: 3 - Stable |
params -
RelationshipQueryParams
|
Returns only the relationships matching the given parameters. Stability Level: 3 - Stable |
sort -
[RelationshipSortRequest]
|
Sorts the relationships. Stability Level: 3 - Stable |
Example
Query
query configurationItemRelationships(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$params: RelationshipQueryParams,
$sort: [RelationshipSortRequest]
) {
configurationItemRelationships(
after: $after,
first: $first,
before: $before,
last: $last,
params: $params,
sort: $sort
) {
edges {
...ConfigurationItemRelationshipEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 123,
"before": Cursor,
"last": 123,
"params": RelationshipQueryParams,
"sort": [RelationshipSortRequest]
}
Response
{
"data": {
"configurationItemRelationships": {
"edges": [ConfigurationItemRelationshipEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
}
}
connectConnection
Description
Returns the connection that matches the referenced ID.
Use of this field requires the Tanium permission Connect - Read.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectConnection
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
query connectConnection($ref: IdRefInput!) {
connectConnection(ref: $ref) {
id
displayName
description
currentRun {
...ConnectRunFragment
}
pastRuns {
...ConnectRunConnectionFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"connectConnection": {
"id": 4,
"displayName": "xyz789",
"description": "abc123",
"currentRun": ConnectRun,
"pastRuns": ConnectRunConnection
}
}
}
connectConnections
Description
Returns the matching connections.
Use of this field requires the Tanium permission Connect - Read.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectGraphConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Stability Level: 1.2 - Experimental (Release Candidate) |
first -
Int
|
Stability Level: 1.2 - Experimental (Release Candidate). Default = 20 |
before -
Cursor
|
Stability Level: 1.2 - Experimental (Release Candidate) |
last -
Int
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
query connectConnections(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
connectConnections(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...ConnectConnectionEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123
}
Response
{
"data": {
"connectConnections": {
"edges": [ConnectConnectionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
connectRun
Description
Returns the connection run that matches the referenced connection run ID.
Use of this field requires the Tanium permission Connect - Read.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectRun
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
query connectRun($ref: IdRefInput!) {
connectRun(ref: $ref) {
id
connectionID
status
createdTime
updatedTime
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"connectRun": {
"id": "4",
"connectionID": "4",
"status": "Starting",
"createdTime": "10:15:30Z",
"updatedTime": "10:15:30Z"
}
}
}
connectRuns
Description
Returns all connection runs started from a given connection configuration.
Use of this field requires the Tanium permission Connect - Read.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectRunConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Stability Level: 1.2 - Experimental (Release Candidate) |
first -
Int
|
Stability Level: 1.2 - Experimental (Release Candidate). Default = 20 |
before -
Cursor
|
Stability Level: 1.2 - Experimental (Release Candidate) |
last -
Int
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
query connectRuns(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
connectRuns(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...ConnectRunEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123
}
Response
{
"data": {
"connectRuns": {
"edges": [ConnectRunEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
currentUserContext
Description
Returns the current user and selected persona.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
TaniumPlatformUserContext!
Example
Query
query currentUserContext {
currentUserContext {
user {
...TaniumPlatformUserFragment
}
persona {
...TaniumPlatformUserPersonaFragment
}
}
}
Response
{
"data": {
"currentUserContext": {
"user": TaniumPlatformUser,
"persona": TaniumPlatformUserPersona
}
}
}
directConnectConnectionStatus
Description
Checks the status of a direct connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectConnectionStatusPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectConnectionStatusInput!
|
Stability Level: 3 - Stable |
Example
Query
query directConnectConnectionStatus($input: DirectConnectConnectionStatusInput!) {
directConnectConnectionStatus(input: $input) {
status
}
}
Variables
{"input": DirectConnectConnectionStatusInput}
Response
{"data": {"directConnectConnectionStatus": {"status": "UNKNOWN"}}}
directConnectEndpoint
Description
Obtains data from the specified endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Stability Level: 3 - Stable
Response
Returns a
DirectConnect
Arguments
| Name | Description |
|---|---|
input -
DirectConnectEndpointInput!
|
Stability Level: 3 - Stable |
Example
Query
query directConnectEndpoint($input: DirectConnectEndpointInput!) {
directConnectEndpoint(input: $input) {
performance {
...DirectConnectPerfFragment
}
processes {
...DirectConnectProcessesFragment
}
alerts {
...DirectConnectAlertsFragment
}
}
}
Variables
{"input": DirectConnectEndpointInput}
Response
{
"data": {
"directConnectEndpoint": {
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
}
}
directEndpoint
Description
Obtains data from the specified endpoint using a Direct Connect connection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectEndpoint instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
DirectConnect
Arguments
| Name | Description |
|---|---|
input -
OpenDirectConnectionInput!
|
Stability Level: 3 - Stable |
Example
Query
query directEndpoint($input: OpenDirectConnectionInput!) {
directEndpoint(input: $input) {
performance {
...DirectConnectPerfFragment
}
processes {
...DirectConnectProcessesFragment
}
alerts {
...DirectConnectAlertsFragment
}
}
}
Variables
{"input": OpenDirectConnectionInput}
Response
{
"data": {
"directEndpoint": {
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
}
}
discoverInterface
Description
Returns the Discover interface that matches the referenced ID.
Use of this field requires the Tanium permission Discover Asset - Read.
Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterface
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
query discoverInterface($ref: IdRefInput!) {
discoverInterface(ref: $ref) {
id
macAddress
manufacturer
hostnames
ipAddresses
labels {
...DiscoverLabelFragment
}
osPlatform
openPorts
discoveryMethods
lastSeenTime
computerId
natIPAddresses
osGeneration
profiles {
...DiscoverProfileFragment
}
cloudInstances {
...DiscoverCloudInstanceFragment
}
cloudTags {
...DiscoverCloudTagFragment
}
firstSeenTime
firstManagedTime
lastManagedTime
lastDiscoveredTime
isManaged
isUnmanageable
isIgnored
satellites {
...DiscoverSatelliteFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"discoverInterface": {
"id": 4,
"macAddress": "xyz789",
"manufacturer": "xyz789",
"hostnames": ["abc123"],
"ipAddresses": ["abc123"],
"labels": [DiscoverLabel],
"osPlatform": "xyz789",
"openPorts": [987],
"discoveryMethods": ["ARP"],
"lastSeenTime": "10:15:30Z",
"computerId": "abc123",
"natIPAddresses": ["abc123"],
"osGeneration": "abc123",
"profiles": [DiscoverProfile],
"cloudInstances": [DiscoverCloudInstance],
"cloudTags": [DiscoverCloudTag],
"firstSeenTime": "10:15:30Z",
"firstManagedTime": "10:15:30Z",
"lastManagedTime": "10:15:30Z",
"lastDiscoveredTime": "10:15:30Z",
"isManaged": true,
"isUnmanageable": false,
"isIgnored": true,
"satellites": [DiscoverSatellite]
}
}
}
discoverInterfaces
Description
Returns the matching Discover interfaces.
Use of this field requires the Tanium permission Discover Asset - Read.
Note: If location permissions are defined, the user will also require the User Group - Read permission and only the interfaces in locations allowed by the user's group membership will be returned. Otherwise, if the user has the Discover Location Permissions - Write permission they will see all interfaces regardless of group membership.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the Discover interfaces after the given cursor. Stability Level: 1.1 - Experimental (Active Development) |
first -
Int
|
Returns the first n Discover interfaces from the list.
Stability Level: 1.1 - Experimental (Active Development). Default = |
before -
Cursor
|
Returns the Discover interfaces before the given cursor. Stability Level: 1.1 - Experimental (Active Development) |
last -
Int
|
Returns the last n Discover interfaces from the list. Stability Level: 1.1 - Experimental (Active Development) |
filter -
FieldFilter
|
Returns only the Discover interfaces matching the filter. Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
query discoverInterfaces(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
discoverInterfaces(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...DiscoverInterfaceEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": FieldFilter
}
Response
{
"data": {
"discoverInterfaces": {
"edges": [DiscoverInterfaceEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
discoverLabel
Description
Returns the Discover label that matches the referenced name.
Use of this field requires the Tanium permission Discover Asset - Read.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabel
Arguments
| Name | Description |
|---|---|
ref -
NamedOnlyRefInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
query discoverLabel($ref: NamedOnlyRefInput!) {
discoverLabel(ref: $ref) {
name
type
createdTime
modifiedTime
}
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
"data": {
"discoverLabel": {
"name": "xyz789",
"type": "STANDARD",
"createdTime": "10:15:30Z",
"modifiedTime": "10:15:30Z"
}
}
}
discoverLabels
Description
Returns the matching Discover labels.
Use of this field requires the Tanium permission Discover Asset - Read.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the Discover labels after the given cursor. Stability Level: 1.1 - Experimental (Active Development) |
first -
Int
|
Returns the first n Discover labels from the list.
Stability Level: 1.1 - Experimental (Active Development). Default = |
before -
Cursor
|
Returns the Discover labels before the given cursor. Stability Level: 1.1 - Experimental (Active Development) |
last -
Int
|
Returns the last n Discover labels from the list. Stability Level: 1.1 - Experimental (Active Development) |
filter -
FieldFilter
|
Returns only the Discover labels matching the filter. Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
query discoverLabels(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
discoverLabels(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...DiscoverLabelEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": FieldFilter
}
Response
{
"data": {
"discoverLabels": {
"edges": [DiscoverLabelEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
emailServerSummaries
Description
Returns summary information for matching email servers, required to retrieve and use an email server to send emails. The response contains summary information only for email servers that are enabled to send emails.
Use of this field requires the Email solution.
Use of this field requires the Tanium permission Email Send.
Note: Only return summaries for email servers in content sets to which the user has the Email Send permission.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns an
EmailServerSummaryConnection
Example
Query
query emailServerSummaries(
$after: Cursor,
$first: Int
) {
emailServerSummaries(
after: $after,
first: $first
) {
edges {
...EmailServerSummaryEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{"after": Cursor, "first": 20}
Response
{
"data": {
"emailServerSummaries": {
"edges": [EmailServerSummaryEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
emailServerSummary
Description
Returns summary information for the email server matching the ID, required to retrieve and use an email server to send emails. The response contains the matching email server summary information only if the email server is enabled to send emails.
Use of this field requires the Email solution.
Use of this field requires the Tanium permission Email Send.
Note: Only returns a summary if the email server is in a content set to which the user has the Email Send permission.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns an
EmailServerSummary
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
query emailServerSummary($ref: IdRefInput!) {
emailServerSummary(ref: $ref) {
id
name
description
fromAddress
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"emailServerSummary": {
"id": 4,
"name": "abc123",
"description": "xyz789",
"fromAddress": "xyz789"
}
}
}
endpointCounts
Description
Returns the count of endpoints matching the input sensor column values. Requests might return an array of field values for a given column. For example, if you define the Installed Application sensor in EndpointCountsInput.sensors, the results include multiple applications per row count. For the Installed Application sensor Name column, the values field returns an array of multiple applications.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns an
EndpointCountsConnection
Arguments
| Name | Description |
|---|---|
input -
EndpointCountsInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
query endpointCounts($input: EndpointCountsInput!) {
endpointCounts(input: $input) {
edges {
...EndpointCountsEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{"input": EndpointCountsInput}
Response
{
"data": {
"endpointCounts": {
"edges": [EndpointCountsEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
endpointIdChanges
Description
Changed endpoint IDs from Tanium Data Service for the given namespace and timespan.
Stability Level: 3 - Stable
Response
Returns an
EndpointIdChangesPayload!
Arguments
| Name | Description |
|---|---|
after -
Time!
|
The date and time of the oldest record to retrieve. Retrieve records newer than this time. Stability Level: 3 - Stable |
namespace -
String
|
Tanium Data Service (TDS) namespace to search against. If no value is specified, the TDS default namespace is used. Example: unmanaged_user_specified Stability Level: 3 - Stable |
Example
Query
query endpointIdChanges(
$after: Time!,
$namespace: String
) {
endpointIdChanges(
after: $after,
namespace: $namespace
) {
changes {
...EndpointIdChangeFragment
}
before
}
}
Variables
{
"after": "10:15:30Z",
"namespace": "abc123"
}
Response
{
"data": {
"endpointIdChanges": {
"changes": [EndpointIdChange],
"before": "10:15:30Z"
}
}
}
endpoints
Description
Returns the matching endpoints from the specified source. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns an
EndpointConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the endpoints after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n endpoints from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the endpoints before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n endpoints from the list. This must be given if Stability Level: 3 - Stable |
filter -
EndpointFieldFilter
|
Returns only the endpoints matching the filter. Stability Level: 3 - Stable |
sort -
[EndpointFieldSort!]
|
Sorts the endpoints. Define up to one sort field. If no sort is provided, the endpoints order is undefined and should not be relied on. Stability Level: 3 - Stable |
source -
EndpointSource
|
Describes the data source from which to retrieve the endpoints. This defaults to the Tanium Data Service source in the default Tanium endpoint namespace. Stability Level: 3 - Stable |
refresh -
Cursor
|
Refreshes the endpoints collection identified by the given cursor, if possible. If so, this will invalidate the collection identified by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available. This is primarily intended for use with the Tanium Server data source, where endpoint sensor readings may accumulate for many minutes beyond the original query response. Stability Level: 3 - Stable |
Example
Query
query endpoints(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: EndpointFieldFilter,
$sort: [EndpointFieldSort!],
$source: EndpointSource,
$refresh: Cursor
) {
endpoints(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter,
sort: $sort,
source: $source,
refresh: $refresh
) {
edges {
...EndpointEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
collectionInfo {
...EndpointCollectionInfoFragment
}
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": EndpointFieldFilter,
"sort": [EndpointFieldSort],
"source": EndpointSource,
"refresh": Cursor
}
Response
{
"data": {
"endpoints": {
"edges": [EndpointEdge],
"pageInfo": PageInfo,
"totalRecords": 987,
"collectionInfo": EndpointCollectionInfo
}
}
}
myAPITokens
Description
Returns the API tokens for the current user.
Stability Level: 3 - Stable
Response
Returns an
APITokenQueryPayload!
Example
Query
query myAPITokens {
myAPITokens {
tokens {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Response
{
"data": {
"myAPITokens": {
"tokens": [APIToken],
"error": SystemError
}
}
}
now
Description
The current server time. Useful to test your ability to query the server.
Stability Level: 3 - Stable
Response
Returns a
Time!
Example
Query
query now {
now
}
Response
{"data": {"now": "10:15:30Z"}}
packageSpecs
Description
Returns the matching package specs. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
PackageSpecConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the package specs after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n package specs from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the package specs before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n package specs from the list. This must be given if Stability Level: 3 - Stable |
filter -
FieldFilter
|
Returns only the package specs matching the filter. Stability Level: 3 - Stable |
Example
Query
query packageSpecs(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
packageSpecs(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...PackageSpecEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"filter": FieldFilter
}
Response
{
"data": {
"packageSpecs": {
"edges": [PackageSpecEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
packages
Description
Returns the matching packages.
Stability Level: 2 - Legacy Use packageSpecs instead, which has improved pagination and parameter support.
Response
Returns a
PackagePagination
Arguments
| Name | Description |
|---|---|
paginationId -
String
|
The ID of the paginated results. Stability Level: 3 - Stable |
page -
Int
|
The page of records to return.
Stability Level: 3 - Stable. Default = |
perPage -
Int
|
The number of records to return.
Stability Level: 3 - Stable. Default = |
filterSet -
String
|
The name of the filter set to return. Stability Level: 3 - Stable |
Example
Query
query packages(
$paginationId: String,
$page: Int,
$perPage: Int,
$filterSet: String
) {
packages(
paginationId: $paginationId,
page: $page,
perPage: $perPage,
filterSet: $filterSet
) {
items {
...PackageFragment
}
pageInfo {
...PaginationInfoWithIDFragment
}
}
}
Variables
{
"paginationId": "abc123",
"page": 1,
"perPage": 100,
"filterSet": "xyz789"
}
Response
{
"data": {
"packages": {
"items": [Package],
"pageInfo": PaginationInfoWithID
}
}
}
patchDefinitions
Description
Returns the matching patch definitions.
Use of this field requires the Tanium permission Patch Show.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchDefinitionConnection!
Arguments
| Name | Description |
|---|---|
filter -
PatchDefinitionFieldFilter
|
Returns only patch definitions matching the filter. Stability Level: 1.0 - Experimental (Early Development) |
after -
Cursor
|
Returns the patch definitions after the given cursor. Stability Level: 1.0 - Experimental (Early Development) |
first -
Int
|
Returns the first n patch definitions from the list.
Stability Level: 1.0 - Experimental (Early Development). Default = |
before -
Cursor
|
Returns the patch definitions before the given cursor. Stability Level: 1.0 - Experimental (Early Development) |
last -
Int
|
Returns the last n patch definitions from the list. Stability Level: 1.0 - Experimental (Early Development) |
sort -
PatchDefinitionFieldSort!
|
Sorts the patch definitions.
Stability Level: 1.0 - Experimental (Early Development). Default = |
Example
Query
query patchDefinitions(
$filter: PatchDefinitionFieldFilter,
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$sort: PatchDefinitionFieldSort!
) {
patchDefinitions(
filter: $filter,
after: $after,
first: $first,
before: $before,
last: $last,
sort: $sort
) {
edges {
...PatchDefinitionEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"filter": PatchDefinitionFieldFilter,
"after": Cursor,
"first": 100,
"before": Cursor,
"last": 123,
"sort": {"field": "releaseDate", "order": "desc"}
}
Response
{
"data": {
"patchDefinitions": {
"edges": [PatchDefinitionEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
patchDeployment
Description
Returns the Patch deployment that matches the referenced ID.
Use of this field requires the Tanium permission Patch Deployment - Read.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchDeployment
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
query patchDeployment($ref: IdRefInput!) {
patchDeployment(ref: $ref) {
id
name
type
platform
contentSet {
...IdRefFragment
}
description
contentDeploymentType
patchLists {
...PatchListRefFragment
}
patches {
...IdRefFragment
}
targets {
...PatchTargetsFragment
}
schedule {
...PatchScheduleFragment
}
downloadImmediately
overrideBlocklists
restart
notifications {
...PatchNotificationsFragment
}
author {
...TaniumPlatformUserFragment
}
createdTime
updatedTime
stoppedTime
status
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"patchDeployment": {
"id": "4",
"name": "xyz789",
"type": "INSTALL",
"platform": "WINDOWS",
"contentSet": IdRef,
"description": "xyz789",
"contentDeploymentType": "MANUAL_SELECTION",
"patchLists": [PatchListRef],
"patches": [IdRef],
"targets": PatchTargets,
"schedule": PatchSchedule,
"downloadImmediately": false,
"overrideBlocklists": false,
"restart": true,
"notifications": PatchNotifications,
"author": TaniumPlatformUser,
"createdTime": "10:15:30Z",
"updatedTime": "10:15:30Z",
"stoppedTime": "10:15:30Z",
"status": "INACTIVE"
}
}
}
relationshipTypes
Description
Returns all configuration item relationship types from the CMDB.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipTypeResult
Example
Query
query relationshipTypes {
relationshipTypes {
items {
...RelationshipTypeFragment
}
}
}
Response
{
"data": {
"relationshipTypes": {"items": [RelationshipType]}
}
}
report
Description
Returns the report that matches the referenced ID.
Stability Level: 3 - Stable
Response
Returns a
Report
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
query report($ref: IdRefInput!) {
report(ref: $ref) {
id
name
description
contentSet {
...NamedRefFragment
}
labels
createdTime
author {
...PrincipalFragment
}
modifiedTime
lastModifiedBy {
...PrincipalFragment
}
moduleName
favorite
viewDetails {
...ReportViewFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"report": {
"id": "4",
"name": "abc123",
"description": "abc123",
"contentSet": NamedRef,
"labels": ["abc123"],
"createdTime": "10:15:30Z",
"author": Principal,
"modifiedTime": "10:15:30Z",
"lastModifiedBy": Principal,
"moduleName": "xyz789",
"favorite": false,
"viewDetails": ReportView
}
}
}
reportExport
Description
Exports the definition of the identified report. The exported definition can be used with the API Gateway reportImport mutation to recreate the report in a different Tanium environment.
Stability Level: 3 - Stable
Response
Returns a
ReportExportPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
query reportExport($ref: IdRefInput!) {
reportExport(ref: $ref) {
reportDefinition
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"reportExport": {
"reportDefinition": "abc123"
}
}
}
reportResultData
Description
Retrieves data for the specified report, including details of the report definition. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 15 minutes.
Stability Level: 3 - Stable
Response
Returns a
ReportResultDataConnection
Arguments
| Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the report to retrieve result data for. Stability Level: 3 - Stable |
after -
Cursor
|
Returns the report result data records after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n report result data records from the list.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the report result data records before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last n report result data records from the list. Stability Level: 3 - Stable |
refresh -
Cursor
|
Refreshes the report result data collection identified by the given cursor, if possible. If so, this will invalidate the collection identified by the given cursor and return a new collection with new cursor values. Otherwise, the existing collection will remain available. Stability Level: 3 - Stable |
summarize -
Boolean!
|
Summarize the results by combining duplicate rows. Include the
Stability Level: 3 - Stable. Default = |
Example
Query
query reportResultData(
$id: ID!,
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$refresh: Cursor,
$summarize: Boolean!
) {
reportResultData(
id: $id,
after: $after,
first: $first,
before: $before,
last: $last,
refresh: $refresh,
summarize: $summarize
) {
viewDetails {
...ReportViewFragment
}
edges {
...ReportResultDataEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
collectionInfo {
...ReportResultDataCollectionInfoFragment
}
}
}
Variables
{
"id": 4,
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 987,
"refresh": Cursor,
"summarize": false
}
Response
{
"data": {
"reportResultData": {
"viewDetails": ReportView,
"edges": [ReportResultDataEdge],
"pageInfo": PageInfo,
"totalRecords": 123,
"collectionInfo": ReportResultDataCollectionInfo
}
}
}
reports
Description
Returns the matching reports.
Stability Level: 3 - Stable
Response
Returns a
ReportConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the reports after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n reports from the list.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the reports before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last n reports from the list. Stability Level: 3 - Stable |
filter -
ReportFieldFilter
|
Returns only the reports matching the filter. Stability Level: 3 - Stable |
Example
Query
query reports(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: ReportFieldFilter
) {
reports(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ReportEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": ReportFieldFilter
}
Response
{
"data": {
"reports": {
"edges": [ReportEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
scheduledAction
Description
Finds the identified scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledAction
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
query scheduledAction($ref: IdRefInput!) {
scheduledAction(ref: $ref) {
id
targets {
...ActionTargetsFragment
}
package {
...PackageRefFragment
}
distributeSeconds
expireSeconds
endTime
issueSeconds
startTime
name
comment
approved
issueCount
lastStartTime
nextStartTime
status
creator {
...PrincipalFragment
}
approver {
...PrincipalFragment
}
metadata {
...MetadataFragment
}
lastAction {
...ActionFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledAction": {
"id": 4,
"targets": ActionTargets,
"package": PackageRef,
"distributeSeconds": 123,
"expireSeconds": 123,
"endTime": "10:15:30Z",
"issueSeconds": 123,
"startTime": "10:15:30Z",
"name": "abc123",
"comment": "xyz789",
"approved": false,
"issueCount": 123,
"lastStartTime": "10:15:30Z",
"nextStartTime": "10:15:30Z",
"status": "ENABLED",
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"lastAction": Action
}
}
}
scheduledActions
Description
Returns the matching scheduled actions. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the scheduled actions after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n scheduled actions from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the scheduled actions before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n scheduled actions from the list. This must be given if Stability Level: 3 - Stable |
filter -
FieldFilter
|
Returns only the scheduled actions matching the filter. The filter must be either a simple filter or a compound filter with a single set of simple child filters which all must match. The paths which support filtering include: This filter does not support the Stability Level: 3 - Stable |
Example
Query
query scheduledActions(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter
) {
scheduledActions(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter
) {
edges {
...ScheduledActionEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 20,
"before": Cursor,
"last": 123,
"filter": FieldFilter
}
Response
{
"data": {
"scheduledActions": {
"edges": [ScheduledActionEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
}
}
sensors
Description
Returns the matching sensors. The cursors in the returned connections are usable for 5 minutes after the most recent request in the cursored results, with a maximum lifetime of 1 hour.
Stability Level: 3 - Stable
Response
Returns a
SensorConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the sensors after the given cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n sensors from the list. This has a maximum value of 5,000.
Stability Level: 3 - Stable. Default = |
before -
Cursor
|
Returns the sensors before the given cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last
n sensors from the list. This must be given if Stability Level: 3 - Stable |
filter -
FieldFilter
|
Returns only the sensors matching the filter. Stability Level: 3 - Stable |
includeHidden -
Boolean!
|
Whether to include hidden sensors in the results.
Stability Level: 3 - Stable. Default = |
Example
Query
query sensors(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int,
$filter: FieldFilter,
$includeHidden: Boolean!
) {
sensors(
after: $after,
first: $first,
before: $before,
last: $last,
filter: $filter,
includeHidden: $includeHidden
) {
edges {
...SensorEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalRecords
}
}
Variables
{
"after": Cursor,
"first": 2000,
"before": Cursor,
"last": 987,
"filter": FieldFilter,
"includeHidden": false
}
Response
{
"data": {
"sensors": {
"edges": [SensorEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
}
}
softwareDeployment
Description
Returns the details of software package deployments. If you specify a deployment ID, this returns the details of that deployment. If you do not specify a deployment ID, this returns the details of all deployments.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns
[SoftwareDeploymentDetails!]!
Arguments
| Name | Description |
|---|---|
id -
ID
|
The ID of a software package deployment, such as the ID returned by Stability Level: 3 - Stable |
Example
Query
query softwareDeployment($id: ID) {
softwareDeployment(id: $id) {
ID
name
errors {
...SoftwareDeploymentErrorCountFragment
}
status {
...SoftwareDeploymentStatusFragment
}
}
}
Variables
{"id": 4}
Response
{
"data": {
"softwareDeployment": [
{
"ID": "4",
"name": "xyz789",
"errors": [SoftwareDeploymentErrorCount],
"status": SoftwareDeploymentStatus
}
]
}
}
softwarePackages
Description
Returns the software package catalog from Deploy.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns a
SoftwarePackageConnection
Arguments
| Name | Description |
|---|---|
after -
Cursor
|
Returns the software packages after the cursor. Stability Level: 3 - Stable |
first -
Int
|
Returns the first n software packages from the list. Stability Level: 3 - Stable |
before -
Cursor
|
Returns the software packages before the cursor. Stability Level: 3 - Stable |
last -
Int
|
Returns the last n software packages from the list. Stability Level: 3 - Stable |
Example
Query
query softwarePackages(
$after: Cursor,
$first: Int,
$before: Cursor,
$last: Int
) {
softwarePackages(
after: $after,
first: $first,
before: $before,
last: $last
) {
edges {
...SoftwarePackageEdgeFragment
}
pageInfo {
...PageInfoFragment
}
totalCount
}
}
Variables
{
"after": Cursor,
"first": 123,
"before": Cursor,
"last": 123
}
Response
{
"data": {
"softwarePackages": {
"edges": [SoftwarePackageEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
}
}
Mutations
actionCreate
Description
Creates an action.
Stability Level: 3 - Stable
Response
Returns an
ActionCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ActionCreateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation actionCreate($input: ActionCreateInput!) {
actionCreate(input: $input) {
action {
...ActionFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionCreateInput}
Response
{
"data": {
"actionCreate": {
"action": Action,
"error": SystemError
}
}
}
actionGroupCreate
Description
Creates an action group from the given input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroupCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ActionGroupCreateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation actionGroupCreate($input: ActionGroupCreateInput!) {
actionGroupCreate(input: $input) {
group {
...ActionGroupFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionGroupCreateInput}
Response
{
"data": {
"actionGroupCreate": {
"group": ActionGroup,
"error": SystemError
}
}
}
actionGroupDelete
Description
Deletes an action group with the given input.
Stability Level: 3 - Stable
Response
Returns an
ActionGroupDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation actionGroupDelete($ref: NamedRefInput!) {
actionGroupDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"actionGroupDelete": {"id": 4, "error": SystemError}
}
}
actionPerform
Description
Creates the actions or scheduled actions necessary to perform the request. This can run a specific package or a registered operation.
Stability Level: 3 - Stable
Response
Returns an
ActionPerformPayload!
Arguments
| Name | Description |
|---|---|
input -
ActionPerformInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation actionPerform($input: ActionPerformInput!) {
actionPerform(input: $input) {
scheduledActions {
...ActionPerformPlatformFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ActionPerformInput}
Response
{
"data": {
"actionPerform": {
"scheduledActions": [ActionPerformPlatform],
"error": SystemError
}
}
}
actionStop
Description
Stops an action in progress.
Stability Level: 3 - Stable
Response
Returns an
ActionStopPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation actionStop($ref: IdRefInput!) {
actionStop(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"actionStop": {
"id": "4",
"error": SystemError
}
}
}
apiTokenGrant
Description
Creates an API token for the current user.
If you specify a persona, the created token uses the persona's permissions.
Stability Level: 3 - Stable
Response
Returns an
APITokenGrantPayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenGrantInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation apiTokenGrant($input: APITokenGrantInput!) {
apiTokenGrant(input: $input) {
token {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenGrantInput}
Response
{
"data": {
"apiTokenGrant": {
"token": APIToken,
"error": SystemError
}
}
}
apiTokenRevoke
Description
Deletes the API token with the specified ID.
Stability Level: 3 - Stable
Response
Returns an
APITokenRevokePayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenRevokeInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation apiTokenRevoke($input: APITokenRevokeInput!) {
apiTokenRevoke(input: $input) {
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenRevokeInput}
Response
{"data": {"apiTokenRevoke": {"error": SystemError}}}
apiTokenRotate
Description
Rotates the API token with the specified token string.
The new API token maintains applicable properties of the original API token, including persona, trusted IP addresses and notes.
Stability Level: 3 - Stable
Response
Returns an
APITokenRotatePayload!
Arguments
| Name | Description |
|---|---|
input -
APITokenRotateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation apiTokenRotate($input: APITokenRotateInput!) {
apiTokenRotate(input: $input) {
token {
...APITokenFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": APITokenRotateInput}
Response
{
"data": {
"apiTokenRotate": {
"token": APIToken,
"error": SystemError
}
}
}
assetProducts
Description
Changes product usage gathering metrics
Use of this field requires the Tanium permission asset api user write.
Stability Level: 3 - Stable
Response
Returns an
AssetProductsPayload
Arguments
| Name | Description |
|---|---|
input -
[AssetProductsInput!]!
|
Stability Level: 3 - Stable |
Example
Query
mutation assetProducts($input: [AssetProductsInput!]!) {
assetProducts(input: $input) {
products {
...AssetProductsResultFragment
}
}
}
Variables
{"input": [AssetProductsInput]}
Response
{
"data": {
"assetProducts": {"products": [AssetProductsResult]}
}
}
assetsImport
Description
Creates or updates assets for the Asset solution.
Use of this field requires the Tanium permission asset api user write.
Stability Level: 3 - Stable
Response
Returns an
AssetsImportPayload!
Arguments
| Name | Description |
|---|---|
input -
AssetsImportInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation assetsImport($input: AssetsImportInput!) {
assetsImport(input: $input) {
assets {
...AssetImportPayloadFragment
}
}
}
Variables
{"input": AssetsImportInput}
Response
{
"data": {
"assetsImport": {"assets": [AssetImportPayload]}
}
}
closeDirectConnection
Description
Closes an open Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectClose instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
CloseDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
CloseDirectConnectionInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation closeDirectConnection($input: CloseDirectConnectionInput!) {
closeDirectConnection(input: $input) {
result
}
}
Variables
{"input": CloseDirectConnectionInput}
Response
{"data": {"closeDirectConnection": {"result": false}}}
computerGroupCreate
Description
Creates a standard computer group from the given input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ComputerGroupCreateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation computerGroupCreate($input: ComputerGroupCreateInput!) {
computerGroupCreate(input: $input) {
group {
...ComputerGroupFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ComputerGroupCreateInput}
Response
{
"data": {
"computerGroupCreate": {
"group": ComputerGroup,
"error": SystemError
}
}
}
computerGroupDelete
Description
Deletes a computer group with the given input.
Stability Level: 3 - Stable
Response
Returns a
ComputerGroupDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation computerGroupDelete($ref: NamedRefInput!) {
computerGroupDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedRefInput}
Response
{
"data": {
"computerGroupDelete": {
"id": "4",
"error": SystemError
}
}
}
connectConnectionStart
Description
Starts a connection run.
Use of this field requires the Tanium permission Connect - Run.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectConnectionStartPayload!
Arguments
| Name | Description |
|---|---|
input -
ConnectConnectionStartInput!
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
mutation connectConnectionStart($input: ConnectConnectionStartInput!) {
connectConnectionStart(input: $input) {
run {
...ConnectRunFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ConnectConnectionStartInput}
Response
{
"data": {
"connectConnectionStart": {
"run": ConnectRun,
"error": SystemError
}
}
}
connectConnectionStop
Description
Stops an in-progress connection run. This has no effect on connection runs that are not in progress.
Use of this field requires the Tanium permission Connect - Run.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ConnectConnectionStopPayload!
Arguments
| Name | Description |
|---|---|
input -
ConnectConnectionStopInput!
|
Stability Level: 1.2 - Experimental (Release Candidate) |
Example
Query
mutation connectConnectionStop($input: ConnectConnectionStopInput!) {
connectConnectionStop(input: $input) {
run {
...ConnectRunFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ConnectConnectionStopInput}
Response
{
"data": {
"connectConnectionStop": {
"run": ConnectRun,
"error": SystemError
}
}
}
deleteConfigurationItemElement
Description
Deletes the specified configuration item elements. Only customer-supplied elements can be deleted.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
DeleteConfigurationItemElementResult
Arguments
| Name | Description |
|---|---|
input -
DeleteConfigurationItemElementInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation deleteConfigurationItemElement($input: DeleteConfigurationItemElementInput!) {
deleteConfigurationItemElement(input: $input) {
error
}
}
Variables
{"input": DeleteConfigurationItemElementInput}
Response
{
"data": {
"deleteConfigurationItemElement": {
"error": "xyz789"
}
}
}
deleteRelationship
Description
Deletes the specified relationships.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipResult
Arguments
| Name | Description |
|---|---|
relationships -
DeleteRelationshipInput
|
Stability Level: 3 - Stable |
Example
Query
mutation deleteRelationship($relationships: DeleteRelationshipInput) {
deleteRelationship(relationships: $relationships) {
items {
...RelationshipFragment
}
}
}
Variables
{"relationships": DeleteRelationshipInput}
Response
{
"data": {
"deleteRelationship": {"items": [Relationship]}
}
}
directConnectClose
Description
Closes an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectClosePayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectCloseInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation directConnectClose($input: DirectConnectCloseInput!) {
directConnectClose(input: $input) {
result
}
}
Variables
{"input": DirectConnectCloseInput}
Response
{"data": {"directConnectClose": {"result": true}}}
directConnectOpen
Description
Initiates a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.
A response will be returned within 25 seconds. If the connection has not been successfully established within that time frame, you can use the directConnectConnectionStatus query with the returned connection ID to poll for readiness.
An open connection is closed after 5 minutes of inactivity.
Connections opened with directConnectOpen are compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.
Connections opened with directConnectOpen are not compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectOpenPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectOpenInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation directConnectOpen($input: DirectConnectOpenInput!) {
directConnectOpen(input: $input) {
connectionID
status
}
}
Variables
{"input": DirectConnectOpenInput}
Response
{"data": {"directConnectOpen": {"connectionID": 4, "status": "UNKNOWN"}}}
directConnectPing
Description
Performs a ping to an endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect solution.
Use of this field requires the Tanium permission Direct Connect Session Write.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectPingPayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectPingInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation directConnectPing($input: DirectConnectPingInput!) {
directConnectPing(input: $input) {
result
}
}
Variables
{"input": DirectConnectPingInput}
Response
{"data": {"directConnectPing": {"result": true}}}
directConnectProcessTerminate
Description
Terminates the specified process on an endpoint using an open Direct Connect connection.
The input requires a direct endpoint connection opened using directConnectOpen.
Use of this field requires the Direct Connect, Performance solutions.
Use of this field requires the Tanium permission Performance Kill Process.
Stability Level: 3 - Stable
Response
Returns a
DirectConnectProcessTerminatePayload!
Arguments
| Name | Description |
|---|---|
input -
DirectConnectProcessTerminateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation directConnectProcessTerminate($input: DirectConnectProcessTerminateInput!) {
directConnectProcessTerminate(input: $input) {
result
}
}
Variables
{"input": DirectConnectProcessTerminateInput}
Response
{"data": {"directConnectProcessTerminate": {"result": true}}}
discoverInterfaceAddLabel
Description
Adds standard labels to specific Discover interfaces.
Use of this field requires the Tanium permission Discover Tag - Write.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceAddLabelPayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverInterfaceAddLabelInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
mutation discoverInterfaceAddLabel($input: DiscoverInterfaceAddLabelInput!) {
discoverInterfaceAddLabel(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverInterfaceAddLabelInput}
Response
{
"data": {
"discoverInterfaceAddLabel": {
"cursor": Cursor,
"success": false,
"error": SystemError
}
}
}
discoverInterfaceRemoveLabel
Description
Removes standard labels from specific Discover interfaces.
Use of this field requires the Tanium permission Discover Tag - Write.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverInterfaceAddLabelPayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverInterfaceRemoveLabelInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
mutation discoverInterfaceRemoveLabel($input: DiscoverInterfaceRemoveLabelInput!) {
discoverInterfaceRemoveLabel(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverInterfaceRemoveLabelInput}
Response
{
"data": {
"discoverInterfaceRemoveLabel": {
"cursor": Cursor,
"success": false,
"error": SystemError
}
}
}
discoverLabelCreate
Description
Creates a Discover label from the given input.
Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write.
Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
DiscoverLabelCreateInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
mutation discoverLabelCreate($input: DiscoverLabelCreateInput!) {
discoverLabelCreate(input: $input) {
label {
...DiscoverLabelFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": DiscoverLabelCreateInput}
Response
{
"data": {
"discoverLabelCreate": {
"label": DiscoverLabel,
"error": SystemError
}
}
}
discoverLabelDelete
Description
Deletes a Discover label with the given input.
Use of this field requires one of the following Tanium permissions: Discover Tag - Write, Discover Location Permissions - Write.
Note: Discover Location Permissions - Write is required when there is at least one Location Permission defined in Discover. Otherwise, Discover Tag - Write is required.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
DiscoverLabelDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
NamedOnlyRefInput!
|
Stability Level: 1.1 - Experimental (Active Development) |
Example
Query
mutation discoverLabelDelete($ref: NamedOnlyRefInput!) {
discoverLabelDelete(ref: $ref) {
name
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": NamedOnlyRefInput}
Response
{
"data": {
"discoverLabelDelete": {
"name": "xyz789",
"error": SystemError
}
}
}
emailSend
Description
Submits a request to the Tanium Email service to send an email using a selected email server.
Use of this field requires the Email solution.
Use of this field requires the Tanium permission Email Send.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns an
EmailSendPayload!
Arguments
| Name | Description |
|---|---|
input -
EmailSendInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
mutation emailSend($input: EmailSendInput!) {
emailSend(input: $input) {
queuedTime
error {
...SystemErrorFragment
}
}
}
Variables
{"input": EmailSendInput}
Response
{
"data": {
"emailSend": {
"queuedTime": "10:15:30Z",
"error": SystemError
}
}
}
importConfigurationItemEntities
Description
Imports the specified entities. If an id is specified, the existing entity matching that id is updated. If no id is specified, a new entity is created.
You can specify a maximum of 100 entities. The request fails if you exceed 100 entities. The response returns entities in the same order as specified in the input. Entities that fail to import have an errorMessage.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns an
ImportConfigurationItemEntitiesPayload!
Arguments
| Name | Description |
|---|---|
input -
[EntityInput!]!
|
Stability Level: 3 - Stable |
Example
Query
mutation importConfigurationItemEntities($input: [EntityInput!]!) {
importConfigurationItemEntities(input: $input) {
entities {
...ImportConfigurationItemEntityPayloadFragment
}
importedCount
failedCount
}
}
Variables
{"input": [EntityInput]}
Response
{
"data": {
"importConfigurationItemEntities": {
"entities": [ImportConfigurationItemEntityPayload],
"importedCount": 123,
"failedCount": 987
}
}
}
killProcess
Description
Terminates the specified process on an endpoint using a Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectProcessTerminate instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
KillProcessPayload!
Arguments
| Name | Description |
|---|---|
input -
KillProcessInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation killProcess($input: KillProcessInput!) {
killProcess(input: $input) {
result
}
}
Variables
{"input": KillProcessInput}
Response
{"data": {"killProcess": {"result": true}}}
manageSoftware
Description
Creates a new Deploy software package deployment to install, update, or remove a software package.
Use of this field requires the Deploy solution.
Stability Level: 3 - Stable
Response
Returns a
SoftwareDeploymentDetails!
Arguments
| Name | Description |
|---|---|
operation -
SoftwareOperation!
|
The operation to perform. Stability Level: 3 - Stable |
softwarePackageID -
ID!
|
The ID of the software package in Deploy. Stability Level: 3 - Stable |
target -
SoftwareTarget
|
The endpoints on which to perform the operation. Stability Level: 3 - Stable |
start -
Time!
|
The date and time at which the operation runs on the endpoints. Stability Level: 3 - Stable |
end -
Time!
|
The date and time after which endpoints will not run the operation. Operations that started might continue running after this time. Stability Level: 3 - Stable |
description -
String
|
A description of the operation. Stability Level: 3 - Stable |
Example
Query
mutation manageSoftware(
$operation: SoftwareOperation!,
$softwarePackageID: ID!,
$target: SoftwareTarget,
$start: Time!,
$end: Time!,
$description: String
) {
manageSoftware(
operation: $operation,
softwarePackageID: $softwarePackageID,
target: $target,
start: $start,
end: $end,
description: $description
) {
ID
name
errors {
...SoftwareDeploymentErrorCountFragment
}
status {
...SoftwareDeploymentStatusFragment
}
}
}
Variables
{
"operation": "INSTALL",
"softwarePackageID": "4",
"target": SoftwareTarget,
"start": "10:15:30Z",
"end": "10:15:30Z",
"description": "abc123"
}
Response
{
"data": {
"manageSoftware": {
"ID": "4",
"name": "xyz789",
"errors": [SoftwareDeploymentErrorCount],
"status": SoftwareDeploymentStatus
}
}
}
mergeConfigurationItemElements
Description
Merges two configuration item elements. The target element must be private if the duplicate element is private. The two elements must inherit from the same class. The target element must be in the category of "ManagedEndpoint" or "UnmanagedEndpoint". The duplicate element must be in the category of "UnmanagedEndpoint" or "CustomerItem". If the duplicate element category is "UnmanagedEndpoint", it must have a namespace of "unmanaged_user_specified". Comments, details, and the relationships are copied. Duplicate relationships or inverse relationships are deleted. The duplicate element is deleted.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
MergeConfigurationItemElementsPayload!
Arguments
| Name | Description |
|---|---|
input -
MergeConfigurationItemElementsInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation mergeConfigurationItemElements($input: MergeConfigurationItemElementsInput!) {
mergeConfigurationItemElements(input: $input) {
element {
...ElementFragment
}
}
}
Variables
{"input": MergeConfigurationItemElementsInput}
Response
{
"data": {
"mergeConfigurationItemElements": {"element": Element}
}
}
openDirectConnection
Description
Establishes a Direct Connect connection with an endpoint, returning a connection ID which you can use for Direct Connect queries.
The connection is closed after 2 minutes of inactivity.
Connections opened with openDirectConnection are compatible with legacy Direct Connect APIs, including directEndpoint, pingDirectConnection, killProcess, and closeDirectConnection.
Connections opened with openDirectConnection are not compatible with stable Direct Connect APIs, including directConnectEndpoint, directConnectPing, directConnectProcessTerminate, and directConnectClose.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectOpen instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns an
OpenDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
OpenDirectConnectionInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation openDirectConnection($input: OpenDirectConnectionInput!) {
openDirectConnection(input: $input) {
connectionID
}
}
Variables
{"input": OpenDirectConnectionInput}
Response
{"data": {"openDirectConnection": {"connectionID": 4}}}
patchCreateDeployment
Description
Creates a Patch deployment.
Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchCreateDeploymentPayload!
Arguments
| Name | Description |
|---|---|
input -
PatchCreateDeploymentInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
mutation patchCreateDeployment($input: PatchCreateDeploymentInput!) {
patchCreateDeployment(input: $input) {
deployment {
...PatchDeploymentFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": PatchCreateDeploymentInput}
Response
{
"data": {
"patchCreateDeployment": {
"deployment": PatchDeployment,
"error": SystemError
}
}
}
patchStopDeployment
Description
Stops the in-progress Patch deployment that matches the reference ID, or prevents the future-scheduled Patch deployment that matches the reference ID from starting at the start time. This has no effect on finished deployments.
Use of this field requires all of the following Tanium permissions: Patch Deployment - Execute, Patch Deployment - Write.
Stability Level: 1.0 - Experimental (Early Development)
Response
Returns a
PatchStopDeploymentPayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 1.0 - Experimental (Early Development) |
Example
Query
mutation patchStopDeployment($ref: IdRefInput!) {
patchStopDeployment(ref: $ref) {
deployment {
...PatchDeploymentFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"patchStopDeployment": {
"deployment": PatchDeployment,
"error": SystemError
}
}
}
ping
Description
Returns true. Useful to test your ability to issue commands to the server.
Stability Level: 3 - Stable
Response
Returns a
Boolean!
Example
Query
mutation ping {
ping
}
Response
{"data": {"ping": false}}
pingDirectConnection
Description
Performs a ping to an endpoint using a Direct Connect connection.
The input requires a direct endpoint connection opened using openDirectConnection.
Use of this field requires the Direct Connect solution.
Stability Level: 2 - Legacy Use directConnectPing instead. The directConnect APIs provide better support for tracking connections that take longer to establish.
Response
Returns a
PingDirectConnectionPayload!
Arguments
| Name | Description |
|---|---|
input -
PingDirectConnectionInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation pingDirectConnection($input: PingDirectConnectionInput!) {
pingDirectConnection(input: $input) {
result
}
}
Variables
{"input": PingDirectConnectionInput}
Response
{"data": {"pingDirectConnection": {"result": true}}}
reportDelete
Description
Deletes a report.
Use of this field requires the Tanium permission Report Write.
Stability Level: 1.2 - Experimental (Release Candidate)
Response
Returns a
ReportDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation reportDelete($ref: IdRefInput!) {
reportDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"reportDelete": {
"id": "4",
"error": SystemError
}
}
}
reportImport
Description
Imports a report definition that was previously exported using the API Gateway reportExport query.
Stability Level: 3 - Stable
Response
Returns a
ReportImportPayload!
Arguments
| Name | Description |
|---|---|
input -
ReportImportInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation reportImport($input: ReportImportInput!) {
reportImport(input: $input) {
report {
...ReportFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ReportImportInput}
Response
{
"data": {
"reportImport": {
"report": Report,
"error": SystemError
}
}
}
reportingDashboardDelete
Description
Deletes a Reporting dashboard.
Use of this field requires the Tanium permission Dashboard Write.
Stability Level: 1.1 - Experimental (Active Development)
Response
Returns a
ReportingDashboardDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation reportingDashboardDelete($ref: IdRefInput!) {
reportingDashboardDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"reportingDashboardDelete": {
"id": "4",
"error": SystemError
}
}
}
scheduledActionApprove
Description
Approves a pending scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionApprovePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation scheduledActionApprove($ref: IdRefInput!) {
scheduledActionApprove(ref: $ref) {
id
approved
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledActionApprove": {
"id": "4",
"approved": true,
"error": SystemError
}
}
}
scheduledActionCreate
Description
Creates a scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionCreatePayload!
Arguments
| Name | Description |
|---|---|
input -
ScheduledActionCreateInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation scheduledActionCreate($input: ScheduledActionCreateInput!) {
scheduledActionCreate(input: $input) {
scheduledAction {
...ScheduledActionFragment
}
error {
...SystemErrorFragment
}
}
}
Variables
{"input": ScheduledActionCreateInput}
Response
{
"data": {
"scheduledActionCreate": {
"scheduledAction": ScheduledAction,
"error": SystemError
}
}
}
scheduledActionDelete
Description
Deletes a scheduled action.
Stability Level: 3 - Stable
Response
Returns a
ScheduledActionDeletePayload!
Arguments
| Name | Description |
|---|---|
ref -
IdRefInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation scheduledActionDelete($ref: IdRefInput!) {
scheduledActionDelete(ref: $ref) {
id
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": IdRefInput}
Response
{
"data": {
"scheduledActionDelete": {
"id": 4,
"error": SystemError
}
}
}
sensorHarvest
Description
Manages the registration of a sensor for harvest by TDS.
Note that when registering a sensor for harvest, the system must verify that the sensor is valid for harvest. This analysis may take several minutes. To accommodate this, the response may contain a cursor instead of a success or an error. When a response contains a cursor, the caller must call the mutation again with the cursor added to the input in order to poll for the terminal response.
It is not necessary to poll for the terminal response in order for a harvest to be successful, but it is not guaranteed that a harvest is successful unless the caller obtains a terminal successful response.
Stability Level: 3 - Stable
Response
Returns a
SensorHarvestPayload!
Arguments
| Name | Description |
|---|---|
input -
SensorHarvestInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation sensorHarvest($input: SensorHarvestInput!) {
sensorHarvest(input: $input) {
cursor
success
error {
...SystemErrorFragment
}
}
}
Variables
{"input": SensorHarvestInput}
Response
{
"data": {
"sensorHarvest": {
"cursor": Cursor,
"success": true,
"error": SystemError
}
}
}
syncAssets
Description
Synchronizes assets from TDS.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
SyncAssetResult
Example
Query
mutation syncAssets {
syncAssets {
success
}
}
Response
{"data": {"syncAssets": {"success": false}}}
threatResponseAlertResolve
Description
Resolves the identified Threat Response alert.
Use of this field requires the Threat Response solution.
Stability Level: 3 - Stable
Response
Returns a
ThreatResponseAlertResolvePayload!
Arguments
| Name | Description |
|---|---|
ref -
ThreatResponseAlertRef!
|
Stability Level: 3 - Stable |
Example
Query
mutation threatResponseAlertResolve($ref: ThreatResponseAlertRef!) {
threatResponseAlertResolve(ref: $ref) {
resolved
guid
error {
...SystemErrorFragment
}
}
}
Variables
{"ref": ThreatResponseAlertRef}
Response
{
"data": {
"threatResponseAlertResolve": {
"resolved": true,
"guid": 4,
"error": SystemError
}
}
}
updateConfigurationItemProperties
Description
Updates properties related to configuration items.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns an
UpdateConfigurationItemPropertiesResult
Arguments
| Name | Description |
|---|---|
input -
UpdateConfigurationItemPropertiesInput!
|
Stability Level: 3 - Stable |
Example
Query
mutation updateConfigurationItemProperties($input: UpdateConfigurationItemPropertiesInput!) {
updateConfigurationItemProperties(input: $input) {
userSpecifiedAssetsMaxAge
}
}
Variables
{"input": UpdateConfigurationItemPropertiesInput}
Response
{
"data": {
"updateConfigurationItemProperties": {"userSpecifiedAssetsMaxAge": 987}
}
}
upsertRelationship
Description
Creates or updates relationships between configuration items within the CMDB. Returns the created or updated relationships.
Use of this field requires the Atlas solution.
Stability Level: 3 - Stable
Response
Returns a
RelationshipResult
Arguments
| Name | Description |
|---|---|
payload -
[RelationshipPayload]!
|
Stability Level: 3 - Stable |
Example
Query
mutation upsertRelationship($payload: [RelationshipPayload]!) {
upsertRelationship(payload: $payload) {
items {
...RelationshipFragment
}
}
}
Variables
{"payload": [RelationshipPayload]}
Response
{
"data": {
"upsertRelationship": {"items": [Relationship]}
}
}
Types
APIToken
Description
An authentication token that a user can use to make requests.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the API token. Stability Level: 3 - Stable |
tokenString -
String
|
The API token string value. This response field contains the string value only when the request creates or rotates a token, and otherwise does not contain a value. Stability Level: 3 - Stable |
trustedIPAddresses -
[String!]!
|
The list of trusted IP addresses in CIDR format that can use the API token. Examples: 92.0.2.0/24, 198.51.100.10 Stability Level: 3 - Stable |
notes -
String!
|
The notes for the API token. Stability Level: 3 - Stable |
persona -
Persona
|
The persona associated with the API token. Stability Level: 3 - Stable |
expiration -
Time!
|
The time at which the API token expires and is no longer valid. Stability Level: 3 - Stable |
lastUsed -
Time!
|
The time at which the API token was last used. Stability Level: 3 - Stable |
created -
Time!
|
The time at which the token was created. Stability Level: 3 - Stable |
Example
{
"id": 4,
"tokenString": "xyz789",
"trustedIPAddresses": ["abc123"],
"notes": "abc123",
"persona": Persona,
"expiration": "10:15:30Z",
"lastUsed": "10:15:30Z",
"created": "10:15:30Z"
}
APITokenGrantInput
Description
A request to create an API token for the current user.
Fields
| Input Field | Description |
|---|---|
trustedIPAddresses -
[String!]!
|
The list of trusted IP addresses in CIDR format that can use the API token. Examples: 92.0.2.0/24, 198.51.100.10 Stability Level: 3 - Stable |
expiresInDays -
Int
|
The number of days before the API token expires. Stability Level: 3 - Stable |
personaName -
String
|
The persona associated with the API token. Stability Level: 3 - Stable |
notes -
String
|
The notes for the usage of the API token. Stability Level: 3 - Stable |
Example
{
"trustedIPAddresses": ["abc123"],
"expiresInDays": 123,
"personaName": "xyz789",
"notes": "xyz789"
}
APITokenGrantPayload
Description
A response to a request to create an API token.
Fields
| Field Name | Description |
|---|---|
token -
APIToken
|
The token created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"token": APIToken,
"error": SystemError
}
APITokenQueryPayload
Description
A response to a request to query API tokens.
Fields
| Field Name | Description |
|---|---|
tokens -
[APIToken!]
|
API tokens returned by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"tokens": [APIToken],
"error": SystemError
}
APITokenRevokeInput
Description
A request to revoke an API token.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
The unique identifier of the API token to revoke. Stability Level: 3 - Stable |
Example
{"id": 4}
APITokenRevokePayload
Description
A response to a request to revoke an API token.
Fields
| Field Name | Description |
|---|---|
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"error": SystemError}
APITokenRotateInput
Description
A request to create an API token for the current user.
Fields
| Input Field | Description |
|---|---|
tokenString -
String!
|
The token string of the API token to rotate. Stability Level: 3 - Stable |
Example
{"tokenString": "xyz789"}
APITokenRotatePayload
Description
A response to a request to rotate an API token.
Fields
| Field Name | Description |
|---|---|
token -
APIToken
|
The token created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"token": APIToken,
"error": SystemError
}
Action
Description
An action.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the action. Stability Level: 3 - Stable |
name -
String!
|
The name of the action. Stability Level: 3 - Stable |
comment -
String!
|
A short description of the action. Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which the action is active. Stability Level: 3 - Stable |
creationTime -
Time
|
The time at which the action was created. Stability Level: 3 - Stable |
startTime -
Time
|
The time at which the action started. Stability Level: 3 - Stable |
expirationTime -
Time
|
The time at which the action expired. Stability Level: 3 - Stable |
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. Stability Level: 3 - Stable |
status -
ActionStatus
|
The status of the action. Stability Level: 3 - Stable |
stoppedFlag -
Boolean
|
Indicates the action is stopped. Stability Level: 3 - Stable |
targets -
ActionTargets!
|
The endpoints on which the action runs. Stability Level: 3 - Stable |
package -
PackageRef!
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
scheduledAction -
ScheduledAction
|
The scheduled action that created this action. Stability Level: 3 - Stable |
stopped -
Boolean!
|
Indicates the action is stopped. Stability Level: 3 - Stable |
creator -
Principal!
|
The action's creator. Stability Level: 3 - Stable |
approver -
Principal
|
The action's approver, if any. Stability Level: 3 - Stable |
metadata -
[Metadata!]!
|
The Tanium server metadata about the action. Stability Level: 3 - Stable |
results -
ActionResults!
|
The results of running the action. Stability Level: 3 - Stable |
Example
{
"id": 4,
"name": "xyz789",
"comment": "xyz789",
"expireSeconds": 987,
"creationTime": "10:15:30Z",
"startTime": "10:15:30Z",
"expirationTime": "10:15:30Z",
"distributeSeconds": 987,
"status": "OPEN",
"stoppedFlag": false,
"targets": ActionTargets,
"package": PackageRef,
"scheduledAction": ScheduledAction,
"stopped": false,
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"results": ActionResults
}
ActionActionGroupInput
Description
Identifies an existing action group.
Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the action group, and the name is ignored.
Example
{
"id": "4",
"name": "abc123"
}
ActionConnection
Description
A page of action edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ActionEdge!]!
|
The list of action edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the action collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of action records available. Stability Level: 3 - Stable |
Example
{
"edges": [ActionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ActionCreateInput
Description
A request to create an action.
Fields
| Input Field | Description |
|---|---|
targets -
ActionTargetsInput!
|
The endpoints on which the action runs. Stability Level: 3 - Stable |
package -
PackageRefInput!
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
schedule -
ActionScheduleInput
|
The schedule on which the action runs. By default, the action runs immediately. Stability Level: 3 - Stable |
name -
String
|
The action name. Note that actions are not required to have unique names. Stability Level: 3 - Stable |
comment -
String
|
A short description. Stability Level: 3 - Stable |
Example
{
"targets": ActionTargetsInput,
"package": PackageRefInput,
"schedule": ActionScheduleInput,
"name": "xyz789",
"comment": "abc123"
}
ActionCreatePayload
Description
The result of creating an action.
Fields
| Field Name | Description |
|---|---|
action -
Action
|
The newly created action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"action": Action,
"error": SystemError
}
ActionEdge
ActionGroup
Description
Defines which endpoints are the targets for actions.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the action group. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the action group. Stability Level: 3 - Stable |
visibility -
ActionGroupVisibility!
|
Defines which visibility setting to use. Stability Level: 3 - Stable |
userGroups -
[NamedRef!]
|
Defines which user groups can see the action group. This applies only when visibility is set to Stability Level: 3 - Stable |
computerGroups -
[ComputerGroup!]!
|
The set of computer groups that the action group targets. Stability Level: 3 - Stable |
any -
Boolean!
|
Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"visibility": "ADMIN",
"userGroups": [NamedRef],
"computerGroups": [ComputerGroup],
"any": true
}
ActionGroupConnection
Description
A page of action group edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ActionGroupEdge!]!
|
The list of action group edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the action group collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of action group records available. Stability Level: 3 - Stable |
Example
{
"edges": [ActionGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ActionGroupCreateInput
Description
Creates an action group from the given input.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the action group. Stability Level: 3 - Stable |
visibility -
ActionGroupVisibility!
|
Defines which visibility setting to use. Stability Level: 3 - Stable |
userGroups -
[NamedRefInput!]
|
Defines which user groups can see the action group. This applies only when visibility is set to Stability Level: 3 - Stable |
computerGroups -
[NamedRefInput!]!
|
The set of computer groups that the action group targets. Stability Level: 3 - Stable |
any -
Boolean!
|
Specifies whether an endpoint must be a member in any or all computer groups defined in computerGroups. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"visibility": "ADMIN",
"userGroups": [NamedRefInput],
"computerGroups": [NamedRefInput],
"any": true
}
ActionGroupCreatePayload
Description
A response to a request to create an action group.
Fields
| Field Name | Description |
|---|---|
group -
ActionGroup
|
The action group created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"group": ActionGroup,
"error": SystemError
}
ActionGroupDeletePayload
Description
A response to a request to delete an action group.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The unique identifier of the deleted action group. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"id": 4, "error": SystemError}
ActionGroupEdge
Description
An action group within a page.
Fields
| Field Name | Description |
|---|---|
node -
ActionGroup!
|
The action group. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ActionGroup,
"cursor": Cursor
}
ActionGroupVisibility
Description
Defines the visibility of action groups.
Values
| Enum Value | Description |
|---|---|
|
|
Only admins can see this action group. Stability Level: 3 - Stable |
|
|
All users can see this action group. Stability Level: 3 - Stable |
|
|
Only specific user groups can see this action group. Stability Level: 3 - Stable |
Example
"ADMIN"
ActionOperationChangeClientSettingInput
Description
A request to change a Tanium Client setting on an endpoint.
Fields
| Input Field | Description |
|---|---|
name -
ActionOperationChangeClientSettingName!
|
The name of the client setting to change. Stability Level: 3 - Stable |
value -
String!
|
The new client setting value. Stability Level: 3 - Stable |
Example
{
"name": "LogVerbosityLevel",
"value": "xyz789"
}
ActionOperationChangeClientSettingName
Description
A Tanium Client setting name.
Values
| Enum Value | Description |
|---|---|
|
|
Sets the amount of logging. Stability Level: 3 - Stable |
|
|
Randomizes sensor execution (useful for VDI environments). The maximum randomization value is 3600 seconds. Note that this does not affect intrinsic sensors like Stability Level: 3 - Stable |
|
|
Enables encryption and protection of sensor queries in sensor.db, NodeState, and ActionManager state. Stability Level: 3 - Stable |
|
|
The hot cache to cold cache setting percentage. Stability Level: 3 - Stable |
Example
"LogVerbosityLevel"
ActionOperationCollectActiveDirectoryInfoInput
Description
A request to collect Active Directory information on an endpoint.
Fields
| Input Field | Description |
|---|---|
minimumMinutesBetweenRuns -
Int
|
The minimum number of minutes to allow between collection runs. This must be a non-negative number. Stability Level: 3 - Stable |
Example
{"minimumMinutesBetweenRuns": 987}
ActionOperationInput
Description
A request to perform a registered operation. You can choose only one operation.
Fields
| Input Field | Description |
|---|---|
addTags -
[String!]
|
Adds the set of custom tags to the endpoints. Tags may not contain whitespace or the This uses the Stability Level: 3 - Stable |
removeTags -
[String!]
|
Removes the set of custom tags from the endpoints. Tags may not contain whitespace or the This uses the Stability Level: 3 - Stable |
changeClientSetting -
ActionOperationChangeClientSettingInput
|
Changes the specified Tanium Client setting on the endpoints. The string value must be coercible to the correct type for the named setting. This uses the Stability Level: 3 - Stable |
startService -
String
|
Starts the named service on the endpoints. This uses the Stability Level: 3 - Stable |
stopService -
String
|
Stops the named service on the endpoints. This uses the Stability Level: 3 - Stable |
restartService -
String
|
Restarts the named service on the endpoints. This uses the Stability Level: 3 - Stable |
reboot -
ActionOperationRebootInput
|
Reboots the endpoints. This uses the Stability Level: 3 - Stable |
collectActiveDirectoryInfo -
ActionOperationCollectActiveDirectoryInfoInput
|
Collects Active Directory information about the endpoints. This is only available for Windows and Mac operating systems. This uses the Stability Level: 3 - Stable |
Example
{
"addTags": ["xyz789"],
"removeTags": ["abc123"],
"changeClientSetting": ActionOperationChangeClientSettingInput,
"startService": "xyz789",
"stopService": "xyz789",
"restartService": "xyz789",
"reboot": ActionOperationRebootInput,
"collectActiveDirectoryInfo": ActionOperationCollectActiveDirectoryInfoInput
}
ActionOperationRebootInput
Description
A request to reboot an endpoint.
Fields
| Input Field | Description |
|---|---|
randomDelaySeconds -
Int
|
Specifies the total potential number of seconds to delay before rebooting. The actual delay on each endpoint will be randomly chosen. This must be a non-negative number. Stability Level: 3 - Stable |
Example
{"randomDelaySeconds": 987}
ActionPerformInput
Description
A request to create the actions or scheduled actions necessary to run a package or a registered operation. Exactly one of package or operation must be given.
If an operation is specified, an action or scheduled action will be created for each set of endpoint operating systems supported by the underlying packages. If the targets input specifies any platforms, they must be included in the set of operating systems supported by the operation's packages.
The schedule field controls the schedule on which the actions run, including if it runs only once or recurs.
The top-level result of performing an action are always scheduled actions for consistency, even if they only create a single action.
Fields
| Input Field | Description |
|---|---|
targets -
ActionTargetsInput!
|
The endpoints on which the actions run. Stability Level: 3 - Stable |
package -
PackageRefInput
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
operation -
ActionOperationInput
|
The single registered operation to run. Operations are abstractions declared atop one or more packages that perform the same logical job on various endpoint operating systems. Stability Level: 3 - Stable |
schedule -
ActionPerformScheduleInput
|
The schedule on which the actions run. Stability Level: 3 - Stable |
name -
String
|
The action name. Note that actions are not required to have unique names. Stability Level: 3 - Stable |
comment -
String
|
A short description. Stability Level: 3 - Stable |
Example
{
"targets": ActionTargetsInput,
"package": PackageRefInput,
"operation": ActionOperationInput,
"schedule": ActionPerformScheduleInput,
"name": "xyz789",
"comment": "xyz789"
}
ActionPerformPayload
Description
The result of performing an action.
Fields
| Field Name | Description |
|---|---|
scheduledActions -
[ActionPerformPlatform!]
|
The list of scheduled actions and the operating systems on which they run, if known. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"scheduledActions": [ActionPerformPlatform],
"error": SystemError
}
ActionPerformPlatform
Description
A scheduled action and the operating systems on which it runs.
Fields
| Field Name | Description |
|---|---|
platforms -
[EndpointPlatform!]
|
The list of operating systems on which the scheduled action runs. This is only populated for actions performed for a registered operation. Stability Level: 3 - Stable |
scheduledAction -
ScheduledAction!
|
The scheduled action. Stability Level: 3 - Stable |
Example
{
"platforms": ["Unknown"],
"scheduledAction": ScheduledAction
}
ActionPerformScheduleInput
Description
The schedule on which the action should run.
Fields
| Input Field | Description |
|---|---|
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. A value of Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which any given action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the Stability Level: 3 - Stable |
reissueSeconds -
Int
|
The time between recurring action runs. If this is Stability Level: 3 - Stable |
startTime -
Time
|
The start time of the action. This defaults to the current time. Stability Level: 3 - Stable |
endTime -
Time
|
The end time of a scheduled action. If Stability Level: 3 - Stable |
Example
{
"distributeSeconds": 123,
"expireSeconds": 123,
"reissueSeconds": 987,
"startTime": "10:15:30Z",
"endTime": "10:15:30Z"
}
ActionResults
Description
The results of an action.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID of the action. Stability Level: 3 - Stable |
waiting -
Int!
|
The number of endpoints waiting to run the action. Stability Level: 3 - Stable |
downloading -
Int!
|
The number of endpoints downloading the action package. Stability Level: 3 - Stable |
running -
Int!
|
The number of endpoints currently running the action. Stability Level: 3 - Stable |
waitingToRetry -
Int!
|
The number of endpoints waiting to retry a failed action run. Stability Level: 3 - Stable |
completed -
Int!
|
The number of endpoints that have completed the action. Stability Level: 3 - Stable |
expired -
Int!
|
The number of endpoints for which the action has expired. Stability Level: 3 - Stable |
failed -
Int!
|
The number of endpoints for which the action run failed. Stability Level: 3 - Stable |
pendingVerification -
Int!
|
The number of endpoints waiting to verify the action. Stability Level: 3 - Stable |
verified -
Int!
|
The number of endpoints that have verified the action. Stability Level: 3 - Stable |
failedVerification -
Int!
|
The number of endpoints that failed to verify the action. Stability Level: 3 - Stable |
Example
{
"id": 4,
"waiting": 123,
"downloading": 123,
"running": 123,
"waitingToRetry": 123,
"completed": 123,
"expired": 987,
"failed": 987,
"pendingVerification": 987,
"verified": 123,
"failedVerification": 123
}
ActionScheduleInput
Description
The schedule on which the action should run.
Fields
| Input Field | Description |
|---|---|
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. A value of Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which the action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the Stability Level: 3 - Stable |
startTime -
Time
|
The start time of the action. This defaults to the current time. Stability Level: 3 - Stable |
Example
{
"distributeSeconds": 123,
"expireSeconds": 123,
"startTime": "10:15:30Z"
}
ActionStatus
Description
The action status values.
Values
| Enum Value | Description |
|---|---|
|
|
The action is in progress. Stability Level: 3 - Stable |
|
|
The action is not yet started. Stability Level: 3 - Stable |
|
|
The action is stopped. Stability Level: 3 - Stable |
|
|
The action reached its expiration time and is no longer active. Stability Level: 3 - Stable |
Example
"OPEN"
ActionStopPayload
Description
The result of stopping an action.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The ID of the action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{"id": 4, "error": SystemError}
ActionTargetGroupInput
Description
Identifies or describes a target group. Exactly one of id, name, or filter must be specified. The first two fields (id, name) identify an existing group. The last field (filter) describes a transient group, created for this action.
If you define name and id, only the id is used to identify the computer group, and the name is ignored.
Fields
| Input Field | Description |
|---|---|
id -
ID
|
The ID of the group. Stability Level: 1.0 - Experimental (Early Development) |
name -
String
|
The name of the group. Stability Level: 1.0 - Experimental (Early Development) |
filter -
ComputerGroupFilter
|
The filter describing the endpoints that comprise the group. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": "4",
"name": "abc123",
"filter": ComputerGroupFilter
}
ActionTargets
Description
The endpoints on which an action runs. An endpoint must belong to both groups in order to run the action.
Example
{
"actionGroup": NamedRef,
"targetGroup": NamedRef
}
ActionTargetsInput
Description
The endpoints on which an action runs. Each field describes a condition; the action runs on only the endpoints that satisfy every condition.
Fields
| Input Field | Description |
|---|---|
actionGroup -
ActionActionGroupInput
|
Identifies the existing action group to which the endpoints must belong. This defaults to the Stability Level: 1.0 - Experimental (Early Development) |
targetGroup -
ActionTargetGroupInput
|
Identifies or describes the target group to which the endpoints must belong. This defaults to the Stability Level: 1.0 - Experimental (Early Development) |
platforms -
[EndpointPlatform!]
|
Specifies the set of endpoint operating systems on which the action runs ( Stability Level: 1.0 - Experimental (Early Development) |
endpoints -
[ID!]
|
Specifies a set of 25 or fewer identified endpoints on which the action runs. Retrieve endpoint IDs using the Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"actionGroup": ActionActionGroupInput,
"targetGroup": ActionTargetGroupInput,
"platforms": ["Unknown"],
"endpoints": ["4"]
}
Any
Description
An untyped value.
Example
Any
Asset
Description
A generic asset, such as an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID. This is reasonably guaranteed to be stable. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the asset. Example: workstation-1.company.com Stability Level: 3 - Stable |
serialNumber -
String!
|
The serial number provided by the manufacturer. Example: 123ABC1 Stability Level: 3 - Stable |
manufacturer -
String!
|
The asset manufacturer. Example: Dell Stability Level: 3 - Stable |
model -
String!
|
The asset model. Example: OptiPlex 7050 Stability Level: 3 - Stable |
configurationItem -
ConfigurationItem
|
The CMDB reference IDs for the asset. Use of this field requires the Atlas solution. Stability Level: 3 - Stable |
Possible Types
| Asset Types |
|---|
Example
{
"id": "4",
"name": "xyz789",
"serialNumber": "abc123",
"manufacturer": "abc123",
"model": "xyz789",
"configurationItem": ConfigurationItem
}
AssetImportPayload
Description
Result for a single asset import.
Fields
| Field Name | Description |
|---|---|
id -
Int
|
The unique asset ID. Stability Level: 3 - Stable |
index -
Int!
|
Index from the Stability Level: 3 - Stable |
status -
AssetImportStatus!
|
Status of the asset import. Stability Level: 3 - Stable |
error -
String
|
Reason for Error/Failure. Stability Level: 3 - Stable |
Example
{
"id": 987,
"index": 123,
"status": "NoChange",
"error": "abc123"
}
AssetImportStatus
Description
Status of a given asset's import.
Values
| Enum Value | Description |
|---|---|
|
|
Asset import is successful. Existing asset did not update. Stability Level: 3 - Stable |
|
|
Asset import is successful, updated an existing asset. Stability Level: 3 - Stable |
|
|
Asset import is successful, created a new asset. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, key(s) became invalid because of conversions. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, key(s) is missing or empty. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful, already imported in this mutation. Stability Level: 3 - Stable |
|
|
Asset import is unsuccessful. Stability Level: 3 - Stable |
Example
"NoChange"
AssetProduct
Description
The Asset product.
Fields
| Field Name | Description |
|---|---|
vendor -
String!
|
The product vendor name. Stability Level: 3 - Stable |
name -
String!
|
The product name. Stability Level: 3 - Stable |
installation -
AssetProductInstallation
|
Product installation details. Stability Level: 3 - Stable |
tracking -
AssetProductTracking
|
Product tracking details. Stability Level: 3 - Stable |
usage -
AssetProductUsage
|
Product usage details. Stability Level: 3 - Stable |
versions -
[AssetProductVersion!]
|
Product version details. Stability Level: 3 - Stable |
Example
{
"vendor": "xyz789",
"name": "xyz789",
"installation": AssetProductInstallation,
"tracking": AssetProductTracking,
"usage": AssetProductUsage,
"versions": [AssetProductVersion]
}
AssetProductConnection
Description
A page of product edges.
Fields
| Field Name | Description |
|---|---|
edges -
[AssetProductEdge]!
|
The list of Asset product edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about this Asset product page. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total count of returned records. Stability Level: 3 - Stable |
Example
{
"edges": [AssetProductEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
AssetProductEdge
Description
A product within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
AssetProduct!
|
The Asset product. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": AssetProduct
}
AssetProductEndpoint
Description
The Asset product endpoint.
Fields
| Field Name | Description |
|---|---|
id -
Int
|
Asset ID. Stability Level: 3 - Stable |
eid -
Int
|
Endpoint ID (eid). Stability Level: 3 - Stable |
computerName -
String
|
The computer Name. Stability Level: 3 - Stable |
computerId -
String
|
The computer ID. Stability Level: 3 - Stable |
serialNumber -
String
|
The serial number. Stability Level: 3 - Stable |
osPlatform -
String
|
The OS platform. Stability Level: 3 - Stable |
operatingSystem -
String
|
The Operating System. Stability Level: 3 - Stable |
servicePack -
String
|
The service pack. Stability Level: 3 - Stable |
manufacturer -
String
|
The manufacturer. Stability Level: 3 - Stable |
ipAddress -
String
|
The IP address. Stability Level: 3 - Stable |
userName -
String
|
The user name. Stability Level: 3 - Stable |
createdAt -
Time
|
When asset record was created. Stability Level: 3 - Stable |
updatedAt -
Time
|
When asset record was last updated. Stability Level: 3 - Stable |
Example
{
"id": 987,
"eid": 123,
"computerName": "xyz789",
"computerId": "abc123",
"serialNumber": "abc123",
"osPlatform": "xyz789",
"operatingSystem": "xyz789",
"servicePack": "abc123",
"manufacturer": "abc123",
"ipAddress": "abc123",
"userName": "abc123",
"createdAt": "10:15:30Z",
"updatedAt": "10:15:30Z"
}
AssetProductEndpointConnection
Description
A page of product endpoint edges.
Fields
| Field Name | Description |
|---|---|
edges -
[AssetProductEndpointEdge]!
|
The list of Asset product edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about this Asset product page. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total count of returned records. Stability Level: 3 - Stable |
Example
{
"edges": [AssetProductEndpointEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
AssetProductEndpointEdge
Description
A product endpoint within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
AssetProductEndpoint!
|
The Asset product. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": AssetProductEndpoint
}
AssetProductEndpointsFilter
Description
Describes an asset product endpoint value filter. Records with field values matching the filter are included in the query results. Asset product endpoint filters may be single or compound. Any filter that is not valid causes the query to return an error.
For a single filter definition with one set of fields, if an endpoint record matches any filter condition, it satisfies the filter.
For a compound filter with multiple filter sets, an endpoint record must match every filter set to satisfy the filter, but can match any single filter condition within a filter set.
Fields
| Input Field | Description |
|---|---|
vendor -
String
|
The product vendor name must match. Stability Level: 3 - Stable |
name -
String
|
The product name must match. Stability Level: 3 - Stable |
version -
String
|
The product version must match. Stability Level: 3 - Stable |
usage -
AssetProductUsageEnum
|
The product usage must match. Stability Level: 3 - Stable |
Example
{
"vendor": "xyz789",
"name": "xyz789",
"version": "abc123",
"usage": "NotInstalled"
}
AssetProductInstallation
Description
Product installation metrics.
Fields
| Field Name | Description |
|---|---|
installedCount -
Int
|
The total number of product installations. Stability Level: 3 - Stable |
usedCount -
Int
|
The number of product installations on which usage was detected in the reporting period by the Tanium Client. Stability Level: 3 - Stable |
unusedCount -
Int
|
The number of product installations on which usage was not detected in the reporting period by the Tanium Client. Stability Level: 3 - Stable |
pendingUsage -
Int
|
The number of product installations on which the product is installed but the Tanium Client has not yet reported any usage. Stability Level: 3 - Stable |
Example
{
"installedCount": 123,
"usedCount": 987,
"unusedCount": 123,
"pendingUsage": 987
}
AssetProductState
Description
The product tracking state.
Values
| Enum Value | Description |
|---|---|
|
|
Asset is actively tracking the product. Stability Level: 3 - Stable |
|
|
Asset is not actively tracking the product. Stability Level: 3 - Stable |
|
|
Asset is ignoring the product tracking. Stability Level: 3 - Stable |
Example
"Tracked"
AssetProductTracking
Description
Product tracking metrics.
Fields
| Field Name | Description |
|---|---|
state -
AssetProductState
|
The current product tracking state. Stability Level: 3 - Stable |
reportingPeriodDays -
Int
|
The number of days that the Tanium Client reports for product usage. Stability Level: 3 - Stable |
normalMinutesUsedPerDay -
Int
|
Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes. Stability Level: 3 - Stable |
highMinutesUsedPerDay -
Int
|
Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes. Stability Level: 3 - Stable |
baselinePeriodDays -
Int
|
The minimum number of days before a newly installed product starts reporting usage in Asset. Stability Level: 3 - Stable |
Example
{
"state": "Tracked",
"reportingPeriodDays": 123,
"normalMinutesUsedPerDay": 987,
"highMinutesUsedPerDay": 123,
"baselinePeriodDays": 987
}
AssetProductTrackingInput
Description
Product tracking metrics input.
Fields
| Input Field | Description |
|---|---|
state -
AssetProductState!
|
The current product tracking state. Stability Level: 3 - Stable |
reportingPeriodDays -
Int!
|
The number of days that the Tanium Client reports for product usage. Stability Level: 3 - Stable |
normalMinutesUsedPerDay -
Int!
|
Average minutes per day over the reporting period for normal usage. The default normal usage threshold is 60 minutes. Stability Level: 3 - Stable |
highMinutesUsedPerDay -
Int!
|
Average minutes per day over the reporting period for high usage. The default high usage threshold is 240 minutes. Stability Level: 3 - Stable |
baselinePeriodDays -
Int!
|
The minimum number of days before a newly installed product starts reporting usage in Asset. Stability Level: 3 - Stable |
Example
{
"state": "Tracked",
"reportingPeriodDays": 987,
"normalMinutesUsedPerDay": 123,
"highMinutesUsedPerDay": 123,
"baselinePeriodDays": 987
}
AssetProductUsage
Description
Product usage metrics.
Fields
| Field Name | Description |
|---|---|
usageNotDetected -
Int!
|
Number of assets where product usage was not detected. Stability Level: 3 - Stable |
notInstalled -
Int!
|
Number of assets where the product was not installed. Stability Level: 3 - Stable |
baselining -
Int!
|
Number of assets where the product is newly installed and not yet reporting usage. Stability Level: 3 - Stable |
limited -
Int!
|
Number of assets where product usage level is limited. Stability Level: 3 - Stable |
normal -
Int!
|
Number of assets where product usage level is normal. Stability Level: 3 - Stable |
high -
Int!
|
Number of assets where product usage level is high. Stability Level: 3 - Stable |
Example
{
"usageNotDetected": 123,
"notInstalled": 987,
"baselining": 987,
"limited": 987,
"normal": 123,
"high": 987
}
AssetProductUsageEnum
Description
The product usage values.
Values
| Enum Value | Description |
|---|---|
|
|
Product not installed. Stability Level: 3 - Stable |
|
|
Product usage not detected. Stability Level: 3 - Stable |
|
|
Product is newly installed and not yet reporting usage. Stability Level: 3 - Stable |
|
|
Product usage level is limited. Stability Level: 3 - Stable |
|
|
Product usage level is normal. Stability Level: 3 - Stable |
|
|
Product usage level is high. Stability Level: 3 - Stable |
Example
"NotInstalled"
AssetProductVersion
AssetProductsFilter
Description
Describes a filter for Asset product field values. Records with field values matching the filter are included in the query results. Software installed on an endpoint must match every included filter condition to satisfy the filter.
Fields
| Input Field | Description |
|---|---|
vendors -
[String!]
|
The product vendor name must match one of the specified values. Stability Level: 3 - Stable |
search -
String
|
The product vendor name or product name must contain the specified value. Stability Level: 3 - Stable |
states -
[AssetProductState!]
|
The product tracking state must match one of the specified values (Tracked, Cataloged, or Ignored). Stability Level: 3 - Stable |
Example
{
"vendors": ["abc123"],
"search": "abc123",
"states": ["Tracked"]
}
AssetProductsInput
Description
Input for mutating product tracking gathering metrics.
Fields
| Input Field | Description |
|---|---|
vendor -
String!
|
The product vendor name. Stability Level: 3 - Stable |
name -
String!
|
The product name. Stability Level: 3 - Stable |
tracking -
AssetProductTrackingInput!
|
Product tracking details. Stability Level: 3 - Stable |
Example
{
"vendor": "xyz789",
"name": "abc123",
"tracking": AssetProductTrackingInput
}
AssetProductsPayload
Fields
| Field Name | Description |
|---|---|
products -
[AssetProductsResult!]
|
Assets Products Stability Level: 3 - Stable |
Example
{"products": [AssetProductsResult]}
AssetProductsResult
Description
The Asset product mutation result.
Fields
| Field Name | Description |
|---|---|
vendor -
String
|
The product vendor name. Stability Level: 3 - Stable |
name -
String
|
The product name. Stability Level: 3 - Stable |
tracking -
AssetProductTracking
|
Product tracking details. Stability Level: 3 - Stable |
failureReason -
String
|
Reason for failure. Stability Level: 3 - Stable |
Example
{
"vendor": "abc123",
"name": "abc123",
"tracking": AssetProductTracking,
"failureReason": "xyz789"
}
AssetsImportInput
Description
Input fields for creating or updating assets.
Example
{
"sourceName": "abc123",
"json": "abc123"
}
AssetsImportPayload
Description
Results for an asset import.
Fields
| Field Name | Description |
|---|---|
assets -
[AssetImportPayload!]
|
Assets to create or update. Stability Level: 3 - Stable |
Example
{"assets": [AssetImportPayload]}
Boolean
Description
The Boolean scalar type represents true or false.
Example
true
CIEntity
Description
An item managed in the CMDB.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID for an entity in the CMDB. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the entity. Stability Level: 3 - Stable |
category -
EntityCategory!
|
The category of the entity. Stability Level: 3 - Stable |
comments -
String
|
The comments about the entity. Stability Level: 3 - Stable |
created -
Time!
|
The date and time at which the entity was stored in the CMDB. Stability Level: 3 - Stable |
updated -
Time!
|
The date and time at which the entity was last updated in the CMDB. Stability Level: 3 - Stable |
private -
Boolean!
|
Indicates that the entity is not viewable by service agents. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity. Stability Level: 3 - Stable |
Possible Types
| CIEntity Types |
|---|
Example
{
"id": "4",
"name": "xyz789",
"category": "ManagedEndpoint",
"comments": "xyz789",
"created": "10:15:30Z",
"updated": "10:15:30Z",
"private": false,
"details": Map
}
CloseDirectConnectionInput
Description
A request to close a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to close. Stability Level: 3 - Stable |
Example
{"connectionID": "4"}
CloseDirectConnectionPayload
Description
A response to a request to close a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the connection is closed. Stability Level: 3 - Stable |
Example
{"result": false}
ComputerGroup
Description
Defines a set of endpoints that is managed as a group.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the computer group. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the computer group. Stability Level: 3 - Stable |
managementRightsEnabled -
Boolean!
|
Indicates that this is a computer management group. Stability Level: 3 - Stable |
filterEnabled -
Boolean!
|
Indicates that this is a computer filter group. Stability Level: 3 - Stable |
contentSet -
NamedRef
|
The content set to which the filter group is available. Stability Level: 3 - Stable |
type -
ComputerGroupType!
|
The type of the computer group. Stability Level: 3 - Stable |
expression -
String!
|
A sensor filter expression used to define membership in the computer group, such as Stability Level: 3 - Stable |
Example
{
"id": 4,
"name": "abc123",
"managementRightsEnabled": true,
"filterEnabled": true,
"contentSet": NamedRef,
"type": "STANDARD",
"expression": "abc123"
}
ComputerGroupConnection
Description
A page of computer group edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ComputerGroupEdge!]!
|
The list of computer group edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the computer group collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of computer group records available. Stability Level: 3 - Stable |
Example
{
"edges": [ComputerGroupEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ComputerGroupCreateInput
Description
A request to create a standard computer group.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the computer group. Stability Level: 3 - Stable |
managementRightsEnabled -
Boolean!
|
Indicates that this is a computer management group. Stability Level: 3 - Stable |
contentSetRef -
NamedRefInput
|
The content set to which this computer group belongs. This defines the computer group as a filter group. Stability Level: 3 - Stable |
filter -
ComputerGroupFilter!
|
The filter condition that must be met for a computer to be part of this group. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"managementRightsEnabled": false,
"contentSetRef": NamedRefInput,
"filter": ComputerGroupFilter
}
ComputerGroupCreatePayload
Description
A response to a request to create a standard computer group.
Fields
| Field Name | Description |
|---|---|
group -
ComputerGroup
|
The standard computer group created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"group": ComputerGroup,
"error": SystemError
}
ComputerGroupDeletePayload
Description
A response to a request to delete a computer group.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The unique identifier of the deleted computer group. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"error": SystemError
}
ComputerGroupEdge
Description
A computer group within a page.
Fields
| Field Name | Description |
|---|---|
node -
ComputerGroup!
|
The computer group. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ComputerGroup,
"cursor": Cursor
}
ComputerGroupFilter
Description
An object containing the conditions for membership in a standard computer group.
Fields
| Input Field | Description |
|---|---|
memberOf -
EndpointFieldFilterComputerGroup
|
The computer group to which the endpoint must belong in order to pass the filter. Stability Level: 1.0 - Experimental (Early Development) |
sensor -
EndpointFieldFilterSensor
|
The sensor whose reading is used as the basis for the filter. Stability Level: 1.0 - Experimental (Early Development) |
op -
FieldFilterOp!
|
The operator by which to compare the specified value to the field value. Note that not all operators are valid for all fields or data sources. If the operator is not valid, the query returns an error. This defaults to the Stability Level: 1.0 - Experimental (Early Development) |
negated -
Boolean!
|
Indicates that the filter is negated. Records with field values matching the filter are excluded from the query results. This defaults to Stability Level: 1.0 - Experimental (Early Development) |
value -
String
|
The constant value to compare with the field value, expressed as a string. If this value cannot be interpreted as a valid value for the field type, the query returns an error. Stability Level: 1.0 - Experimental (Early Development) |
filters -
[ComputerGroupFilter!]
|
Describes the set of filters which comprise this compound filter. Stability Level: 1.0 - Experimental (Early Development) |
any -
Boolean!
|
Indicates that if any of the filters comprising this compound filter passes, the compound filter passes. This defaults to Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"memberOf": EndpointFieldFilterComputerGroup,
"sensor": EndpointFieldFilterSensor,
"op": "EQ",
"negated": true,
"value": "abc123",
"filters": [ComputerGroupFilter],
"any": true
}
ComputerGroupType
Description
The computer group type values.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"STANDARD"
ComputerGroupsFilter
Description
Describes a filter for computer groups.
Fields
| Input Field | Description |
|---|---|
type -
ComputerGroupType
|
The type of the computer group. Stability Level: 3 - Stable |
managementRightsEnabled -
Boolean
|
Indicates that this is a computer management group. Stability Level: 3 - Stable |
filterEnabled -
Boolean
|
Indicates that this is a computer filter group. Stability Level: 3 - Stable |
Example
{"type": "STANDARD", "managementRightsEnabled": false, "filterEnabled": false}
ConfigurationItem
Description
The CMDB reference IDs for an asset.
Fields
| Field Name | Description |
|---|---|
entityID -
ID!
|
The unique ID of an asset entity record in the CMDB. Stability Level: 3 - Stable |
entityClassIDs -
[ID!]!
|
The unique IDs of the class records of an asset in the CMDB. Stability Level: 3 - Stable |
namespace -
String!
|
The namespace of an asset entity record in the CMDB. Examples: tds, discover Stability Level: 3 - Stable |
Example
{
"entityID": "4",
"entityClassIDs": [4],
"namespace": "abc123"
}
ConfigurationItemEntityConnection
Description
A page of configuration item entity edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConfigurationItemEntityEdge]!
|
The list of configuration item entity edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the configuration item entity collection. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total number of configuration item entities in the list. Stability Level: 3 - Stable |
Example
{
"edges": [ConfigurationItemEntityEdge],
"pageInfo": PageInfo,
"totalCount": 123
}
ConfigurationItemEntityEdge
ConfigurationItemProperties
Description
Properties of the configuration item CMDB.
Fields
| Field Name | Description |
|---|---|
customerItemsLimit -
Int
|
The total limit for entities provided by the customer. For on-premises deployments, select Administration > Configuration > Platform Settings to configure this. For TaaS deployments, contact Tanium support to configure this. Stability Level: 3 - Stable |
userSpecifiedAssetsMaxAge -
Int
|
The maximum age in seconds of user-specified Unmanaged Assets. Stability Level: 3 - Stable |
Example
{"customerItemsLimit": 123, "userSpecifiedAssetsMaxAge": 123}
ConfigurationItemRelationshipConnection
Description
A page of configuration item relationship edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConfigurationItemRelationshipEdge]!
|
The list of configuration item relationship edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the configuration item relationship collection. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total number of configuration item relationships in the list. Stability Level: 3 - Stable |
Example
{
"edges": [ConfigurationItemRelationshipEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
ConfigurationItemRelationshipEdge
Description
A configuration item relationship within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
Relationship!
|
The configuration item relationship. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": Relationship
}
ConnectConnection
Description
A connection found in a Connect service.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The connection's unique ID. Stability Level: 1.2 - Experimental (Release Candidate) |
displayName -
String!
|
The connection's unique display name. Stability Level: 1.2 - Experimental (Release Candidate) |
description -
String
|
The connection description. Stability Level: 1.2 - Experimental (Release Candidate) |
currentRun -
ConnectRun
|
The connection's currently active run, if any. Stability Level: 1.2 - Experimental (Release Candidate) |
pastRuns -
ConnectRunConnection
|
The collection of this connection's previous runs. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"id": 4,
"displayName": "xyz789",
"description": "abc123",
"currentRun": ConnectRun,
"pastRuns": ConnectRunConnection
}
ConnectConnectionEdge
Description
A connection within a page.
Fields
| Field Name | Description |
|---|---|
node -
ConnectConnection!
|
The connection. Stability Level: 1.2 - Experimental (Release Candidate) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"node": ConnectConnection,
"cursor": Cursor
}
ConnectConnectionStartInput
Description
The input of starting a connection run.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to start. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{"connectionID": "4"}
ConnectConnectionStartPayload
Description
The result of starting a connection.
Fields
| Field Name | Description |
|---|---|
run -
ConnectRun
|
The connection run that was created. Stability Level: 1.2 - Experimental (Release Candidate) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"run": ConnectRun,
"error": SystemError
}
ConnectConnectionStopInput
Description
The input of stopping an in-progress connection run.
Fields
| Input Field | Description |
|---|---|
connectRunID -
ID!
|
The ID of the connection run input to stop. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{"connectRunID": 4}
ConnectConnectionStopPayload
Description
The result of stopping an in-progress connection run.
Fields
| Field Name | Description |
|---|---|
run -
ConnectRun
|
The connection run that stopped. Stability Level: 1.2 - Experimental (Release Candidate) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"run": ConnectRun,
"error": SystemError
}
ConnectGraphConnection
Description
A page of connection edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConnectConnectionEdge!]!
|
The list of connections. Stability Level: 1.2 - Experimental (Release Candidate) |
pageInfo -
PageInfo!
|
Information about the connection collection. Stability Level: 1.2 - Experimental (Release Candidate) |
totalRecords -
Int!
|
The total number of connection records available. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"edges": [ConnectConnectionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
ConnectRun
Description
A connection run found in a Connect service.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The connection run ID. Stability Level: 1.2 - Experimental (Release Candidate) |
connectionID -
ID!
|
The ID of the connection from which this connection run was generated. Stability Level: 1.2 - Experimental (Release Candidate) |
status -
ConnectRunStatus!
|
The connection run status. Stability Level: 1.2 - Experimental (Release Candidate) |
createdTime -
Time!
|
The time at which the connection run was created. Stability Level: 1.2 - Experimental (Release Candidate) |
updatedTime -
Time!
|
The time at which the connection run was most recently modified. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"id": "4",
"connectionID": "4",
"status": "Starting",
"createdTime": "10:15:30Z",
"updatedTime": "10:15:30Z"
}
ConnectRunConnection
Description
A page of connection run edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ConnectRunEdge!]!
|
The list of connection run edges. Stability Level: 1.2 - Experimental (Release Candidate) |
pageInfo -
PageInfo!
|
Information about this connection run page. Stability Level: 1.2 - Experimental (Release Candidate) |
totalRecords -
Int!
|
The total number of connection run records available. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"edges": [ConnectRunEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
ConnectRunEdge
Description
A connection run within a page.
Fields
| Field Name | Description |
|---|---|
node -
ConnectRun!
|
The connection run. Stability Level: 1.2 - Experimental (Release Candidate) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"node": ConnectRun,
"cursor": Cursor
}
ConnectRunStatus
Description
The status of the last connection run.
Values
| Enum Value | Description |
|---|---|
|
|
The connection run is starting. Stability Level: 1.2 - Experimental (Release Candidate) |
|
|
The connection run is waiting to start. Stability Level: 1.2 - Experimental (Release Candidate) |
|
|
The connection run is in progress. Stability Level: 1.2 - Experimental (Release Candidate) |
|
|
The connection run finished successfully. Stability Level: 1.2 - Experimental (Release Candidate) |
|
|
The connection run failed with an error. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
"Starting"
ConnectedState
Description
The set of connected states of wireless adapters.
Values
| Enum Value | Description |
|---|---|
|
|
The wireless adapter is connected. Stability Level: 3 - Stable |
|
|
The wireless adapter is disconnected. Stability Level: 3 - Stable |
|
|
The wireless adapter connected state is unknown. Stability Level: 3 - Stable |
Example
"CONNECTED"
Connection
Cursor
Description
A relay pagination cursor, which is an opaque string that specifies a record within a connection.
Example
Cursor
Date
Description
A string date in RFC 3339 long-date format.
Example
"2007-12-03"
DateTimeComponent
Example
DateTimeComponent
DefaultRangeEnd
Fields
| Field Name | Description |
|---|---|
model -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
parameterType -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
type -
DateTimeComponent
|
Stability Level: 3 - Stable |
interval -
Int
|
Stability Level: 3 - Stable |
intervalCount -
Int
|
Stability Level: 3 - Stable |
unixTimeStamp -
Int
|
Stability Level: 3 - Stable |
Example
{
"model": ParameterDefinitionType,
"parameterType": ParameterDefinitionType,
"type": DateTimeComponent,
"interval": 987,
"intervalCount": 123,
"unixTimeStamp": 987
}
DeleteConfigurationItemElementInput
Description
A request to delete a configuration item element.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
The ID of the configuration item element to delete. Stability Level: 3 - Stable |
Example
{"id": 4}
DeleteConfigurationItemElementResult
Description
A response to a request to delete a configuration item element.
Fields
| Field Name | Description |
|---|---|
error -
String
|
If the delete operation failed, the error message logged. Stability Level: 3 - Stable |
Example
{"error": "abc123"}
DeleteRelationshipInput
Description
A request to delete relationships between configuration item entities.
Fields
| Input Field | Description |
|---|---|
ids -
[ID!]!
|
The set of relationship IDs to delete. Stability Level: 3 - Stable |
Example
{"ids": ["4"]}
DirectConnect
Description
Data from an endpoint, obtained using a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
performance -
DirectConnectPerf
|
Performance data from the endpoint. Stability Level: 3 - Stable |
processes -
DirectConnectProcesses
|
Processes running on the endpoint. Stability Level: 3 - Stable |
alerts -
DirectConnectAlerts
|
Performance alerts from the endpoint. Stability Level: 3 - Stable |
Example
{
"performance": DirectConnectPerf,
"processes": DirectConnectProcesses,
"alerts": DirectConnectAlerts
}
DirectConnectAlertScope
Description
Defines a window of time for filtering performance alerts.
Example
{
"startTime": "10:15:30Z",
"endTime": "10:15:30Z"
}
DirectConnectAlerts
Description
Performance alerts from an endpoint.
Fields
| Field Name | Description |
|---|---|
all -
[EndpointAlert!]
|
All performance alerts for the endpoint. Stability Level: 3 - Stable |
Arguments
|
|
Example
{"all": [EndpointAlert]}
DirectConnectCloseInput
Description
A request to close a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to close. Stability Level: 3 - Stable |
Example
{"connectionID": 4}
DirectConnectClosePayload
Description
A response to a request to close a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the connection was closed. Stability Level: 3 - Stable |
Example
{"result": false}
DirectConnectConnectionStatus
Description
The set of statuses for a Direct Connect connection.
Values
| Enum Value | Description |
|---|---|
|
|
The connection state is unknown. Stability Level: 3 - Stable |
|
|
The connection is open and ready for use. Stability Level: 3 - Stable |
|
|
The connection is being established. Stability Level: 3 - Stable |
|
|
This connection has encountered an error. Stability Level: 3 - Stable |
|
|
This connection was not found. The connection may have expired and been closed after 5 minutes of inactivity. Stability Level: 3 - Stable |
Example
"UNKNOWN"
DirectConnectConnectionStatusInput
Description
A request to get the status for a Direct Connect connection.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to check. Stability Level: 3 - Stable |
Example
{"connectionID": 4}
DirectConnectConnectionStatusPayload
Description
A response to a request to get the status for a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
status -
DirectConnectConnectionStatus!
|
The current status of the connection. Stability Level: 3 - Stable |
Example
{"status": "UNKNOWN"}
DirectConnectEndpointInput
Description
A request to get data from an endpoint using an open Direct Connect connection.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to use. Stability Level: 3 - Stable |
Example
{"connectionID": "4"}
DirectConnectOpenInput
Description
A request to initiate a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
endpointID -
ID!
|
The ID of the endpoint. Stability Level: 3 - Stable |
Example
{"endpointID": "4"}
DirectConnectOpenPayload
Description
A response to a request to initiate a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
connectionID -
ID!
|
A connection ID, used for Direct Connect requests. Stability Level: 3 - Stable |
status -
DirectConnectConnectionStatus!
|
The status of the connection. Stability Level: 3 - Stable |
Example
{"connectionID": 4, "status": "UNKNOWN"}
DirectConnectPerf
Description
Performance data from an endpoint.
Fields
| Field Name | Description |
|---|---|
cpuUsagePercent -
Float!
|
The current CPU usage as a percent from 0 to 100. Stability Level: 3 - Stable |
memoryUsedPercent -
Float!
|
The current memory usage as a percent from 0 to 100. Stability Level: 3 - Stable |
_dev_query -
[EndpointMetric!]
|
Raw PromQL queries. Stability Level: 1.2 - Experimental (Release Candidate) |
Arguments
|
|
Example
{
"cpuUsagePercent": 123.45,
"memoryUsedPercent": 987.65,
"_dev_query": [EndpointMetric]
}
DirectConnectPingInput
Description
A request to ping an endpoint over a Direct Connect connection (for example, to test connectivity).
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to ping. Stability Level: 3 - Stable |
Example
{"connectionID": 4}
DirectConnectPingPayload
Description
A response to a request to ping an endpoint over a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the ping is acknowledged. Stability Level: 3 - Stable |
Example
{"result": false}
DirectConnectProcessTerminateInput
Description
A request to terminate a process running on an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the Direct Connect connection to the endpoint on which the process is running. Stability Level: 3 - Stable |
pid -
Int!
|
The ID of the process to terminate. Stability Level: 3 - Stable |
name -
String!
|
The name of the process to terminate. Stability Level: 3 - Stable |
signal -
Signal!
|
The signal to use when terminating the process. Stability Level: 3 - Stable |
Example
{
"connectionID": 4,
"pid": 123,
"name": "xyz789",
"signal": "SIGINT"
}
DirectConnectProcessTerminatePayload
Description
A response to a request to terminate a process.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the process is terminated. Stability Level: 3 - Stable |
Example
{"result": true}
DirectConnectProcesses
Description
Processes running on an endpoint.
Fields
| Field Name | Description |
|---|---|
all -
[Process!]
|
All processes running on the endpoint. Stability Level: 3 - Stable |
Example
{"all": [Process]}
DiscoverCloudInstance
Description
A Discover cloud instance.
Fields
| Field Name | Description |
|---|---|
id -
String
|
The identifier of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
imageId -
String
|
The identifier of the cloud instance image. Stability Level: 1.1 - Experimental (Active Development) |
type -
String
|
The type of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
state -
String
|
The state of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
launchTime -
Time
|
The time that the cloud instance was launched. Stability Level: 1.1 - Experimental (Active Development) |
zone -
String
|
The data center where the cloud instance is hosted. Stability Level: 1.1 - Experimental (Active Development) |
provider -
String
|
The provider of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
networkId -
String
|
The network identifier of the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
account -
String
|
The account associated with the cloud instance. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"id": "abc123",
"imageId": "abc123",
"type": "xyz789",
"state": "xyz789",
"launchTime": "10:15:30Z",
"zone": "xyz789",
"provider": "xyz789",
"networkId": "xyz789",
"account": "abc123"
}
DiscoverCloudTag
Description
A Discover cloud tag associated with an interface and assigned to an instance.
Example
{
"name": "xyz789",
"value": "abc123"
}
DiscoverInterface
Description
An interface found in a Discover network scan.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the interface. Stability Level: 1.1 - Experimental (Active Development) |
macAddress -
String
|
The MAC address of the interface. Stability Level: 1.1 - Experimental (Active Development) |
manufacturer -
String
|
The manufacturer of the interface. Stability Level: 1.1 - Experimental (Active Development) |
hostnames -
[String!]
|
The hostnames associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
ipAddresses -
[String!]
|
The IP addresses associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
labels -
[DiscoverLabel!]!
|
The labels associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
osPlatform -
String
|
The platform of the operating system associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
openPorts -
[Int!]
|
The interface open ports. If this value is null, the network scan did not identify open ports for this interface. Stability Level: 1.1 - Experimental (Active Development) |
discoveryMethods -
[DiscoveryMethod!]!
|
The discovery methods by which this interface has been scanned. Stability Level: 1.1 - Experimental (Active Development) |
lastSeenTime -
Time!
|
The time the interface was last found with any discovery method. This value is not used to flag an interface as Lost. Stability Level: 1.1 - Experimental (Active Development) |
computerId -
String
|
The Tanium Client computer ID of the managed interface. If this value is null and Stability Level: 1.1 - Experimental (Active Development) |
natIPAddresses -
[String!]
|
The network address translation (NAT) IP addresses associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
osGeneration -
String
|
The generation of the operating system associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
profiles -
[DiscoverProfile!]!
|
The profiles that have scanned this interface. Stability Level: 1.1 - Experimental (Active Development) |
cloudInstances -
[DiscoverCloudInstance!]!
|
The cloud instances where this interface is hosted. Stability Level: 1.1 - Experimental (Active Development) |
cloudTags -
[DiscoverCloudTag!]!
|
The cloud tags associated with the interface. Stability Level: 1.1 - Experimental (Active Development) |
firstSeenTime -
Time!
|
The time the interface was first seen. Stability Level: 1.1 - Experimental (Active Development) |
firstManagedTime -
Time
|
The time the interface was first managed. If this value is Stability Level: 1.1 - Experimental (Active Development) |
lastManagedTime -
Time
|
The last time the interface was returned as a managed interface. Stability Level: 1.1 - Experimental (Active Development) |
lastDiscoveredTime -
Time
|
The time the interface was last discovered. By default, if an interface has not been identified as managed for at least 24 hours, has been identified as unmanaged in the past 4 hours by an active discovery method, and has a Stability Level: 1.1 - Experimental (Active Development) |
isManaged -
Boolean!
|
Whether this interface is managed by Tanium and has the Tanium Client installed. Stability Level: 1.1 - Experimental (Active Development) |
isUnmanageable -
Boolean!
|
Whether this interface has been marked as unmanageable. Stability Level: 1.1 - Experimental (Active Development) |
isIgnored -
Boolean!
|
Whether this interface has been marked as ignored by a user or automatic label. Stability Level: 1.1 - Experimental (Active Development) |
satellites -
[DiscoverSatellite!]!
|
The satellites that returned data about this interface in scans. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"id": 4,
"macAddress": "xyz789",
"manufacturer": "abc123",
"hostnames": ["xyz789"],
"ipAddresses": ["abc123"],
"labels": [DiscoverLabel],
"osPlatform": "xyz789",
"openPorts": [987],
"discoveryMethods": ["ARP"],
"lastSeenTime": "10:15:30Z",
"computerId": "abc123",
"natIPAddresses": ["abc123"],
"osGeneration": "xyz789",
"profiles": [DiscoverProfile],
"cloudInstances": [DiscoverCloudInstance],
"cloudTags": [DiscoverCloudTag],
"firstSeenTime": "10:15:30Z",
"firstManagedTime": "10:15:30Z",
"lastManagedTime": "10:15:30Z",
"lastDiscoveredTime": "10:15:30Z",
"isManaged": false,
"isUnmanageable": true,
"isIgnored": false,
"satellites": [DiscoverSatellite]
}
DiscoverInterfaceAddLabelInput
Description
A request to add one or more standard labels to specific Discover interfaces.
Fields
| Input Field | Description |
|---|---|
names -
[String!]!
|
The unique names of the standard labels to add. Stability Level: 1.1 - Experimental (Active Development) |
ids -
[ID!]!
|
The unique identifiers of the interfaces to add the labels to. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor
|
The cursor value from a previous 'discoverInterfaceAddLabel' request. Add a cursor value if a prior Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"names": ["xyz789"],
"ids": ["4"],
"cursor": Cursor
}
DiscoverInterfaceAddLabelPayload
Description
A response to a request to add one or more standard labels to specific Discover interfaces.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor
|
Indicates the request is not complete and provides an identifier for subsequent calls to determine the request's terminal state. Stability Level: 1.1 - Experimental (Active Development) |
success -
Boolean
|
Indicates the request completed successfully or failed. Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"cursor": Cursor,
"success": false,
"error": SystemError
}
DiscoverInterfaceConnection
Description
A page of Discover interface edges.
Fields
| Field Name | Description |
|---|---|
edges -
[DiscoverInterfaceEdge!]!
|
The list of Discover interface edges. Stability Level: 1.1 - Experimental (Active Development) |
pageInfo -
PageInfo!
|
Information about the Discover interface collection. Stability Level: 1.1 - Experimental (Active Development) |
totalRecords -
Int!
|
The total number of Discover interface records available. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"edges": [DiscoverInterfaceEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
DiscoverInterfaceEdge
Description
A Discover interface within a page.
Fields
| Field Name | Description |
|---|---|
node -
DiscoverInterface!
|
The Discover interface. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"node": DiscoverInterface,
"cursor": Cursor
}
DiscoverInterfaceRemoveLabelInput
Description
A request to remove one or more standard labels from specific Discover interfaces.
Fields
| Input Field | Description |
|---|---|
names -
[String!]!
|
The unique names of the standard labels to add. Stability Level: 1.1 - Experimental (Active Development) |
ids -
[ID!]!
|
The unique identifiers of the interfaces to remove the labels from. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor
|
The cursor value from a previous Add a cursor value if a prior Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"names": ["abc123"],
"ids": ["4"],
"cursor": Cursor
}
DiscoverLabel
Description
A Discover label, used to tag interfaces found during Discover network scans.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The unique name for the label. Stability Level: 1.1 - Experimental (Active Development) |
type -
DiscoverLabelType!
|
The type of the label. Stability Level: 1.1 - Experimental (Active Development) |
createdTime -
Time!
|
The time at which the label was created. Stability Level: 1.1 - Experimental (Active Development) |
modifiedTime -
Time!
|
The time at which the label was most recently modified. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"name": "xyz789",
"type": "STANDARD",
"createdTime": "10:15:30Z",
"modifiedTime": "10:15:30Z"
}
DiscoverLabelConnection
Description
A page of Discover label edges.
Fields
| Field Name | Description |
|---|---|
edges -
[DiscoverLabelEdge!]!
|
The list of Discover label edges. Stability Level: 1.1 - Experimental (Active Development) |
pageInfo -
PageInfo!
|
Information about the Discover label collection. Stability Level: 1.1 - Experimental (Active Development) |
totalRecords -
Int!
|
The total number of Discover label records available. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"edges": [DiscoverLabelEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
DiscoverLabelCreateInput
Description
A request to create a standard Discover label.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the label. Note that labels are required to have unique names. Stability Level: 1.1 - Experimental (Active Development) |
Example
{"name": "xyz789"}
DiscoverLabelCreatePayload
Description
A response to a request to create a Discover label.
Fields
| Field Name | Description |
|---|---|
label -
DiscoverLabel
|
The newly created label. If the request fails, this is Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"label": DiscoverLabel,
"error": SystemError
}
DiscoverLabelDeletePayload
Description
A response to a request to delete a Discover label.
Fields
| Field Name | Description |
|---|---|
name -
String
|
The name of the deleted label. If the request fails, this is Stability Level: 1.1 - Experimental (Active Development) |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"name": "xyz789",
"error": SystemError
}
DiscoverLabelEdge
Description
A Discover label within a page.
Fields
| Field Name | Description |
|---|---|
node -
DiscoverLabel!
|
The Discover label. Stability Level: 1.1 - Experimental (Active Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"node": DiscoverLabel,
"cursor": Cursor
}
DiscoverLabelType
Description
The Discover label type.
Values
| Enum Value | Description |
|---|---|
|
|
The label can be manually associated with interfaces. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The label is automatically associated with interfaces based on conditions. Note that the addition or removal of automatic labels through the API Gateway is not supported at this time. Stability Level: 1.1 - Experimental (Active Development) |
Example
"STANDARD"
DiscoverProfile
Description
A Discover profile definition used to scan networks.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the profile. Stability Level: 1.1 - Experimental (Active Development) |
Example
{"name": "xyz789"}
DiscoverSatellite
Description
An endpoint configured as a satellite to scan remote subnets.
Example
{
"id": "xyz789",
"name": "xyz789"
}
DiscoveryMethod
Description
The method by which an interface was discovered.
Values
| Enum Value | Description |
|---|---|
|
|
The interface was discovered by using the Address Resolution Protocol (ARP) cache. This method is part of a distributed level 1 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using interface connections discovery. This method is part of a distributed level 1 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using targeted pings. This method is part of a distributed level 2 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using Nmap to perform host discovery. This method is part of a distributed level 3 or 4 scan. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using the Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was found in an Amazon EC2 centralized scan from the Tanium Module server. Centralized scans are not available in Tanium Cloud deployments. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using an Nmap scan from the Tanium Module Server to an unmanaged environment. This is a centralized scan method, and equivalent to a distributed level 4 scan. Centralized scans are not available in Tanium Cloud deployments. Stability Level: 1.1 - Experimental (Active Development) |
|
|
The interface was discovered using an Nmap scan run from an endpoint configured as a satellite. This is a satellite scan method, and equivalent to a distributed level 4 scan. Stability Level: 1.1 - Experimental (Active Development) |
Example
"ARP"
Edge
Description
A record within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this record. Stability Level: 3 - Stable |
Possible Types
| Edge Types |
|---|
Example
{"cursor": Cursor}
EdgeDirection
Description
The set of directions of relationships between configuration item entities.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"AtoB"
Element
Description
An asset managed in the CMDB.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID for an element in the CMDB. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the element. Stability Level: 3 - Stable |
namespace -
String!
|
The namespace for an element in the CMDB. Examples: tds, discover Stability Level: 3 - Stable |
eid -
ID
|
The endpoint ID of the element in the CMDB. Stability Level: 3 - Stable |
category -
EntityCategory!
|
The category of the element. Stability Level: 3 - Stable |
comments -
String
|
The comments about the element. Stability Level: 3 - Stable |
created -
Time!
|
The date and time at which the element was stored in the CMDB. Stability Level: 3 - Stable |
updated -
Time!
|
The date and time at which the element was last updated in the CMDB. Stability Level: 3 - Stable |
private -
Boolean!
|
Indicates that the element is not viewable by service agents. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity class. The schema version can be specified as an argument. If it is not specified, the schema version defaults to the latest schema available. The schema version of the response is returned as the Stability Level: 3 - Stable |
Arguments
|
|
entityClassIDs -
[ID!]!
|
The IDs of the classes of the element classes in the CMDB. Stability Level: 3 - Stable |
classes -
EntityPagination
|
The paginated list of the classes of the element classes in the CMDB. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "xyz789",
"namespace": "abc123",
"eid": "4",
"category": "ManagedEndpoint",
"comments": "abc123",
"created": "10:15:30Z",
"updated": "10:15:30Z",
"private": false,
"details": Map,
"entityClassIDs": ["4"],
"classes": EntityPagination
}
EmailBodyType
Description
Email body content type.
Values
| Enum Value | Description |
|---|---|
|
|
The body content type is unspecified. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The body content type is plain text. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The body content type is HTML. Stability Level: 1.0 - Experimental (Early Development) |
Example
"UNSPECIFIED"
EmailSendInput
Description
A request to send an email.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
A client-generated UUID for this email. If multiple requests are submitted to send an email with the same UUID, only one email is sent. Stability Level: 1.0 - Experimental (Early Development) |
subject -
String!
|
The email subject. Stability Level: 1.0 - Experimental (Early Development) |
body -
String!
|
The email body. Stability Level: 1.0 - Experimental (Early Development) |
bodyType -
EmailBodyType!
|
The email body type. Stability Level: 1.0 - Experimental (Early Development) |
toAddresses -
[String!]
|
The email To field recipient addresses. Stability Level: 1.0 - Experimental (Early Development) |
ccAddresses -
[String!]
|
The email Cc field recipient addresses. Stability Level: 1.0 - Experimental (Early Development) |
bccAddresses -
[String!]
|
The email Bcc field recipient addresses. Stability Level: 1.0 - Experimental (Early Development) |
emailServer -
IdRefInput!
|
The ID of the email server to use to send the email. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": "4",
"subject": "abc123",
"body": "xyz789",
"bodyType": "UNSPECIFIED",
"toAddresses": ["xyz789"],
"ccAddresses": ["abc123"],
"bccAddresses": ["xyz789"],
"emailServer": IdRefInput
}
EmailSendPayload
Description
The result of submitting a request to send an email.
Fields
| Field Name | Description |
|---|---|
queuedTime -
Time
|
The time that the email was received by the Tanium Email service and queued for sending. Stability Level: 1.0 - Experimental (Early Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"queuedTime": "10:15:30Z",
"error": SystemError
}
EmailServerSummary
Description
A summary of the information required to retrieve and use an email server to send emails.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The email server ID. Stability Level: 1.0 - Experimental (Early Development) |
name -
String!
|
The email server name. Stability Level: 1.0 - Experimental (Early Development) |
description -
String
|
The email server description. Stability Level: 1.0 - Experimental (Early Development) |
fromAddress -
String
|
The email server From sender address. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": "4",
"name": "abc123",
"description": "abc123",
"fromAddress": "abc123"
}
EmailServerSummaryConnection
Description
A page of email server summary edges.
Fields
| Field Name | Description |
|---|---|
edges -
[EmailServerSummaryEdge!]!
|
The list of email server summary edges. Stability Level: 1.0 - Experimental (Early Development) |
pageInfo -
PageInfo!
|
Information about the email server summary collection. Stability Level: 1.0 - Experimental (Early Development) |
totalRecords -
Int!
|
The total number of email server summary records available. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"edges": [EmailServerSummaryEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
EmailServerSummaryEdge
Description
An email server summary within a page.
Fields
| Field Name | Description |
|---|---|
node -
EmailServerSummary!
|
The email server summary. Stability Level: 1.0 - Experimental (Early Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"node": EmailServerSummary,
"cursor": Cursor
}
Endpoint
Description
An endpoint managed by the Tanium Client.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID. This is reasonably guaranteed to be stable. Sensor: Endpoint ID, Column: ID Use of this field requires the Interact solution. Stability Level: 3 - Stable |
eidFirstSeen -
Time
|
The datetime an endpoint was first seen. Sensor: EID First Seen Stability Level: 3 - Stable |
eidLastSeen -
Time
|
The datetime an endpoint was last seen. Sensor: EID Last Seen Stability Level: 3 - Stable |
namespace -
String!
|
The endpoint namespace. The standard Tanium endpoint namespace is an empty string. Sensor: Endpoint ID, Column: Namespace Use of this field requires the Interact solution. Stability Level: 3 - Stable |
computerID -
String!
|
The Tanium Client computer ID. This is temporally unique but not stable. Example: 4202979704 Sensor: Computer ID Stability Level: 3 - Stable |
systemUUID -
String!
|
The UUID of the endpoint hardware. Note that this has no real guarantee of uniqueness across platforms and a strong possibility of duplicates within platforms (for virtual endpoints in particular). Sensor: System UUID Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the endpoint. Example: workstation-1.example.com Sensor: Computer Name Stability Level: 3 - Stable |
domainName -
String!
|
The domain name of the endpoint. Example: intra.example.com Sensor: Domain Name Stability Level: 3 - Stable |
serialNumber -
String!
|
The serial number provided by the manufacturer. Sensor: Computer Serial Number Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
manufacturer -
String!
|
The manufacturer of the endpoint. Example: Dell Sensor: Manufacturer Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
model -
String!
|
The model of the endpoint. Example: OptiPlex 7050 Sensor: Model Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
configurationItem -
ConfigurationItem
|
The CMDB reference IDs for the endpoint. Use of this field requires the Atlas solution. Stability Level: 3 - Stable |
ipAddress -
String!
|
The IP addresses of the endpoint. Example: 192.168.1.1 Sensor: Tanium Client IP Address Stability Level: 3 - Stable |
ipAddresses -
[String!]
|
The current IP addresses of this endpoint. Examples: 192.168.1.1, 192.168.1.2 Sensor: IP Address Stability Level: 3 - Stable |
macAddresses -
[String!]
|
The MAC addresses for all IP enabled network connections. Examples: 00:0C:29:68:6A:D8, 11:22:33:44:55:66 Sensor: MAC Address Stability Level: 3 - Stable |
primaryUser -
EndpointUser!
|
The primary user of the endpoint. Stability Level: 3 - Stable |
lastLoggedInUser -
String!
|
The name of the user that last signed in to the endpoint. Sensor: Last Logged In User Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
isVirtual -
Boolean
|
Indicates that the endpoint is virtual. Sensor: Is Virtual Stability Level: 3 - Stable |
isEncrypted -
Boolean
|
Indicates that the endpoint storage is encrypted, such as with BitLocker on Windows or FileVault on Mac OS. Sensor: Storage Encryption Status, Column: Encryption Status Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
chassisType -
String!
|
The machine or chassis type of the endpoint. Examples: MacBookPro16,1, Server, Virtual Sensor: Chassis Type Stability Level: 3 - Stable |
os -
EndpointOS!
|
The operating system details of the endpoint. Stability Level: 3 - Stable |
disks -
[EndpointDisk!]
|
The disk space details per drive on the endpoint. Stability Level: 3 - Stable |
memory -
Memory!
|
The memory details of the endpoint. Stability Level: 3 - Stable |
processor -
Processor!
|
The processor details of the endpoint. Stability Level: 3 - Stable |
networking -
Networking!
|
The networking details of the endpoint. Stability Level: 3 - Stable |
eventCounts -
EndpointEventCounts!
|
The number of performance events on the endpoint. Use of this field requires the Performance solution. Stability Level: 3 - Stable |
services -
[EndpointService!]!
|
The details of services on the endpoint. These are only available for Windows platforms. Stability Level: 3 - Stable |
installedApplications -
[EndpointInstalledApplication!]!
|
The software applications installed on the endpoint, regardless of provenance. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Sensor: Installed Applications Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Arguments
|
|
deployedSoftwarePackages -
[EndpointDeploySoftwarePackage!]!
|
The Deploy software packages that are deployed or deployable on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Sensor: Deploy - Software Packages Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
Arguments
|
|
sensorReadings -
EndpointSensorReadings!
|
Returns readings from the list of named sensors, which can include parameterized sensors. If the sensors are not available from the data source, the query returns an error. Hidden columns are not included unless they are specified in the list of sensor columns, or the This field allows a filter argument for each requested sensor. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the Use Use Stability Level: 3 - Stable |
Arguments
|
|
sensorReading -
EndpointSensorReading
|
Returns a reading from the named sensor, which can be a parameterized sensor. If the sensor is not available from the data source, the query returns an error. If the sensor has multiple columns, exactly one column must be specified. You can specify a hidden sensor column. This field allows a filter argument for the requested sensor. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the Use Use Stability Level: 1.1 - Experimental (Active Development) |
Arguments
|
|
compliance -
EndpointCompliance
|
The state of the endpoint's compliance with security policies. Use of this field requires the Comply solution. Stability Level: 3 - Stable |
discover -
EndpointDiscover
|
The Discover details. Stability Level: 3 - Stable |
risk -
EndpointRisk
|
The Risk details of the endpoint. Sensor: Risk Vectors, Column: Risk Score Missing Use of this field requires the Risk solution. Stability Level: 3 - Stable |
sentinel -
EndpointSentinel!
|
The Microsoft Sentinel details of the endpoint. Use of this field requires the Core Content, Core Content - SCCM solutions. Stability Level: 3 - Stable |
Example
{
"id": "4",
"eidFirstSeen": "10:15:30Z",
"eidLastSeen": "10:15:30Z",
"namespace": "xyz789",
"computerID": "abc123",
"systemUUID": "abc123",
"name": "abc123",
"domainName": "abc123",
"serialNumber": "abc123",
"manufacturer": "abc123",
"model": "abc123",
"configurationItem": ConfigurationItem,
"ipAddress": "abc123",
"ipAddresses": ["xyz789"],
"macAddresses": ["xyz789"],
"primaryUser": EndpointUser,
"lastLoggedInUser": "xyz789",
"isVirtual": false,
"isEncrypted": true,
"chassisType": "abc123",
"os": EndpointOS,
"disks": [EndpointDisk],
"memory": Memory,
"processor": Processor,
"networking": Networking,
"eventCounts": EndpointEventCounts,
"services": [EndpointService],
"installedApplications": [EndpointInstalledApplication],
"deployedSoftwarePackages": [
EndpointDeploySoftwarePackage
],
"sensorReadings": EndpointSensorReadings,
"sensorReading": EndpointSensorReading,
"compliance": EndpointCompliance,
"discover": EndpointDiscover,
"risk": EndpointRisk,
"sentinel": EndpointSentinel
}
EndpointAlert
Description
A performance alert triggered on an endpoint.
Fields
| Field Name | Description |
|---|---|
schema -
Int!
|
Stability Level: 3 - Stable |
key -
String
|
Stability Level: 3 - Stable |
type -
String
|
Stability Level: 3 - Stable |
ref -
String
|
Stability Level: 3 - Stable |
topProcessesExpr -
String
|
Stability Level: 3 - Stable |
labels -
Map
|
Stability Level: 3 - Stable |
pendingAt -
Time
|
Stability Level: 3 - Stable |
start -
Time
|
Stability Level: 3 - Stable |
resolvedAt -
Time
|
Stability Level: 3 - Stable |
leadup -
Int
|
Stability Level: 3 - Stable |
value -
Float
|
Stability Level: 3 - Stable |
firing -
Boolean
|
Stability Level: 3 - Stable |
evidenceToGather -
[String!]
|
Stability Level: 3 - Stable |
evidence -
[EndpointAlertEvidence!]
|
Stability Level: 3 - Stable |
Example
{
"schema": 123,
"key": "xyz789",
"type": "xyz789",
"ref": "xyz789",
"topProcessesExpr": "xyz789",
"labels": Map,
"pendingAt": "10:15:30Z",
"start": "10:15:30Z",
"resolvedAt": "10:15:30Z",
"leadup": 987,
"value": 123.45,
"firing": false,
"evidenceToGather": ["xyz789"],
"evidence": [EndpointAlertEvidence]
}
EndpointAlertEvidence
Description
Evidence collected as part of a performance alert on an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String
|
Stability Level: 3 - Stable |
value -
String
|
Stability Level: 3 - Stable |
values -
[EndpointAlertEvidenceValues]
|
Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"value": "xyz789",
"values": [EndpointAlertEvidenceValues]
}
EndpointAlertEvidenceValues
EndpointCollectionInfo
Description
Information about the endpoint results that populate an EndpointConnection.
Fields
| Field Name | Description |
|---|---|
active -
Boolean!
|
Indicates results may still continue to accumulate in the underlying collection, and you may refresh the cursor if the paginated results are insufficient. Stability Level: 3 - Stable |
success -
Boolean!
|
Indicates the results in the paginated connection satisfy the criteria specified by the query's data source argument. Stability Level: 3 - Stable |
expectedTotal -
Int
|
The number of endpoints expected to evaluate the query, if known. Note that not all of these endpoints are necessarily expected to contribute results, and that this total may be smaller or larger than the total number of endpoints that responded. Stability Level: 3 - Stable |
respondedTotal -
Int
|
The number of endpoints that have evaluated the query, if known. Stability Level: 3 - Stable |
contributedTotal -
Int!
|
The number of endpoints that have contributed results to the query. Stability Level: 3 - Stable |
respondedPercentage -
Float
|
The number of endpoints that have evaluated the query divided by the number of endpoints expected to evaluate the query, if both are known, expressed as a decimal value between Stability Level: 3 - Stable |
startCursor -
Cursor
|
The cursor for the beginning of the collection. This will be populated even if the collection is empty, as long as the collection has the possibility of being refreshed with new results. Stability Level: 3 - Stable |
question -
EndpointQuestion
|
Information about the question used to implement this query, if one was used. This is returned only for queries using the Tanium Server data source. This is null for queries using the Tanium Data Service data source. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"active": false,
"success": false,
"expectedTotal": 987,
"respondedTotal": 987,
"contributedTotal": 123,
"respondedPercentage": 987.65,
"startCursor": Cursor,
"question": EndpointQuestion
}
EndpointCompliance
Description
The state of an endpoint's compliance with security policies.
Fields
| Field Name | Description |
|---|---|
cveFindings -
[EndpointComplianceCveFinding!]
|
The list of all vulnerability findings on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Note that the absoluteFirstFoundDate, firstFound, lastFound, and lastScanDate fields are not supported in the filter. Sensor: Comply - CVE Findings Sensor: Comply - Vulnerability Findings Details, Column: Check ID Stability Level: 3 - Stable |
Arguments
|
|
complianceFindings -
[EndpointComplianceComplianceFinding!]
|
The list of all compliance findings on the endpoint. This field allows a filter argument. You can use the filter to restrict the items returned in this field. This also restricts the returned endpoints to those with matching items in this field, unless the The filter must be either a simple filter, or a compound filter with a single set of simple child filters. An endpoint is returned only if it matches the simple filter, or all filters within the compound filter. The filter supports the following operations: Note that the firstFoundDate and lastScanDate fields are not supported in the filter. Sensor: Comply - Compliance Findings Sensor: Comply - Compliance Findings Details, Column: Check ID Stability Level: 3 - Stable |
Arguments
|
|
Example
{
"cveFindings": [EndpointComplianceCveFinding],
"complianceFindings": [
EndpointComplianceComplianceFinding
]
}
EndpointComplianceComplianceFinding
Description
A compliance issue found on an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
String
|
The ID of the compliance finding. Sensor: Comply - Compliance Findings, Column: Check ID Sensor: Comply - Compliance Findings Details, Column: Check ID Stability Level: 3 - Stable |
excepted -
Boolean
|
Indicates whether the finding is an excepted finding. Sensor: Comply - Compliance Findings Details, Column: Excepted Stability Level: 1.2 - Experimental (Release Candidate) |
state -
String
|
The state of the compliance issue. Sensor: Comply - Compliance Findings, Column: State Sensor: Comply - Compliance Findings Details, Column: State Stability Level: 3 - Stable |
category -
String
|
The category of the compliance issue. Sensor: Comply - Compliance Findings, Column: Category Sensor: Comply - Compliance Findings Details, Column: Category Stability Level: 3 - Stable |
ruleId -
String
|
The ID of the rule violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Rule ID Sensor: Comply - Compliance Findings Details, Column: Rule ID Stability Level: 3 - Stable |
standard -
String
|
The standard violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Standard Sensor: Comply - Compliance Findings Details, Column: Standard Stability Level: 3 - Stable |
standardVersion -
String
|
The version of the standard violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Standard Version Sensor: Comply - Compliance Findings Details, Column: Standard Version Stability Level: 3 - Stable |
profile -
String
|
The profile violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Profile Sensor: Comply - Compliance Findings Details, Column: Profile Stability Level: 3 - Stable |
profileVersion -
String
|
The version of the profile violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Profile Version Sensor: Comply - Compliance Findings Details, Column: Profile Version Stability Level: 3 - Stable |
rule -
String
|
The rule violated by the compliance issue. Sensor: Comply - Compliance Findings, Column: Rule Sensor: Comply - Compliance Findings Details, Column: Rule Stability Level: 3 - Stable |
firstFoundDate -
Date
|
The date on which the compliance issue was first found on the endpoint. If the compliance finding state changes, this updates to the new discovery date. Sensor: Comply - Compliance Findings - First Found, Column: First Found - Date Sensor: Comply - Compliance Findings - First Found, Column: First Found - Check ID Stability Level: 3 - Stable |
lastScanDate -
Date
|
The date on which the compliance issue was last scanned for on the endpoint. Sensor: Comply - Compliance Findings - Last Scan, Column: Last Scan - Date Sensor: Comply - Compliance Findings - Last Scan, Column: Last Scan - Check ID Stability Level: 3 - Stable |
Example
{
"id": "xyz789",
"excepted": false,
"state": "xyz789",
"category": "xyz789",
"ruleId": "xyz789",
"standard": "abc123",
"standardVersion": "xyz789",
"profile": "abc123",
"profileVersion": "abc123",
"rule": "xyz789",
"firstFoundDate": "2007-12-03",
"lastScanDate": "2007-12-03"
}
EndpointComplianceCveFinding
Description
A vulnerability finding on an endpoint.
Fields
| Field Name | Description |
|---|---|
cveId -
String
|
The ID of the CVE. Sensor: Comply - CVE Findings, Column: Check ID Sensor: Comply - Vulnerability Findings Details, Column: Check ID Stability Level: 3 - Stable |
excepted -
Boolean
|
Indicates whether the finding is an excepted finding. Sensor: Comply - Vulnerability Findings Details, Column: Excepted Stability Level: 1.2 - Experimental (Release Candidate) |
scanType -
String
|
The method used to discover the finding. Examples: ras, sbom, oval Sensor: Comply - Vulnerability Findings Details, Column: Scan Type Stability Level: 1.2 - Experimental (Release Candidate) |
cvssScore -
Float
|
The CVSS v2 score of the CVE. Sensor: Comply - CVE Findings, Column: CVSS Score Sensor: Comply - Vulnerability Findings Details, Column: CVSS Score Stability Level: 3 - Stable |
severity -
String
|
The CVSS v2 severity of the CVE. Sensor: Comply - CVE Findings, Column: Severity Sensor: Comply - Vulnerability Findings Details, Column: Severity Stability Level: 3 - Stable |
cvssScoreV3 -
Float
|
The CVSS v3 score of the CVE. Sensor: Comply - CVE Findings, Column: CVSS v3 Base Score Sensor: Comply - Vulnerability Findings Details, Column: CVSS v3 Base Score Stability Level: 3 - Stable |
severityV3 -
String
|
The CVSS v3 severity of the CVE. Sensor: Comply - CVE Findings, Column: CVSS v3 Severity Sensor: Comply - Vulnerability Findings Details, Column: CVSS v3 Severity Stability Level: 3 - Stable |
cveYear -
String
|
The year in which the CVE ID was reserved, or the year in which the CVE became public. Sensor: Comply - CVE Findings, Column: CVE Year Sensor: Comply - Vulnerability Findings Details, Column: CVE Year Stability Level: 3 - Stable |
summary -
String
|
A brief summary of the CVE. Sensor: Comply - CVE Findings, Column: Summary Sensor: Comply - Vulnerability Findings Details, Column: Summary Stability Level: 3 - Stable |
firstFound -
Date
|
The date on which the CVE was first found on the endpoint. If the CVE is remediated, then detected on this endpoint at a later date, the date updates to the later detection date. Sensor: Comply - CVE Findings - First Found, Column: First Found - Date Sensor: Comply - CVE Findings - First Found, Column: First Found - CVE Stability Level: 3 - Stable |
lastFound -
Date
|
The date on which the CVE was last found on the endpoint. Sensor: Comply - CVE Findings - Last Found, Column: Last Found - Date Sensor: Comply - CVE Findings - Last Found, Column: Last Found - CVE Stability Level: 3 - Stable |
absoluteFirstFoundDate -
Date
|
The date on which the CVE was first found on the endpoint. If the CVE is remediated, then detected on this endpoint at a later date, this date does not change. Sensor: Comply - CVE Findings - Absolute First Found, Column: Absolute First Found - Date Sensor: Comply - CVE Findings - Absolute First Found, Column: Absolute First Found - CVE Stability Level: 3 - Stable |
lastScanDate -
Date
|
The date on which the CVE was last scanned for on the endpoint. Sensor: Comply - CVE Findings - Last Scan, Column: Last Scan - Date Sensor: Comply - CVE Findings - Last Scan, Column: Last Scan - CVE Stability Level: 3 - Stable |
isCisaKev -
Boolean
|
Indicates whether the CVE is included in the CISA Known Exploited Vulnerabilities (KEV) catalog. Sensor: Comply - Vulnerability Findings Details, Column: Is CISA KEV Stability Level: 1.2 - Experimental (Release Candidate) |
cisaVendor -
String
|
The vendor or project name associated with the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Vendor Stability Level: 1.2 - Experimental (Release Candidate) |
cisaProduct -
String
|
The product associated with the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Product Stability Level: 1.2 - Experimental (Release Candidate) |
cisaVulnerabilityName -
String
|
The vulnerability name. Sensor: Comply - Vulnerability Findings Details, Column: CISA Vulnerability Name Stability Level: 1.2 - Experimental (Release Candidate) |
cisaDateAdded -
Date
|
The date the vulnerability was added to the CISA KEV catalog. Sensor: Comply - Vulnerability Findings Details, Column: CISA Date Added Stability Level: 1.2 - Experimental (Release Candidate) |
cisaShortDescription -
String
|
A short description of the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Short Description Stability Level: 1.2 - Experimental (Release Candidate) |
cisaRequiredAction -
String
|
The action listed to address the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Required Action Stability Level: 1.2 - Experimental (Release Candidate) |
cisaDueDate -
Date
|
The due date for taking the action listed. Sensor: Comply - Vulnerability Findings Details, Column: CISA Due Date Stability Level: 1.2 - Experimental (Release Candidate) |
cisaNotes -
String
|
Additional notes about the vulnerability. Sensor: Comply - Vulnerability Findings Details, Column: CISA Notes Stability Level: 1.2 - Experimental (Release Candidate) |
cpes -
[String!]
|
A list of Common Platform Enumerations (CPE) for this CVE. Sensor: Comply - Vulnerability Findings Details, Column: CPEs Stability Level: 1.2 - Experimental (Release Candidate) |
affectedProducts -
[String!]
|
A list of affected products for this CVE. Sensor: Comply - Vulnerability Findings Details, Column: Products Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"cveId": "xyz789",
"excepted": true,
"scanType": "xyz789",
"cvssScore": 123.45,
"severity": "xyz789",
"cvssScoreV3": 123.45,
"severityV3": "xyz789",
"cveYear": "xyz789",
"summary": "abc123",
"firstFound": "2007-12-03",
"lastFound": "2007-12-03",
"absoluteFirstFoundDate": "2007-12-03",
"lastScanDate": "2007-12-03",
"isCisaKev": false,
"cisaVendor": "xyz789",
"cisaProduct": "abc123",
"cisaVulnerabilityName": "abc123",
"cisaDateAdded": "2007-12-03",
"cisaShortDescription": "abc123",
"cisaRequiredAction": "xyz789",
"cisaDueDate": "2007-12-03",
"cisaNotes": "xyz789",
"cpes": ["xyz789"],
"affectedProducts": ["abc123"]
}
EndpointConnection
Description
A page of endpoint edges.
Fields
| Field Name | Description |
|---|---|
edges -
[EndpointEdge!]!
|
The list of endpoint edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the endpoint collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of endpoint records available. Stability Level: 3 - Stable |
collectionInfo -
EndpointCollectionInfo!
|
Information about the endpoint results that contribute to the collection. Stability Level: 3 - Stable |
Example
{
"edges": [EndpointEdge],
"pageInfo": PageInfo,
"totalRecords": 987,
"collectionInfo": EndpointCollectionInfo
}
EndpointCountColumn
Description
A sensor column and value associated with an endpoint count.
Fields
| Field Name | Description |
|---|---|
sensor -
EndpointSensorReadingRef!
|
The sensor with which an endpoint count is associated. This sensor is one of the sensors defined in Stability Level: 1.0 - Experimental (Early Development) |
columnName -
String!
|
The sensor column name associated with the sensor if its a multi-column sensor. For a single-column sensor, this field denotes the sensorName. Examples: Name, Version, FileExists Stability Level: 1.0 - Experimental (Early Development) |
values -
[String!]!
|
The values associated with Requests might return an array of field values for a given column. For example, if you define the Installed Applications sensor in Examples: Windows 10 Enterprise, example_hostname, 1.2.10,1.3.5,1.5.18 Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"sensor": EndpointSensorReadingRef,
"columnName": "abc123",
"values": ["xyz789"]
}
EndpointCountRow
Description
An endpoint count that matches sensor column values.
Fields
| Field Name | Description |
|---|---|
columns -
[EndpointCountColumn!]!
|
The sensor columns and values associated with a count of endpoints matching these values. Stability Level: 1.0 - Experimental (Early Development) |
count -
Int!
|
The count of endpoints that match this set of sensor columns and values. Stability Level: 1.0 - Experimental (Early Development) |
Example
{"columns": [EndpointCountColumn], "count": 123}
EndpointCountsConnection
Description
A page of endpoint count edges.
Fields
| Field Name | Description |
|---|---|
edges -
[EndpointCountsEdge!]!
|
The list of endpoint count edges. Stability Level: 1.0 - Experimental (Early Development) |
pageInfo -
PageInfo!
|
Information about the endpoint count collection. Stability Level: 1.0 - Experimental (Early Development) |
totalRecords -
Int!
|
The total number of endpoint count records available. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"edges": [EndpointCountsEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
EndpointCountsEdge
Description
An endpoint count within a page.
Fields
| Field Name | Description |
|---|---|
node -
EndpointCountRow!
|
The endpoint count row. Stability Level: 1.0 - Experimental (Early Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"node": EndpointCountRow,
"cursor": Cursor
}
EndpointCountsInput
Description
A request to retrieve the count of endpoints matching the input sensor column values.
Fields
| Input Field | Description |
|---|---|
after -
Cursor
|
Returns the endpoint counts after the given cursor. Stability Level: 1.0 - Experimental (Early Development) |
first -
Int!
|
Returns the first n endpoint counts from the list. This has a maximum value of 1,000. Stability Level: 1.0 - Experimental (Early Development) |
before -
Cursor
|
Returns the endpoint counts before the given cursor. Stability Level: 1.0 - Experimental (Early Development) |
last -
Int
|
Returns the last
n endpoint counts from the list. This must be given if Stability Level: 1.0 - Experimental (Early Development) |
filter -
EndpointFieldFilter
|
Returns only endpoint counts including endpoints matching this filter. The Stability Level: 1.0 - Experimental (Early Development) |
sensors -
[EndpointSensorRef!]!
|
Defines which sensors are selected as the basis for the endpoint counts. The Stability Level: 1.0 - Experimental (Early Development) |
source -
EndpointCountsSource!
|
Describes the data source from which to retrieve the endpoint counts. The Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"after": Cursor,
"first": 987,
"before": Cursor,
"last": 987,
"filter": EndpointFieldFilter,
"sensors": [EndpointSensorRef],
"source": EndpointCountsSource
}
EndpointCountsSource
Description
The data source from which to retrieve endpoints for the endpointCounts query.
Fields
| Input Field | Description |
|---|---|
ts -
EndpointSourceTS!
|
The Tanium Server data source. Stability Level: 1.0 - Experimental (Early Development) |
Example
{"ts": EndpointSourceTS}
EndpointDeploySoftwarePackage
Description
A Deploy software package that is deployed or deployable on an endpoint.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the software package. Sensor: Deploy - Software Packages, Column: Software Package ID Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
vendor -
String!
|
The name of the software vendor that produced the package. Sensor: Deploy - Software Packages, Column: Vendor Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
name -
String!
|
The name of the software package. Sensor: Deploy - Software Packages, Column: Name Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
version -
String!
|
The version of the software package. Sensor: Deploy - Software Packages, Column: Version Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
gallery -
String!
|
If Examples: Yes, No Sensor: Deploy - Software Packages, Column: Is Gallery Package Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
applicability -
String!
|
Indicates the applicability of the software package to the endpoint. Examples: Installed, Install Eligible, Not Applicable Sensor: Deploy - Software Packages, Column: Applicability Use of this field requires the Deploy solution. Stability Level: 3 - Stable |
Example
{
"id": 4,
"vendor": "abc123",
"name": "xyz789",
"version": "xyz789",
"gallery": "abc123",
"applicability": "xyz789"
}
EndpointDiscover
Description
The details found by Discover.
Fields
| Field Name | Description |
|---|---|
discoverMethod -
String
|
The Discover Method Name. Example: ping Sensor: Discover Method Use of this field requires the Discover solution. Stability Level: 3 - Stable |
discoverProfile -
String
|
The Discover Method Profile. Example: Distributed Ping Sensor: Discover Profile Use of this field requires the Discover solution. Stability Level: 3 - Stable |
natIpAddress -
String
|
The IP Address of this client as seen from the Tanium Server. Example: 192.168.1.1 Sensor: NAT IP Address Use of this field requires the Discover solution. Stability Level: 3 - Stable |
openPorts -
[Int!]
|
The top 1000 (according to Nmap) open TCP ports. Examples: 1234, 2345 Sensor: Open Ports Use of this field requires the Discover solution. Stability Level: 3 - Stable |
Example
{
"discoverMethod": "abc123",
"discoverProfile": "xyz789",
"natIpAddress": "abc123",
"openPorts": [123]
}
EndpointDisk
Description
The disk space details of a volume.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The disk drive name. Sensor: Disk Total Space Stability Level: 3 - Stable |
free -
String
|
The amount of free disk space per drive. Example: 40 GB Sensor: Disk Free Space Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
total -
String
|
The amount of total disk space per drive. Example: 100 GB Sensor: Disk Total Space Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
usedPercentage -
String
|
The percentage of used disk space per drive. Example: 24% Sensor: Disk Used Percentage Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
usedSpace -
String
|
The amount of used disk space per drive. Example: 40 GB Sensor: Disk Used Space Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"free": "xyz789",
"total": "xyz789",
"usedPercentage": "xyz789",
"usedSpace": "abc123"
}
EndpointEdge
EndpointEventCounts
Description
The number of performance events on an endpoint.
Fields
| Field Name | Description |
|---|---|
cpu -
Int!
|
The number of CPU performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
memory -
Int!
|
The number of memory performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
disk -
Int!
|
The number of disk performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
network -
Int!
|
The count of network performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
appCrash -
Int!
|
The count of application crash performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
all -
Int!
|
The count of all performance events on the endpoint in the last 24 hours. Sensor: Performance - Event Category Match Count Use of this field requires the Performance solution. Stability Level: 3 - Stable |
Example
{
"cpu": 987,
"memory": 987,
"disk": 987,
"network": 987,
"appCrash": 987,
"all": 123
}
EndpointFieldFilter
Description
Describes a filter for endpoint field values. Records with field values matching the filter are included in the query results. Field filters may be single or compound, and have different argument requirements. Any filter that is not valid causes the query to return an error.
Simple filters have three distinct forms:
path,value, andopproperties describe a filter on the value of a field in the schemasensor,value, andopproperties describe a filter on the value of an arbitrary sensor readingmemberOfproperty describes a filter to a computer group
Compound filters have a single form:
filters, andanyproperties
Fields
| Input Field | Description |
|---|---|
path -
String
|
The dot notation path to the field to filter, such as "cpu.manufacturer", where the field on which the filter argument is declared is the root of the path. If the path does not resolve to a field, the query returns an error. Stability Level: 3 - Stable |
maxAge -
Int
|
This value overrides the sensor default maximum age setting. Setting this value lower than the sensor default maximum age setting increases resource usage on endpoints. Setting this value to very small periods of time might cause excessive resource usage on endpoints and frequent sensor evaluation. This is only applicable with the Tanium Server data source. For more information, see Tanium Console User Guide: Max Sensor Age Stability Level: 3 - Stable |
memberOf -
EndpointFieldFilterComputerGroup
|
The computer group to which the endpoint must belong in order to pass the filter. Stability Level: 3 - Stable |
sensor -
EndpointFieldFilterSensor
|
The sensor whose reading is used as the basis for the filter. Stability Level: 3 - Stable |
op -
FieldFilterOp!
|
The operator by which to compare the specified value to the field value. Note that not all operators are valid for all fields or data sources. If the operator is not valid, the query returns an error. Stability Level: 3 - Stable |
negated -
Boolean!
|
Indicates that the filter is negated. Records with field values matching the filter are excluded from the query results. Stability Level: 3 - Stable |
value -
String
|
The constant value to compare with the field value, expressed as a string. If this value cannot be interpreted as a valid value for the field type, the query returns an error. Stability Level: 3 - Stable |
filters -
[EndpointFieldFilter!]
|
Describes the set of filters which comprise this compound filter. Stability Level: 3 - Stable |
any -
Boolean!
|
Indicates that if any of the filters comprising this compound filter passes, the compound filter passes. This defaults to Stability Level: 3 - Stable |
Example
{
"path": "xyz789",
"maxAge": 987,
"memberOf": EndpointFieldFilterComputerGroup,
"sensor": EndpointFieldFilterSensor,
"op": "EQ",
"negated": true,
"value": "abc123",
"filters": [EndpointFieldFilter],
"any": true
}
EndpointFieldFilterComputerGroup
Description
Identifies the computer group to which an endpoint must belong to be included by a filter.
Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the computer group, and the name is ignored.
Example
{
"name": "xyz789",
"id": "4"
}
EndpointFieldFilterSensor
Description
Identifies the sensor whose readings are used as the basis for a filter.
Fields
| Input Field | Description |
|---|---|
name -
String
|
The name of the sensor. Stability Level: 1.0 - Experimental (Early Development) |
column -
String
|
The name of the column of the sensor results, if the sensor returns multiple columns. Stability Level: 1.0 - Experimental (Early Development) |
params -
[EndpointFieldFilterSensorParam!]
|
The values of the parameters to the sensor, if needed. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"name": "abc123",
"column": "abc123",
"params": [EndpointFieldFilterSensorParam]
}
EndpointFieldFilterSensorParam
Description
Parameterizes a sensor reading.
Example
{
"name": "xyz789",
"value": "abc123"
}
EndpointFieldSort
Description
Describes a sort order for endpoint field values. Endpoints will be sorted by the specified field, in the specified order. Any sort that is not valid causes the query to return an error.
Exactly one of path or sensor must be provided.
Fields
| Input Field | Description |
|---|---|
path -
String
|
The dot notation path to the field to sort by, such as "cpu.manufacturer", where the field on which the sort argument is declared is the root of the path. If the path does not resolve to a field, the query returns an error. Examples: computerID, ipAddress, name, processor.consumption Stability Level: 1.2 - Experimental (Release Candidate) |
sensor -
EndpointFieldSortSensor
|
The sensor whose reading is used as the basis for the sort. Stability Level: 1.2 - Experimental (Release Candidate) |
order -
SortOrder!
|
The order in which to sort the field values. Stability Level: 1.2 - Experimental (Release Candidate) |
Example
{
"path": "abc123",
"sensor": EndpointFieldSortSensor,
"order": "asc"
}
EndpointFieldSortSensor
Description
Identifies the sensor whose readings are used as the basis for a sort.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The sensor name. Stability Level: 3 - Stable |
column -
String
|
For multi-column sensors, the name of the sensor results column. For single-column sensors, this field must be null. Stability Level: 3 - Stable |
params -
[EndpointFieldFilterSensorParam!]
|
The parameter values to use for a parameterized sensor. For unparameterized sensors, this field must be null. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"column": "xyz789",
"params": [EndpointFieldFilterSensorParam]
}
EndpointIdChange
EndpointIdChangesPayload
Description
The endpoint IDs changes.
Fields
| Field Name | Description |
|---|---|
changes -
[EndpointIdChange!]!
|
The list of endpoint ID changes. Stability Level: 3 - Stable |
before -
Time!
|
The date and time of the last record returned. Using this timestamp as the Stability Level: 3 - Stable |
Example
{
"changes": [EndpointIdChange],
"before": "10:15:30Z"
}
EndpointInstalledApplication
Description
A software application installed on an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the application. Sensor: Installed Applications, Column: Name Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
version -
String!
|
The version of the application. Sensor: Installed Applications, Column: Version Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
silentUninstallString -
String!
|
The silent uninstall string for the application. Sensor: Installed Applications, Column: Silent Uninstall String Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
uninstallable -
Boolean
|
Indicates whether the application can be uninstalled. Sensor: Installed Applications, Column: Uninstallable Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"version": "abc123",
"silentUninstallString": "xyz789",
"uninstallable": true
}
EndpointMetric
Description
A metric recorded on an endpoint.
Fields
| Field Name | Description |
|---|---|
metric -
EndpointMetricInfo
|
The metric details. Stability Level: 3 - Stable |
value -
Any
|
The value of the metric. This is not yet well-typed. Stability Level: 3 - Stable |
values -
Any
|
The values of the metric. This is not yet well-typed. Stability Level: 3 - Stable |
Example
{
"metric": EndpointMetricInfo,
"value": Any,
"values": Any
}
EndpointMetricInfo
Description
The details of a metric recorded on an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String
|
The name of the metric. Stability Level: 3 - Stable |
Example
{"name": "xyz789"}
EndpointOS
Description
The operating system details of an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the operating system. This name may be localized. Example: Windows Server 2008 R2 Enterprise Sensor: Operating System Stability Level: 3 - Stable |
platform -
EndpointPlatform!
|
The platform of the operating system. Example: Windows Sensor: OS Platform Stability Level: 3 - Stable |
generation -
String!
|
The generation of the operating system. Examples: Windows 10, Windows Server 2008 R2, Red Hat Enterprise Linux Server 6, Mac OS X 10.14 Sensor: Operating System Generation Stability Level: 3 - Stable |
language -
String!
|
The language of the operating system. Example: en-US Sensor: Operating System Language, Column: Language Packs Installed Stability Level: 3 - Stable |
windows -
EndpointWindowsOS
|
The details of the Windows operating system. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"platform": "Unknown",
"generation": "abc123",
"language": "abc123",
"windows": EndpointWindowsOS
}
EndpointPlatform
Description
The set of endpoint platforms.
Values
| Enum Value | Description |
|---|---|
|
|
The endpoint platform is unknown. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The endpoint is running Microsoft Windows. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The endpoint is running Linux. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The endpoint is running macOS. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The endpoint is running Oracle Solaris. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The endpoint is running IBM AIX. Stability Level: 1.0 - Experimental (Early Development) |
Example
"Unknown"
EndpointQuestion
Description
An endpoint question.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique question identifier. Stability Level: 3 - Stable |
Example
{"id": 4}
EndpointRisk
Description
The Risk details of an endpoint.
Fields
| Field Name | Description |
|---|---|
totalScore -
Float!
|
The overall risk score for the endpoint. Sensor: Risk Vectors, Column: Risk Score Use of this field requires the Risk solution. Stability Level: 3 - Stable |
riskLevel -
String!
|
The Endpoint score rating for the endpoint. Examples: Low, Medium, High, Critical Sensor: Risk Vectors, Column: Endpoint Score Use of this field requires the Risk solution. Stability Level: 3 - Stable |
assetCriticality -
String!
|
Endpoint criticality, assigned by a user. This modifies the endpoint risk score. Examples: Low, Medium, High, Critical Sensor: Risk Vectors, Column: Asset Criticality Use of this field requires the Risk solution. Stability Level: 3 - Stable |
criticalityScore -
Float!
|
Asset criticality modifier. For more information, see Tanium Benchmark User Guide: Assign endpoint criticality Sensor: Risk Vectors, Column: Criticality Score Use of this field requires the Risk solution. Stability Level: 3 - Stable |
vectors -
EndpointRiskVectors!
|
The risk vectors associated with the endpoint. Stability Level: 3 - Stable |
Example
{
"totalScore": 123.45,
"riskLevel": "xyz789",
"assetCriticality": "xyz789",
"criticalityScore": 123.45,
"vectors": EndpointRiskVectors
}
EndpointRiskAdministrativeAccessVector
Description
The Administrative Access risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The Administrative Access risk vector score for the endpoint. Sensor: Risk Vectors, Column: Administrative Access Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
impactRatingScore -
Int!
|
The impact score for the endpoint. For more information, see Tanium Impact User Guide: Impact Rating Sensor: Risk Vectors, Column: Impact Rating.Impact Score Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
impactRating -
String!
|
The Impact rating for the endpoint. Examples: Low, Medium, High, Critical Sensor: Risk Vectors, Column: Impact Rating.Impact Rating Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
direct -
Int!
|
The number of users on the endpoint with direct administrative access. Sensor: Risk Vectors, Column: Impact Rating.Direct Admin By Count Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
indirect -
Int!
|
The number of users on the endpoint with indirect administrative access through an Active Directory group membership. Sensor: Risk Vectors, Column: Impact Rating.Indirect Admin By Count Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
inbound -
Int!
|
The number of endpoints or users that an attacker might use to breach the endpoint. Sensor: Risk Vectors, Column: Impact Rating.Inbound Asset Count Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
outbound -
Int!
|
The number of endpoints or users that an attacker might breach from the endpoint. Sensor: Risk Vectors, Column: Impact Rating.Outbound Asset Count Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
sessions -
Int!
|
The number of active user sessions on the endpoint. Sensor: Risk Vectors, Column: Impact Rating.Session Count Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
Example
{
"score": 987.65,
"impactRatingScore": 987,
"impactRating": "xyz789",
"direct": 123,
"indirect": 123,
"inbound": 123,
"outbound": 987,
"sessions": 123
}
EndpointRiskComplianceVector
Description
The System Compliance risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The System Compliance risk vector score for the endpoint. Sensor: Risk Vectors, Column: Compliance Score Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
complianceFailCount -
Int!
|
The number of compliance failures for the endpoint. Sensor: Risk Vectors, Column: Compliance Fail Count Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
Example
{"score": 987.65, "complianceFailCount": 123}
EndpointRiskExpiredCertificatesVector
Description
The Expired Certificates risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The Expired Certificates risk vector score for the endpoint. Sensor: Risk Vectors, Column: Expired Certificates Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
ports -
String!
|
The TCP ports associated with expired certificates on the endpoint. Sensor: Risk Vectors, Column: Expired Certificates Ports Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
certificatesCount -
Int!
|
The number of expired certificates on the endpoint. Sensor: Risk Vectors, Column: Certificates Count Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
Example
{
"score": 987.65,
"ports": "abc123",
"certificatesCount": 123
}
EndpointRiskInsecureTLSVector
Description
The Insecure SSL/TLS risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The Insecure SSL/TLS vector risk score for the endpoint. Sensor: Risk Vectors, Column: Insecure SSL TLS Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
ports -
String!
|
The TCP ports used for insecure SSL or TLS traffic on the endpoint. Example: 22, 3389 Sensor: Risk Vectors, Column: Insecure SSL TLS Ports Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
protocols -
String!
|
The insecure SSL or TLS protocols in use on the endpoint. Example: SSL 3.0, TLS 1.0 Sensor: Risk Vectors, Column: Insecure SSL TLS Protocols Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
Example
{
"score": 123.45,
"ports": "abc123",
"protocols": "abc123"
}
EndpointRiskPasswordIdentificationVector
Description
The Password Identification risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The Password Identification vector risk score for the endpoint. Sensor: Risk Vectors, Column: Password Score Use of this field requires the Reveal, Risk solutions. Stability Level: 3 - Stable |
filesConfirmed -
String!
|
The number of files with confirmed passwords on the endpoint. For more information, see Tanium Benchmark User Guide: Review Password Identification Sensor: Risk Vectors, Column: Files Confirmed Use of this field requires the Reveal, Risk solutions. Stability Level: 3 - Stable |
Example
{
"score": 123.45,
"filesConfirmed": "abc123"
}
EndpointRiskSystemVulnerabilityVector
Description
The System Vulnerability risk vector details for an endpoint.
Fields
| Field Name | Description |
|---|---|
score -
Float!
|
The System Vulnerability vector risk score for the endpoint. Sensor: Risk Vectors, Column: Vulnerability Score Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
cveCount -
Int!
|
The number of Common Vulnerabilities and Exposures identifiers (CVEs) found on the endpoint. Sensor: Risk Vectors, Column: CVE Count Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
Example
{"score": 123.45, "cveCount": 987}
EndpointRiskVectors
Description
The risk vectors associated with an endpoint.
Fields
| Field Name | Description |
|---|---|
systemVulnerability -
EndpointRiskSystemVulnerabilityVector
|
The System Vulnerability risk vector details for the endpoint. Sensor: Risk Vectors, Column: Vulnerability Score Missing Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
compliance -
EndpointRiskComplianceVector
|
The System Compliance risk vector details for the endpoint. Sensor: Risk Vectors, Column: Compliance Score Missing Use of this field requires the Comply, Risk solutions. Stability Level: 3 - Stable |
administrativeAccess -
EndpointRiskAdministrativeAccessVector
|
The Administrative Access risk vector details for the endpoint. Sensor: Risk Vectors, Column: Administrative Access Missing Use of this field requires the Impact, Risk solutions. Stability Level: 3 - Stable |
passwordIdentification -
EndpointRiskPasswordIdentificationVector
|
The Password Identification risk vector details for the endpoint. Sensor: Risk Vectors, Column: Password Score Missing Use of this field requires the Reveal, Risk solutions. Stability Level: 3 - Stable |
expiredCertificates -
EndpointRiskExpiredCertificatesVector
|
The Expired Certificates risk vector details for the endpoint. Sensor: Risk Vectors, Column: Expired Certificates Missing Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
insecureTLS -
EndpointRiskInsecureTLSVector
|
The Insecure SSL/TLS risk vector details for the endpoint. Sensor: Risk Vectors, Column: Insecure SSL TLS Missing Use of this field requires the Core Content, Risk solutions. Stability Level: 3 - Stable |
Example
{
"systemVulnerability": EndpointRiskSystemVulnerabilityVector,
"compliance": EndpointRiskComplianceVector,
"administrativeAccess": EndpointRiskAdministrativeAccessVector,
"passwordIdentification": EndpointRiskPasswordIdentificationVector,
"expiredCertificates": EndpointRiskExpiredCertificatesVector,
"insecureTLS": EndpointRiskInsecureTLSVector
}
EndpointSensorReading
Description
The data collected from reading a single sensor column.
The values field always contains the raw string values read by the sensor. Other fields, such as floatValues, might be queried to convert the values to a different type, depending on the sensor's result type. If value type conversion fails, such as if the sensor reads [no results] for an endpoint and the floatValues field is queried, the converted value is null. The original value is available at the same index in the values field. If you convert a sensor value to a data type that is not applicable to the sensor result type, such as a non-numeric sensor value to a floatValues field, the response returns an error.
Fields
| Field Name | Description |
|---|---|
values -
[String!]!
|
The raw values read by the sensor. Stability Level: 3 - Stable |
floatValues -
[Float]
|
The float values read by the sensor. Only valid when the sensor's result type is If value type conversion fails, such as if the sensor reads Stability Level: 3 - Stable |
Example
{
"values": ["xyz789"],
"floatValues": [123.45]
}
EndpointSensorReadingColumn
Description
A column collected in a sensor reading.
Fields
| Field Name | Description |
|---|---|
sensor -
EndpointSensorReadingRef!
|
The sensor which provided the column. Stability Level: 3 - Stable |
name -
String!
|
The name of the column. Stability Level: 3 - Stable |
values -
[String!]!
|
The values read by the sensor. Stability Level: 3 - Stable |
Example
{
"sensor": EndpointSensorReadingRef,
"name": "abc123",
"values": ["abc123"]
}
EndpointSensorReadingRef
Description
Identifies a sensor that was read.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the sensor. Examples: Operating System, Computer Name, Installed Applications Stability Level: 3 - Stable |
params -
[EndpointSensorReadingRefParam!]
|
The parameter values to use for a parameterized sensor. For un-parameterized sensors, this field must be null. Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"params": [EndpointSensorReadingRefParam]
}
EndpointSensorReadingRefParam
EndpointSensorReadings
Description
The data collected from reading a set of sensors.
Fields
| Field Name | Description |
|---|---|
columns -
[EndpointSensorReadingColumn!]!
|
The columns collected from reading a set of sensors. Stability Level: 3 - Stable |
Example
{"columns": [EndpointSensorReadingColumn]}
EndpointSensorRef
Description
Identifies a sensor to read.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The name of the sensor. Stability Level: 3 - Stable |
params -
[EndpointSensorRefParam!]
|
The list of sensor parameters. Stability Level: 3 - Stable |
maxAge -
Int
|
This value overrides the sensor default maximum age setting. Setting this value lower than the sensor default maximum age setting increases resource usage on endpoints. Setting this value to very small periods of time might cause excessive resource usage on endpoints and frequent sensor evaluation. This is only applicable with the Tanium Server data source. For more information, see Tanium Console User Guide: Max Sensor Age Stability Level: 3 - Stable |
columns -
[String!]
|
The set of sensor columns to query. If you do not specify any columns, the response contains all sensor columns. Stability Level: 3 - Stable |
filter -
SensorValueFilter
|
Returns only the sensor values matching the filter. Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"params": [EndpointSensorRefParam],
"maxAge": 987,
"columns": ["xyz789"],
"filter": SensorValueFilter
}
EndpointSensorRefParam
EndpointSentinel
Description
The Microsoft Sentinel details of an endpoint.
Fields
| Field Name | Description |
|---|---|
sccmClient -
EndpointSentinelSCCMClient!
|
The Microsoft System Center Configuration Manager (SCCM) client details of an endpoint. Use of this field requires the Core Content - SCCM solution. Stability Level: 3 - Stable |
windowsDefender -
EndpointSentinelWindowsDefender!
|
The Microsoft Windows Defender details of an endpoint. Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"sccmClient": EndpointSentinelSCCMClient,
"windowsDefender": EndpointSentinelWindowsDefender
}
EndpointSentinelSCCMClient
Description
The Microsoft SCCM client details of an endpoint.
Fields
| Field Name | Description |
|---|---|
health -
String
|
The overall health status of the SCCM client. Examples: Healthy, Needs Attention Sensor: SCCM Client Health, Column: Health Status Use of this field requires the Core Content - SCCM solution. Stability Level: 3 - Stable |
reason -
String
|
The details of an SCCM client health value. Example: SCCM Not Running Sensor: SCCM Client Health, Column: Reason Use of this field requires the Core Content - SCCM solution. Stability Level: 3 - Stable |
Example
{
"health": "abc123",
"reason": "abc123"
}
EndpointSentinelWindowsDefender
Description
The Microsoft Windows Defender details of an endpoint.
Fields
| Field Name | Description |
|---|---|
installed -
String
|
Indicates that Windows Defender is installed. Examples: True, False Sensor: Microsoft Defender Installed Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
clientVersion -
String
|
The installed version of Windows Defender. Example: 1.225.2203.0 Sensor: Microsoft Defender AntiMalware Details, Column: Engine Version Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
healthy -
String
|
The overall health status of Windows Defender. Examples: True, False Sensor: Microsoft Defender Health Details, Column: Healthy Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
processEnabled -
String
|
The current state of the Windows Defender process. Examples: True, False Sensor: Microsoft Defender AntiMalware Details, Column: Service Enabled Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
processStartType -
String
|
The startup type of the Windows Defender process. Sensor: Microsoft Defender AntiMalware Details, Column: Service State Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
antivirusEnabled -
String
|
The current state of the Windows Defender antivirus service. Examples: true, false Sensor: Microsoft Defender AntiVirus Details, Column: Service Enabled Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
antiSpywareEnabled -
String
|
The current state of the Windows Defender antispyware service. Examples: true, false Sensor: Microsoft Defender AntiSpyware Details, Column: Service Enabled Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
quickScanAge -
String
|
The number of days since the last quick scan. Sensor: Microsoft Defender QuickScan Details, Column: Age Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
antivirusSignatureUpdateAge -
String
|
The number of days since the last antivirus signatures update. Example: 1.225.2203.0 Sensor: Microsoft Defender AntiVirus Details, Column: Signature Days Age Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"installed": "abc123",
"clientVersion": "xyz789",
"healthy": "abc123",
"processEnabled": "xyz789",
"processStartType": "abc123",
"antivirusEnabled": "xyz789",
"antiSpywareEnabled": "xyz789",
"quickScanAge": "xyz789",
"antivirusSignatureUpdateAge": "xyz789"
}
EndpointService
Description
The details of a service on an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The internal name of the service. Sensor: Service Details, Column: Service Name Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
displayName -
String!
|
The display name of the service. Sensor: Service Details, Column: Service Display Name Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
status -
EndpointServiceStatus
|
The current status of the service. Sensor: Service Details, Column: Service Status Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
startupMode -
EndpointServiceStartupMode
|
The startup mode of the service. Sensor: Service Details, Column: Service Startup Mode Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"displayName": "xyz789",
"status": "CONTINUE_PENDING",
"startupMode": "MANUAL"
}
EndpointServiceStartupMode
Description
The set of service startup modes.
Values
| Enum Value | Description |
|---|---|
|
|
The service is started by the service control manager when a process calls the Stability Level: 3 - Stable |
|
|
The service is started automatically by the service control manager during system startup. Stability Level: 3 - Stable |
|
|
The service can no longer be started. Stability Level: 3 - Stable |
|
|
The service is a device driver started by the operating system loader. Stability Level: 3 - Stable |
|
|
The service is a device driver started by the operating system initialization process. Stability Level: 3 - Stable |
|
|
The service is started manually or when required by another service. Stability Level: 3 - Stable |
Example
"MANUAL"
EndpointServiceStatus
Description
The status of a service on an endpoint.
Values
| Enum Value | Description |
|---|---|
|
|
The service has been paused and is about to continue. Stability Level: 3 - Stable |
|
|
The service is paused. Stability Level: 3 - Stable |
|
|
The service is in the process of pausing. Stability Level: 3 - Stable |
|
|
The service is running. Stability Level: 3 - Stable |
|
|
The service is in the process of starting. Stability Level: 3 - Stable |
|
|
The service is not running. Stability Level: 3 - Stable |
|
|
The service is in the process of stopping. Stability Level: 3 - Stable |
Example
"CONTINUE_PENDING"
EndpointSource
Description
The data source from which to retrieve endpoints. The default source is the Tanium Data Service in the standard Tanium endpoint namespace.
You can only specify one data source.
Fields
| Input Field | Description |
|---|---|
tds -
EndpointSourceTDS
|
The Tanium Data Service data source. Stability Level: 3 - Stable |
ts -
EndpointSourceTS
|
The Tanium Server data source. Stability Level: 3 - Stable |
Example
{
"tds": EndpointSourceTDS,
"ts": EndpointSourceTS
}
EndpointSourceTDS
Description
Specifies the use of the Tanium Data Service as the source of endpoints.
Fields
| Input Field | Description |
|---|---|
allNamespaces -
Boolean!
|
If Stability Level: 3 - Stable |
namespaces -
[String!]
|
Returns endpoints within the given namespaces. If Stability Level: 3 - Stable |
excludeErrors -
Boolean!
|
Excludes all endpoints that contain common error values in any requested sensor data. Stability Level: 3 - Stable |
excludeNoResults -
Boolean!
|
Excludes all endpoints that contain Stability Level: 3 - Stable |
Example
{
"allNamespaces": false,
"namespaces": ["abc123"],
"excludeErrors": true,
"excludeNoResults": true
}
EndpointSourceTS
Description
Specifies the use of a Tanium Server question as the source of endpoints. This waits for question results until any of the success criteria are met or the maximum wait time for a single request has elapsed. The success criteria are not guaranteed to be met. Users might check the collectionInfo field to observe the completeness of the results and might use the refresh argument to try to retrieve more results.
Fields
| Input Field | Description |
|---|---|
expectedCount -
Int
|
The number of endpoints for which to wait. Stability Level: 3 - Stable |
stableWaitTime -
Int
|
The number of seconds to wait for the Tanium Server to not receive new endpoint results. Stability Level: 3 - Stable |
maxWaitTime -
Int!
|
The total number of seconds to wait before returning a response with the available results, regardless of whether the results satisfy any success criteria. This cannot exceed 30 seconds. Stability Level: 3 - Stable |
minPercentage -
Float
|
The minimum fraction of expected endpoints that must have evaluated the question in order for the results to be considered successful. This must be a number between Stability Level: 3 - Stable |
maxAge -
Int
|
This value overrides the sensor default maximum age setting. Setting this value lower than the sensor default maximum age setting increases resource usage on endpoints. Setting this value to very small periods of time might cause excessive resource usage on endpoints and frequent sensor evaluation. This is only applicable with the Tanium Server data source. For more information, see Tanium Console User Guide: Max Sensor Age Stability Level: 3 - Stable |
excludeErrors -
Boolean!
|
Excludes all endpoints that contain common error values in any requested sensor data. Stability Level: 3 - Stable |
excludeNoResults -
Boolean!
|
Excludes all endpoints that contain Stability Level: 3 - Stable |
Example
{
"expectedCount": 987,
"stableWaitTime": 123,
"maxWaitTime": 123,
"minPercentage": 123.45,
"maxAge": 987,
"excludeErrors": true,
"excludeNoResults": true
}
EndpointUser
Description
The details of an endpoint user.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The Active Directory name of the endpoint user. Sensor: AD Query - Primary User Details, Column: Name Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
email -
String!
|
The Active Directory email of the endpoint user. Sensor: AD Query - Primary User Details, Column: Email Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
phoneNumber -
String!
|
The Active Directory phone number of the endpoint user. Sensor: AD Query - Primary User Details, Column: Phone Number Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
department -
String!
|
The Active Directory department of the endpoint user. Sensor: AD Query - Primary User Details, Column: Department Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
city -
String!
|
The Active Directory city of the endpoint user. Sensor: AD Query - Primary User Details, Column: City Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
country -
String!
|
The Active Directory country of the endpoint user. Sensor: AD Query - Primary User Details, Column: Country Use of this field requires the Core AD Query Content solution. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"email": "abc123",
"phoneNumber": "xyz789",
"department": "xyz789",
"city": "abc123",
"country": "abc123"
}
EndpointWindowsOS
Description
The Windows operating system details of an endpoint.
Fields
| Field Name | Description |
|---|---|
type -
String!
|
The type of Windows operating system. Examples: Windows Server, Windows Workstation Sensor: Windows OS Type Stability Level: 3 - Stable |
majorVersion -
String!
|
The major version of the Windows operating system. Example: 6.1 Sensor: Windows OS Major Version Stability Level: 3 - Stable |
releaseId -
String!
|
The release ID of the Windows operating system. Example: 1607 Sensor: Windows OS Release ID Stability Level: 3 - Stable |
Example
{
"type": "xyz789",
"majorVersion": "abc123",
"releaseId": "xyz789"
}
EntitiesQueryParams
Description
The configuration item entities to include in the results.
Fields
| Input Field | Description |
|---|---|
ids -
[ID]
|
The set of configuration item entity IDs to include. Stability Level: 3 - Stable |
eids -
[ID]
|
The set of endpoint IDs to include. Stability Level: 3 - Stable |
category -
[EntityCategory]
|
The configuration item entity category to include. Stability Level: 3 - Stable |
Example
{
"ids": [4],
"eids": ["4"],
"category": ["ManagedEndpoint"]
}
EntityCategory
Description
The set of categories of configuration item entities.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"ManagedEndpoint"
EntityInput
Description
A request to import a configuration item entity.
Fields
| Input Field | Description |
|---|---|
id -
ID
|
The entity ID. If this entity ID exists, this request updates the matching entity. If this entity ID does not exist, this request creates a new entity. Stability Level: 3 - Stable |
name -
String!
|
The assigned name of the entity. Stability Level: 3 - Stable |
namespace -
String
|
The namespace for the entity in the CMDB. Examples: tds, discover Stability Level: 3 - Stable |
eid -
ID
|
The endpoint ID of the entity in the CMDB. Stability Level: 3 - Stable |
category -
EntityCategory!
|
The category of the entity. Stability Level: 3 - Stable |
comments -
String
|
The comments about the entity. Stability Level: 3 - Stable |
private -
Boolean!
|
Indicates that the entity is not viewable by service agents. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity. Stability Level: 3 - Stable |
entityClassIDs -
[ID!]
|
The IDs of the classes of the entity in the CMDB. Stability Level: 3 - Stable |
Example
{
"id": 4,
"name": "xyz789",
"namespace": "xyz789",
"eid": 4,
"category": "ManagedEndpoint",
"comments": "xyz789",
"private": false,
"details": Map,
"entityClassIDs": ["4"]
}
EntityPagination
Fields
| Field Name | Description |
|---|---|
items -
[CIEntity]!
|
Stability Level: 3 - Stable |
pageInfo -
PaginationInfo!
|
Stability Level: 3 - Stable |
Example
{
"items": [CIEntity],
"pageInfo": PaginationInfo
}
EntitySortField
Description
The set of fields by which entities can be sorted.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"id"
EntitySortRequest
Description
The criteria by which to sort the entities.
Fields
| Input Field | Description |
|---|---|
field -
EntitySortField!
|
The field by which to sort. Stability Level: 3 - Stable |
order -
SortOrder
|
The order in which to sort field values. Stability Level: 3 - Stable |
Example
{"field": "id", "order": "asc"}
FieldFilter
Description
Describes a filter for field values. Records with field values matching the filter are included in the query results. Field filters may be single or compound, and have different argument requirements. Any filter that is not valid causes the query to return an error.
Fields
| Input Field | Description |
|---|---|
path -
String
|
The dot notation path to the field to filter, such as "cpu.manufacturer", where the field on which the filter argument is declared is the root of the path. If the path does not resolve to a field, the query returns an error. This is required for single field filters, and not allowed for compound field filters. Stability Level: 3 - Stable |
op -
FieldFilterOp!
|
The operator by which to compare the specified value to the field value. Note that not all operators are valid for all fields or data sources. If the operator is not valid, the query returns an error. This defaults to the This is required for single field filters, and ignored for compound field filters. Stability Level: 3 - Stable |
negated -
Boolean!
|
Indicates that the filter is negated. Records with field values matching the filter are excluded from the query results. This defaults to Stability Level: 3 - Stable |
value -
String
|
The constant value to compare with the field value, expressed as a string. If this value cannot be interpreted as a valid value for the field type, the query returns an error. This is required for single field filters, and not allowed for compound field filters. Stability Level: 3 - Stable |
filters -
[FieldFilter!]
|
Describes the set of filters which comprise this compound filter. This is required for compound field filters, and not allowed for single field filters. Stability Level: 3 - Stable |
any -
Boolean!
|
Indicates that if any of the filters comprising this compound filter passes, the compound filter passes. This defaults to This is allowed for compound field filters and ignored for single field filters. Stability Level: 3 - Stable |
restrictOwner -
Boolean!
|
Indicates that the filters should apply to owner records participating in the query, in addition to returned field values. This is ignored for filters at the root level of a query. This defaults to Stability Level: 3 - Stable |
Example
{
"path": "abc123",
"op": "EQ",
"negated": true,
"value": "abc123",
"filters": [FieldFilter],
"any": false,
"restrictOwner": true
}
FieldFilterOp
Description
The set of operations permitted on FieldFilter instances.
Values
| Enum Value | Description |
|---|---|
|
|
The equality operator. The field value and specified values must be equal. Stability Level: 3 - Stable |
|
|
The less than operator. The field value must be less than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
LTE is the less than or equals operator, the field value must be less than or equal to the given value. This is only valid for comparable types. Stability Level: 3 - Stable |
|
|
The greater than operator. The field value must be greater than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The greater than or equals operator. The field value must be greater than or equal to the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The string contains operator. The field value must contain the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string starts with operator. The field value must start with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string ends with operator. The field value must end with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string matches operator. The field value must fully match the specified value, which is interpreted as a regular expression in Perl syntax. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The updated after operator. The field value must have been updated after the given date and time. This is only valid for fields from certain data sources. Stability Level: 3 - Stable |
|
|
The read after operator. The field value must have been read after the given date and time. This is only valid for fields from certain data sources. Stability Level: 3 - Stable |
Example
"EQ"
FilterField
Description
The list of endpoint fields on which the assets query can be filtered.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"INVALID"
FilterMatch
Description
The set of compound operators available on assets query filters.
Values
| Enum Value | Description |
|---|---|
|
|
All sub filters must match. Stability Level: 3 - Stable |
|
|
Any sub filter can match. Stability Level: 3 - Stable |
|
|
The sub filter must not match. Stability Level: 3 - Stable |
Example
"ALL"
FilterOps
Description
The set of operations allowed by the assets query filters.
Values
| Enum Value | Description |
|---|---|
|
|
The equality operator. The field value and specified values must be equal. Stability Level: 3 - Stable |
|
|
The less than operator. The field value must be less than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The less than or equals operator. The field value must be less than or equal to the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The greater than operator. The field value must be greater than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The greater than or equals operator. The field value must be greater than or equal to the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The string contains operator. The field value must contain the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string starts with operator. The field value must start with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string ends with operator. The field value must end with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string matches operator. The field value must fully match the specified value, which is interpreted as a regular expression in Perl syntax. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The updated since operator. The field value must have been updated since the specified date and time. This is not valid for live queries. Stability Level: 3 - Stable |
|
|
The last seen operator. The field value must have been read since the specified date and time. This is not valid for live queries. Stability Level: 3 - Stable |
Example
"EQ"
FilterSpec
Description
A filter for the assets query.
Fields
| Input Field | Description |
|---|---|
op -
FilterOps
|
The operator by which to compare the field and the value. Stability Level: 3 - Stable |
field -
FilterField
|
The field on which to filter. Stability Level: 3 - Stable |
value -
String
|
The value by which to filter. Stability Level: 3 - Stable |
match -
FilterMatch
|
The operator by which to combine the sub filters. Stability Level: 3 - Stable |
subs -
[FilterSpec]
|
The list of sub filters. Stability Level: 3 - Stable |
Example
{
"op": "EQ",
"field": "INVALID",
"value": "abc123",
"match": "ALL",
"subs": [FilterSpec]
}
Float
Description
The Float scalar type represents signed double-precision fractional values as specified by
IEEE 754.
Example
987.65
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
4
IDReference
IdRef
Description
A reference to an entity with a unique identifier.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the referent. Stability Level: 3 - Stable |
Example
{"id": 4}
IdRefInput
Description
A reference to an entity with an identifier.
Fields
| Input Field | Description |
|---|---|
id -
ID!
|
The unique identifier of the referent. Stability Level: 3 - Stable |
Example
{"id": "4"}
ImportConfigurationItemEntitiesPayload
Description
A response to a request to import configuration item entities.
Fields
| Field Name | Description |
|---|---|
entities -
[ImportConfigurationItemEntityPayload!]!
|
The list of configuration item entity imports. Stability Level: 3 - Stable |
importedCount -
Int!
|
The number of entities successfully imported. Stability Level: 3 - Stable |
failedCount -
Int!
|
The number of entities that failed to import. Stability Level: 3 - Stable |
Example
{
"entities": [ImportConfigurationItemEntityPayload],
"importedCount": 123,
"failedCount": 123
}
ImportConfigurationItemEntityPayload
Description
A configuration item entity import.
Example
{
"entity": CIEntity,
"errorMessage": "xyz789"
}
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
123
KillProcessInput
Description
A request to terminate a process running on an endpoint.
Fields
| Input Field | Description |
|---|---|
connectionID -
ID
|
The ID of the Direct Connect connection to the endpoint on which the process is running. You must specify either this value or Stability Level: 3 - Stable |
endpoint -
OpenDirectConnectionInput
|
The endpoint on which the process is running. You must specify either this value or Stability Level: 3 - Stable |
pid -
Int!
|
The ID of the process to terminate. Stability Level: 3 - Stable |
name -
String!
|
The name of the process to terminate. Stability Level: 3 - Stable |
signal -
Signal!
|
The signal to use when terminating the process. Stability Level: 3 - Stable |
Example
{
"connectionID": "4",
"endpoint": OpenDirectConnectionInput,
"pid": 987,
"name": "xyz789",
"signal": "SIGINT"
}
KillProcessPayload
Description
A response to a request to terminate a process.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the process is terminated. Stability Level: 3 - Stable |
Example
{"result": true}
Map
Description
A map of JSON data.
Example
Map
Memory
Description
The memory details of an endpoint.
Fields
| Field Name | Description |
|---|---|
total -
String!
|
The total physical memory installed in the endpoint. Example: 8000 MB Sensor: Total Memory Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
ram -
String!
|
The total amount of installed memory in the endpoint. Example: 2048 MB Sensor: RAM Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"total": "abc123",
"ram": "xyz789"
}
MergeConfigurationItemElementsInput
Description
A request to merge two configuration item elements.
Example
{
"targetElementId": 4,
"duplicateElementId": "4"
}
MergeConfigurationItemElementsPayload
Description
A response to a request to merge two configuration item elements.
Fields
| Field Name | Description |
|---|---|
element -
Element
|
The merged element. Stability Level: 3 - Stable |
Example
{"element": Element}
Metadata
Description
Arbitrary data that can be recorded on many Tanium Server entities.
Example
{
"adminFlag": false,
"name": "abc123",
"value": "xyz789"
}
MonotonicDuration
Description
A time duration which measures from an arbitrary point in time and always moves forward. It does not account for calendar or clock time conventions such as time zones, Daylight Savings Time, leap seconds, etc. The total time duration is calculated by adding together the seconds and nanoseconds values.
Example
{"nanoseconds": 123, "seconds": 987}
MonotonicDurationInput
Description
Input for a time duration which measures from an arbitrary point in time and always moves forward. It does not account for calendar or clock time conventions such as time zones, Daylight Savings Time, leap seconds, etc. The total time duration is calculated by adding together the seconds and nanoseconds values.
Example
{"nanoseconds": 987, "seconds": 987}
NamedOnlyRefInput
Description
A reference to an entity with a name.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The assigned name of the referent. Stability Level: 3 - Stable |
Example
{"name": "abc123"}
NamedRef
NamedRefInput
Description
A reference to a named entity. Only one identifier field may have a value in a valid reference.
Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the entity, and the name is ignored.
Example
{"id": 4, "name": "xyz789"}
NetworkAdapter
Description
The network adapter details of an endpoint.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the network adapter. Example: Intel(R) Centrino(R) Ultimate-N 6300 AGN Sensor: Network Adapter Details, Column: Adapter Name Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
manufacturer -
String!
|
The manufacturer of the network adapter. Example: Intel Corporation Sensor: Network Adapter Details, Column: Manufacturer Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
type -
String!
|
The type of the network adapter. Example: Ethernet 802.3 Sensor: Network Adapter Details, Column: Adapter Type Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
macAddress -
String!
|
The MAC address of the network adapter. Example: 00:24:D7:21:9C:70 Sensor: Network Adapter Details, Column: MAC Address Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
speed -
String!
|
The speed of the network adapter. Example: 65 Mbps Sensor: Network Adapter Details, Column: Speed Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
connectionId -
String!
|
The connection ID of the network adapter. Example: Wi-Fi Sensor: Network Adapter Details, Column: Network Connection ID Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"manufacturer": "abc123",
"type": "abc123",
"macAddress": "abc123",
"speed": "abc123",
"connectionId": "abc123"
}
Networking
Description
The networking details of an endpoint.
Fields
| Field Name | Description |
|---|---|
dnsServers -
[String]!
|
The IP addresses of any configured DNS servers for active network adapters. Examples: 192.168.1.1, 8.8.8.8 Sensor: DNS Server Stability Level: 3 - Stable |
adapters -
[NetworkAdapter]!
|
The network adapter details of the endpoint. Stability Level: 3 - Stable |
wirelessAdapters -
[WirelessAdapter]!
|
The wireless network adapter details of the endpoint. Stability Level: 3 - Stable |
Example
{
"dnsServers": ["abc123"],
"adapters": [NetworkAdapter],
"wirelessAdapters": [WirelessAdapter]
}
NumericIntervalOption
Fields
| Field Name | Description |
|---|---|
name -
String!
|
Stability Level: 3 - Stable |
value -
String!
|
Stability Level: 3 - Stable |
model -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
parameterType -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"value": "abc123",
"model": ParameterDefinitionType,
"parameterType": ParameterDefinitionType
}
OpenDirectConnectionInput
Description
A request to open a Direct Connect connection to an endpoint.
Fields
| Input Field | Description |
|---|---|
endpointID -
ID
|
The ID of the endpoint. Stability Level: 3 - Stable |
Example
{"endpointID": 4}
OpenDirectConnectionPayload
Description
A response to a request to open a Direct Connect connection to an endpoint.
Fields
| Field Name | Description |
|---|---|
connectionID -
ID!
|
A connection ID, used for Direct Connect requests. Stability Level: 3 - Stable |
Example
{"connectionID": 4}
Package
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID of the object. This field is read-only. Stability Level: 3 - Stable |
name -
String!
|
The unique name of this package. Stability Level: 3 - Stable |
displayName -
String!
|
The name of the package that displays in the user interface. Stability Level: 3 - Stable |
command -
String!
|
The command to run. Stability Level: 3 - Stable |
commandTimeout -
Int!
|
The limit on how long the command can run before it terminates. Stability Level: 3 - Stable |
expireSeconds -
Int!
|
The default expiration for any action issued with this package. This value should be greater than commandTimeout. The console interprets the difference between the expireSeconds value and commandTimeout value as "download timeout." Stability Level: 3 - Stable |
contentSet -
IDReference
|
The content set to which this package belongs. Stability Level: 3 - Stable |
processGroupFlag -
Boolean!
|
Indicates that Tanium 7.2+ clients run the package command in a process group, and terminate any remaining descendant processes when the package command completes. Default server value is This should always be Stability Level: 3 - Stable |
skipLockFlag -
Boolean!
|
Indicates that clients can run the package command, even when the client has action locks set. This should almost always be Stability Level: 3 - Stable |
metadata -
[Metadata!]!
|
A set of generic name-value pairs that describe this package. Stability Level: 3 - Stable |
sourceHash -
String!
|
This applies only to derived packages. For source package: the hash representation of current state of the source package, and it can change when certain properties of this package are modified. For non-source package: the hash is copied from the source package at creation time and will not change. Stability Level: 3 - Stable |
sourceHashChangedFlag -
Boolean!
|
Indicates that the derived package is out of sync with the source package. Stability Level: 3 - Stable |
sourceID -
Int!
|
The ID of a source package. Specify this when creating an action with a parameterized package. Stability Level: 3 - Stable |
sourceName -
String!
|
The name of a source package. This field is used by the import and export routes when IDs change. Stability Level: 3 - Stable |
parameters -
[PackageParameter!]!
|
A list of parameters to be used for the package. If you define parameters, you must also specify SourceID. Stability Level: 3 - Stable |
parameterDefinition -
ParameterDefinitions
|
JSON metadata about what data should be sent with parameters, used by the console when deploying packages. Stability Level: 3 - Stable |
rawParameterDefinition -
String
|
The raw parameter definition string, This field is defined only when parsing the parameterDefinition string to the expected JSON format fails. Stability Level: 3 - Stable |
verifyExpireSeconds -
Int!
|
The maximum number of seconds for a package verification query before timeout. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "abc123",
"displayName": "xyz789",
"command": "xyz789",
"commandTimeout": 123,
"expireSeconds": 987,
"contentSet": IDReference,
"processGroupFlag": true,
"skipLockFlag": true,
"metadata": [Metadata],
"sourceHash": "abc123",
"sourceHashChangedFlag": false,
"sourceID": 987,
"sourceName": "abc123",
"parameters": [PackageParameter],
"parameterDefinition": ParameterDefinitions,
"rawParameterDefinition": "abc123",
"verifyExpireSeconds": 987
}
PackagePagination
Fields
| Field Name | Description |
|---|---|
items -
[Package]!
|
Stability Level: 3 - Stable |
pageInfo -
PaginationInfoWithID!
|
Stability Level: 3 - Stable |
Example
{
"items": [Package],
"pageInfo": PaginationInfoWithID
}
PackageParam
Description
The sensor-sourced parameter used in a package.
Example
{
"name": "abc123",
"value": "abc123"
}
PackageParamInput
Description
A sensor-sourced input parameter for a package.
Example
{
"name": "abc123",
"value": "abc123"
}
PackageParameter
PackageRef
Description
A package used in an action.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The ID of the package. Stability Level: 1.0 - Experimental (Early Development) |
name -
String
|
The name of the package. Stability Level: 1.0 - Experimental (Early Development) |
params -
[String!]
|
The list of package parameter input values. These correspond to the positional package parameter variables ( Stability Level: 1.0 - Experimental (Early Development) |
sensorSourcedParams -
[PackageParam!]
|
The map of sensor-sourced package parameters. These parameters correspond to the Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": "4",
"name": "xyz789",
"params": ["xyz789"],
"sensorSourcedParams": [PackageParam]
}
PackageRefInput
Description
Identifies and parameterizes a package for use in an action.
Define one, and only one, of either name or id. If you define name and id, only the id is used to identify the package, and the name is ignored.
Fields
| Input Field | Description |
|---|---|
id -
ID
|
The ID of the package. Stability Level: 1.0 - Experimental (Early Development) |
name -
String
|
The name of the package. Stability Level: 1.0 - Experimental (Early Development) |
params -
[String!]
|
The list of package parameter input values. These correspond to the positional package parameter variables ( Stability Level: 1.0 - Experimental (Early Development) |
sensorSourcedParams -
[PackageParamInput!]
|
The map of sensor-sourced package parameters. These parameters correspond to the Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": 4,
"name": "xyz789",
"params": ["xyz789"],
"sensorSourcedParams": [PackageParamInput]
}
PackageSpec
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique identifier of the package spec. Stability Level: 3 - Stable |
name -
String!
|
The unique name of the package spec. Stability Level: 3 - Stable |
lastUpdatedBy -
String!
|
The name of the user that last modified this entity. Stability Level: 3 - Stable |
contentSetName -
String!
|
The name of the content set to which this package is assigned, and which governs the package spec's access control. Stability Level: 3 - Stable |
command -
String!
|
The command that this package runs on endpoints. Stability Level: 3 - Stable |
commandTimeoutSeconds -
Int!
|
The limit in seconds on how long the command can run before it terminates. Stability Level: 3 - Stable |
expireSeconds -
Int!
|
The default expiration in seconds for any action issued with this package. Stability Level: 3 - Stable |
params -
[PackageSpecParam!]
|
The list of package parameters. These correspond to the positional package parameter variables ( Stability Level: 3 - Stable |
sensorSourcedParams -
[PackageSpecSensorSourcedParam!]
|
The list of sensor-sourced package parameters. These correspond to the Stability Level: 3 - Stable |
Example
{
"id": 4,
"name": "abc123",
"lastUpdatedBy": "xyz789",
"contentSetName": "xyz789",
"command": "xyz789",
"commandTimeoutSeconds": 987,
"expireSeconds": 987,
"params": [PackageSpecParam],
"sensorSourcedParams": [PackageSpecSensorSourcedParam]
}
PackageSpecConnection
Description
A page of package spec edges.
Fields
| Field Name | Description |
|---|---|
edges -
[PackageSpecEdge!]!
|
The list of package spec edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the package spec collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of package spec records available. Stability Level: 3 - Stable |
Example
{
"edges": [PackageSpecEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
PackageSpecEdge
Description
A package spec within a page.
Fields
| Field Name | Description |
|---|---|
node -
PackageSpec!
|
The package spec. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": PackageSpec,
"cursor": Cursor
}
PackageSpecParam
Description
A positional package parameter for a package spec.
Fields
| Field Name | Description |
|---|---|
key -
String!
|
The string whose occurrences in the package fields are replaced by the parameter. Stability Level: 3 - Stable |
label -
String!
|
The label of the package parameter. Stability Level: 3 - Stable |
defaultValue -
String
|
The default value of the package parameter that is used when no value is provided. Stability Level: 3 - Stable |
Example
{
"key": "abc123",
"label": "xyz789",
"defaultValue": "xyz789"
}
PackageSpecSensorSourcedParam
Description
A sensor-sourced parameter for a package spec.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the parameter, such as Stability Level: 3 - Stable |
Example
{"name": "xyz789"}
PageInfo
Description
Information about a connection page.
Fields
| Field Name | Description |
|---|---|
hasNextPage -
Boolean!
|
Indicates that there are records after the last record on this page. Stability Level: 3 - Stable |
hasPreviousPage -
Boolean!
|
Indicates that there are records before the first record on this page. Stability Level: 3 - Stable |
startCursor -
Cursor
|
The cursor of the first record on this page. Stability Level: 3 - Stable |
endCursor -
Cursor
|
The cursor of the last record on this page. Stability Level: 3 - Stable |
Example
{
"hasNextPage": false,
"hasPreviousPage": false,
"startCursor": Cursor,
"endCursor": Cursor
}
PaginationInfo
Description
Information about a paginated collection.
Example
{"totalPages": 123, "totalItems": 123, "page": 987, "perPage": 123}
PaginationInfoWithID
Description
Information about a paginated collection, including an ID for the collection.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
Pagination ID to use when querying pages. Stability Level: 3 - Stable |
totalPages -
Int!
|
Total number of pages. Stability Level: 3 - Stable |
totalItems -
Int!
|
Total number of items. Stability Level: 3 - Stable |
page -
Int!
|
Current page number. Stability Level: 3 - Stable |
perPage -
Int!
|
Number of items per page. Stability Level: 3 - Stable |
Example
{
"id": "4",
"totalPages": 123,
"totalItems": 987,
"page": 987,
"perPage": 123
}
ParameterDefinition
Fields
| Field Name | Description |
|---|---|
model -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
parameterType -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
key -
String!
|
Stability Level: 3 - Stable |
label -
String!
|
Stability Level: 3 - Stable |
helpString -
String!
|
Stability Level: 3 - Stable |
defaultValue -
String
|
Stability Level: 3 - Stable |
validationExpressions -
[ParameterDefinitionValidationExpression!]
|
Stability Level: 3 - Stable |
promptText -
String
|
Stability Level: 3 - Stable |
heightInLines -
Int
|
Stability Level: 3 - Stable |
maxChars -
Int
|
Stability Level: 3 - Stable |
value -
String
|
Stability Level: 3 - Stable |
values -
[String!]!
|
Stability Level: 3 - Stable |
restrict -
String
|
Stability Level: 3 - Stable |
allowEmptyList -
Boolean
|
Stability Level: 3 - Stable |
minimum -
Int
|
Stability Level: 3 - Stable |
maximum -
Int
|
Stability Level: 3 - Stable |
stepSize -
Int
|
Stability Level: 3 - Stable |
snapInterval -
Int
|
Stability Level: 3 - Stable |
dropdownOptions -
[NumericIntervalOption!]
|
Stability Level: 3 - Stable |
componentType -
Int
|
Stability Level: 3 - Stable |
startDateRestriction -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
endDateRestriction -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
startTimeRestriction -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
endTimeRestriction -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
allowDisableEnd -
Boolean
|
Stability Level: 3 - Stable |
defaultRangeStart -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
defaultRangeEnd -
DefaultRangeEnd
|
Stability Level: 3 - Stable |
separatorText -
String
|
Stability Level: 3 - Stable |
Example
{
"model": ParameterDefinitionType,
"parameterType": ParameterDefinitionType,
"key": "abc123",
"label": "xyz789",
"helpString": "abc123",
"defaultValue": "abc123",
"validationExpressions": [
ParameterDefinitionValidationExpression
],
"promptText": "xyz789",
"heightInLines": 987,
"maxChars": 987,
"value": "abc123",
"values": ["abc123"],
"restrict": "xyz789",
"allowEmptyList": true,
"minimum": 987,
"maximum": 987,
"stepSize": 987,
"snapInterval": 123,
"dropdownOptions": [NumericIntervalOption],
"componentType": 987,
"startDateRestriction": DefaultRangeEnd,
"endDateRestriction": DefaultRangeEnd,
"startTimeRestriction": DefaultRangeEnd,
"endTimeRestriction": DefaultRangeEnd,
"allowDisableEnd": false,
"defaultRangeStart": DefaultRangeEnd,
"defaultRangeEnd": DefaultRangeEnd,
"separatorText": "xyz789"
}
ParameterDefinitionType
Example
ParameterDefinitionType
ParameterDefinitionValidationExpression
Fields
| Field Name | Description |
|---|---|
model -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
parameterType -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
expression -
String
|
Stability Level: 3 - Stable |
helpString -
String
|
Stability Level: 3 - Stable |
Example
{
"model": ParameterDefinitionType,
"parameterType": ParameterDefinitionType,
"expression": "xyz789",
"helpString": "xyz789"
}
ParameterDefinitions
Fields
| Field Name | Description |
|---|---|
parameterType -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
model -
ParameterDefinitionType!
|
Stability Level: 3 - Stable |
parameters -
[ParameterDefinition!]!
|
Stability Level: 3 - Stable |
Example
{
"parameterType": ParameterDefinitionType,
"model": ParameterDefinitionType,
"parameters": [ParameterDefinition]
}
PatchClientNotification
Description
An end user notification displayed to Windows and macOS endpoint users before a restart or deployment.
Fields
| Field Name | Description |
|---|---|
notificationPeriodDuration -
MonotonicDuration!
|
The maximum period of time after a notification is displayed before the end user is forced to start the deployment or restart the endpoint. Stability Level: 1.0 - Experimental (Early Development) |
countdownToDeadline -
MonotonicDuration!
|
A countdown displayed to the end user before the end user is forced to start the deployment or restart the endpoint. Stability Level: 1.0 - Experimental (Early Development) |
postponeOptions -
PatchPostponeOptions
|
The postponement time periods for users to delay a deployment or endpoint restart. Stability Level: 1.0 - Experimental (Early Development) |
title -
String!
|
The notification title. Stability Level: 1.0 - Experimental (Early Development) |
body -
String!
|
The notification body. Stability Level: 1.0 - Experimental (Early Development) |
translations -
[PatchClientNotificationTranslation!]
|
Translations for the notification. Stability Level: 1.0 - Experimental (Early Development) |
includeFrame -
Boolean!
|
Whether the notification window has a frame. End users can move or minimize the notification window using the frame functionality. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"notificationPeriodDuration": MonotonicDuration,
"countdownToDeadline": MonotonicDuration,
"postponeOptions": PatchPostponeOptions,
"title": "xyz789",
"body": "abc123",
"translations": [PatchClientNotificationTranslation],
"includeFrame": false
}
PatchClientNotificationInput
Description
An end user notification displayed to Windows and macOS endpoint users before a restart or deployment.
Fields
| Input Field | Description |
|---|---|
notificationPeriodDuration -
MonotonicDurationInput!
|
The maximum period of time after a notification is displayed before the end user is forced to start the deployment or restart the endpoint. Stability Level: 1.0 - Experimental (Early Development) |
countdownToDeadline -
MonotonicDurationInput!
|
A countdown displayed to the end user before the end user is forced to start the deployment or restart the endpoint. Stability Level: 1.0 - Experimental (Early Development) |
postponeOptions -
PatchPostponeOptionsInput
|
The postponement time periods for users to delay a deployment or endpoint restart. Stability Level: 1.0 - Experimental (Early Development) |
title -
String!
|
The notification title. Stability Level: 1.0 - Experimental (Early Development) |
body -
String!
|
The notification body. Stability Level: 1.0 - Experimental (Early Development) |
translations -
[PatchClientNotificationTranslationInput!]
|
Translations for the notification. Stability Level: 1.0 - Experimental (Early Development) |
includeFrame -
Boolean!
|
Whether the notification window has a frame. End users can move or minimize the notification window using the frame functionality. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"notificationPeriodDuration": MonotonicDurationInput,
"countdownToDeadline": MonotonicDurationInput,
"postponeOptions": PatchPostponeOptionsInput,
"title": "abc123",
"body": "xyz789",
"translations": [
PatchClientNotificationTranslationInput
],
"includeFrame": true
}
PatchClientNotificationTranslation
Description
Translation of a client notification.
Fields
| Field Name | Description |
|---|---|
languageCode -
String!
|
An ISO 639-1 two-letter language code for the translation. Stability Level: 1.0 - Experimental (Early Development) |
title -
String!
|
The notification title. Stability Level: 1.0 - Experimental (Early Development) |
body -
String!
|
The notification body. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"languageCode": "abc123",
"title": "xyz789",
"body": "xyz789"
}
PatchClientNotificationTranslationInput
Description
Translation of a client notification.
Fields
| Input Field | Description |
|---|---|
languageCode -
String!
|
An ISO 639-1 two-letter language code for the translation. Stability Level: 1.0 - Experimental (Early Development) |
title -
String!
|
The notification title. Stability Level: 1.0 - Experimental (Early Development) |
body -
String!
|
The notification body. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"languageCode": "xyz789",
"title": "abc123",
"body": "xyz789"
}
PatchContentDeploymentType
Description
Content deployment type.
Values
| Enum Value | Description |
|---|---|
|
|
Install manually selected patches or patch lists. Stability Level: 1.0 - Experimental (Early Development) |
|
|
Install all updates. Stability Level: 1.0 - Experimental (Early Development) |
|
|
Install all security updates. Stability Level: 1.0 - Experimental (Early Development) |
Example
"MANUAL_SELECTION"
PatchCreateDeploymentInput
Description
A request to create a Patch deployment.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The deployment name. Stability Level: 1.0 - Experimental (Early Development) |
type -
PatchDeploymentType!
|
The deployment type. This must be Stability Level: 1.0 - Experimental (Early Development) |
platform -
PatchEndpointPlatform!
|
The deployment platform. Stability Level: 1.0 - Experimental (Early Development) |
contentSet -
IdRefInput!
|
The content set to which the deployment belongs. Stability Level: 1.0 - Experimental (Early Development) |
description -
String
|
The deployment description. Stability Level: 1.0 - Experimental (Early Development) |
contentDeploymentType -
PatchContentDeploymentType!
|
The content deployment type. This must be Stability Level: 1.0 - Experimental (Early Development) |
patchLists -
[PatchListRefInput!]
|
Patch lists to include in the deployment. Define at least one of Define exactly one of Stability Level: 1.0 - Experimental (Early Development) |
patches -
[IdRefInput!]
|
Individual patches to include in the deployment. Define at least one of Define exactly one of Stability Level: 1.0 - Experimental (Early Development) |
targets -
PatchTargetsInput!
|
Deployment targeting configuration. Stability Level: 1.0 - Experimental (Early Development) |
schedule -
PatchScheduleInput
|
Deployment scheduling configuration. Required for macOS and Linux deployments. If this is Stability Level: 1.0 - Experimental (Early Development) |
downloadImmediately -
Boolean!
|
Whether the patch content should be downloaded before the installation time. Stability Level: 1.0 - Experimental (Early Development) |
overrideBlocklists -
Boolean!
|
Whether to install all specified patches regardless of block lists. Stability Level: 1.0 - Experimental (Early Development) |
restart -
Boolean!
|
Whether to restart the endpoint after deployment is complete. Stability Level: 1.0 - Experimental (Early Development) |
notifications -
PatchNotificationsInput
|
Deployment notifications for Windows and macOS. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"name": "xyz789",
"type": "INSTALL",
"platform": "WINDOWS",
"contentSet": IdRefInput,
"description": "abc123",
"contentDeploymentType": "MANUAL_SELECTION",
"patchLists": [PatchListRefInput],
"patches": [IdRefInput],
"targets": PatchTargetsInput,
"schedule": PatchScheduleInput,
"downloadImmediately": true,
"overrideBlocklists": false,
"restart": false,
"notifications": PatchNotificationsInput
}
PatchCreateDeploymentPayload
Description
A response to a request to create a deployment.
Fields
| Field Name | Description |
|---|---|
deployment -
PatchDeployment
|
The created deployment. Stability Level: 1.0 - Experimental (Early Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"deployment": PatchDeployment,
"error": SystemError
}
PatchDefinition
Description
A Tanium patch definition.
Fields
| Field Name | Description |
|---|---|
id -
String!
|
The unique patch definition ID. Stability Level: 1.0 - Experimental (Early Development) |
title -
String!
|
The patch definition title. Stability Level: 1.0 - Experimental (Early Development) |
cveIds -
[String!]!
|
The CVE IDs associated with the patch. Stability Level: 1.0 - Experimental (Early Development) |
platform -
PatchEndpointPlatform!
|
The operating system on which the patch is supported. Stability Level: 1.0 - Experimental (Early Development) |
severity -
String!
|
The severity of the patch. Stability Level: 1.0 - Experimental (Early Development) |
createdDate -
Date!
|
The patch definition creation date. Stability Level: 1.0 - Experimental (Early Development) |
releaseDate -
Date
|
The patch release date. Stability Level: 1.0 - Experimental (Early Development) |
isSuperseded -
Boolean!
|
Whether the patch is superseded by another patch. Stability Level: 1.0 - Experimental (Early Development) |
sizeInBytes -
Int!
|
The size of the patch in bytes. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": "abc123",
"title": "xyz789",
"cveIds": ["abc123"],
"platform": "WINDOWS",
"severity": "xyz789",
"createdDate": "2007-12-03",
"releaseDate": "2007-12-03",
"isSuperseded": false,
"sizeInBytes": 987
}
PatchDefinitionConnection
Description
A page of patch definitions.
Fields
| Field Name | Description |
|---|---|
edges -
[PatchDefinitionEdge!]!
|
The list of patch definition edges. Stability Level: 1.0 - Experimental (Early Development) |
pageInfo -
PageInfo!
|
Information about the patch definition collection. Stability Level: 1.0 - Experimental (Early Development) |
totalRecords -
Int!
|
The total number of patch definition records available. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"edges": [PatchDefinitionEdge],
"pageInfo": PageInfo,
"totalRecords": 123
}
PatchDefinitionEdge
Description
A patch definition within a page.
Fields
| Field Name | Description |
|---|---|
node -
PatchDefinition!
|
The patch definition. Stability Level: 1.0 - Experimental (Early Development) |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"node": PatchDefinition,
"cursor": Cursor
}
PatchDefinitionFieldFilter
Description
Describes a filter for patch definitions. Patch definitions with field values matching the filter are included in the query results.
Fields
| Input Field | Description |
|---|---|
cveIds -
[String!]
|
The CVE IDs associated with a patch definition. You can specify only one CVE ID per filter. Example: CVE-2014-123456 Stability Level: 1.0 - Experimental (Early Development) |
Example
{"cveIds": ["xyz789"]}
PatchDefinitionFieldSort
Description
Sorting criteria for patch definitions. The list is sorted by the specified field, in the specified order.
Fields
| Input Field | Description |
|---|---|
field -
PatchDefinitionSortField!
|
The field to sort by. Stability Level: 1.0 - Experimental (Early Development) |
order -
SortOrder!
|
The order in which to sort the field values. Stability Level: 1.0 - Experimental (Early Development) |
Example
{"field": "title", "order": "asc"}
PatchDefinitionSortField
Description
Available patch definition fields to sort by.
Values
| Enum Value | Description |
|---|---|
|
|
The patch definition title. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The patch definition severity. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The patch definition platform. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The patch definition release date. Stability Level: 1.0 - Experimental (Early Development) |
Example
"title"
PatchDeployment
Description
A request to create a Patch deployment.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The deployment ID. Stability Level: 1.0 - Experimental (Early Development) |
name -
String!
|
The deployment name. Stability Level: 1.0 - Experimental (Early Development) |
type -
PatchDeploymentType!
|
The deployment type. Stability Level: 1.0 - Experimental (Early Development) |
platform -
PatchEndpointPlatform!
|
The deployment platform. Stability Level: 1.0 - Experimental (Early Development) |
contentSet -
IdRef!
|
The content set to which the deployment belongs. Stability Level: 1.0 - Experimental (Early Development) |
description -
String
|
The deployment description. Stability Level: 1.0 - Experimental (Early Development) |
contentDeploymentType -
PatchContentDeploymentType!
|
The content deployment type. Stability Level: 1.0 - Experimental (Early Development) |
patchLists -
[PatchListRef!]
|
Patch lists to include in the deployment. Stability Level: 1.0 - Experimental (Early Development) |
patches -
[IdRef!]
|
Individual patches to include in the deployment. Stability Level: 1.0 - Experimental (Early Development) |
targets -
PatchTargets!
|
Deployment targeting configuration. Stability Level: 1.0 - Experimental (Early Development) |
schedule -
PatchSchedule
|
Deployment scheduling configuration. If this is Stability Level: 1.0 - Experimental (Early Development) |
downloadImmediately -
Boolean!
|
Whether the patch content should be downloaded before the installation time. Stability Level: 1.0 - Experimental (Early Development) |
overrideBlocklists -
Boolean!
|
Whether to install all specified patches regardless of block lists. Stability Level: 1.0 - Experimental (Early Development) |
restart -
Boolean!
|
Whether to restart the endpoint after deployment is complete. Stability Level: 1.0 - Experimental (Early Development) |
notifications -
PatchNotifications
|
Deployment notifications for Windows and macOS. Stability Level: 1.0 - Experimental (Early Development) |
author -
TaniumPlatformUser
|
The Tanium user that created the deployment. Stability Level: 1.0 - Experimental (Early Development) |
createdTime -
Time!
|
When the deployment was created. Stability Level: 1.0 - Experimental (Early Development) |
updatedTime -
Time!
|
When the deployment was last updated. Stability Level: 1.0 - Experimental (Early Development) |
stoppedTime -
Time
|
When the deployment was stopped. If the deployment has not been stopped this is Stability Level: 1.0 - Experimental (Early Development) |
status -
PatchDeploymentStatus!
|
The deployment status. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"id": 4,
"name": "xyz789",
"type": "INSTALL",
"platform": "WINDOWS",
"contentSet": IdRef,
"description": "abc123",
"contentDeploymentType": "MANUAL_SELECTION",
"patchLists": [PatchListRef],
"patches": [IdRef],
"targets": PatchTargets,
"schedule": PatchSchedule,
"downloadImmediately": false,
"overrideBlocklists": false,
"restart": true,
"notifications": PatchNotifications,
"author": TaniumPlatformUser,
"createdTime": "10:15:30Z",
"updatedTime": "10:15:30Z",
"stoppedTime": "10:15:30Z",
"status": "INACTIVE"
}
PatchDeploymentStatus
Description
Patch deployment status.
Values
| Enum Value | Description |
|---|---|
|
|
The deployment has not started yet. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The deployment is active. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The deployment has ended. Stability Level: 1.0 - Experimental (Early Development) |
|
|
The deployment was stopped. Stability Level: 1.0 - Experimental (Early Development) |
Example
"INACTIVE"
PatchDeploymentType
Description
The operation a Patch deployment performs.
Values
| Enum Value | Description |
|---|---|
|
|
Download and install patches on a set of target computers. Stability Level: 1.0 - Experimental (Early Development) |
|
|
Uninstall Windows patches on a set of target computers. Stability Level: 1.0 - Experimental (Early Development) |
Example
"INSTALL"
PatchEndpointPlatform
Description
Endpoint platforms supported by Patch.
Values
| Enum Value | Description |
|---|---|
|
|
Microsoft Windows operating system. Stability Level: 1.0 - Experimental (Early Development) |
|
|
macOS operating system. Stability Level: 1.0 - Experimental (Early Development) |
|
|
Linux operating system. Stability Level: 1.0 - Experimental (Early Development) |
Example
"WINDOWS"
PatchListRef
Description
A patch list reference.
Example
{"id": "4", "version": 123}
PatchListRefInput
Description
A patch list reference input.
Example
{"id": "4", "version": 987}
PatchNotifications
Description
Patch deployment notifications for Windows and macOS endpoints.
Fields
| Field Name | Description |
|---|---|
preDeployment -
PatchClientNotification
|
Notification shown before the start of the deployment. Stability Level: 1.0 - Experimental (Early Development) |
postDeployment -
PatchClientNotification
|
Notification shown before restarting the endpoint after the end of the deployment. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"preDeployment": PatchClientNotification,
"postDeployment": PatchClientNotification
}
PatchNotificationsInput
Description
Patch deployment notifications for Windows and macOS endpoints.
Fields
| Input Field | Description |
|---|---|
preDeployment -
PatchClientNotificationInput
|
Notification shown before the start of the deployment. Stability Level: 1.0 - Experimental (Early Development) |
postDeployment -
PatchClientNotificationInput
|
Notification shown before restarting the endpoint after the end of the deployment. Only applies if Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"preDeployment": PatchClientNotificationInput,
"postDeployment": PatchClientNotificationInput
}
PatchPostponeOptions
Description
Postponement options for Windows and macOS endpoint users to delay a restart or deployment.
Fields
| Field Name | Description |
|---|---|
durationOne -
MonotonicDuration!
|
The first restart postponement duration displayed to an end user. Stability Level: 1.0 - Experimental (Early Development) |
durationTwo -
MonotonicDuration!
|
The second restart postponement duration displayed to an end user. Stability Level: 1.0 - Experimental (Early Development) |
durationThree -
MonotonicDuration!
|
The third restart postponement duration displayed to an end user. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"durationOne": MonotonicDuration,
"durationTwo": MonotonicDuration,
"durationThree": MonotonicDuration
}
PatchPostponeOptionsInput
Description
Postponement options for Windows and macOS endpoint users to delay a restart or deployment.
Fields
| Input Field | Description |
|---|---|
durationOne -
MonotonicDurationInput!
|
The first restart postponement duration displayed to an end user. This value must be smaller than Stability Level: 1.0 - Experimental (Early Development) |
durationTwo -
MonotonicDurationInput!
|
The second restart postponement duration displayed to an end user. This value must be smaller than Stability Level: 1.0 - Experimental (Early Development) |
durationThree -
MonotonicDurationInput!
|
The third restart postponement duration displayed to an end user. This value must be smaller than Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"durationOne": MonotonicDurationInput,
"durationTwo": MonotonicDurationInput,
"durationThree": MonotonicDurationInput
}
PatchQuestionCriteria
Description
Patch deployment question criteria.
Fields
| Field Name | Description |
|---|---|
limitingGroups -
[IdRef!]
|
The computer groups to which an endpoint must belong to be targeted. If you define multiple computer groups, an endpoint is targeted if it belongs to any of the groups. Stability Level: 1.0 - Experimental (Early Development) |
Example
{"limitingGroups": [IdRef]}
PatchQuestionCriteriaInput
Description
Patch deployment question criteria.
Fields
| Input Field | Description |
|---|---|
filter -
ComputerGroupFilter
|
The filter used to target endpoints for the deployment. Note that when using a parameterized sensor for filtering, you must define all parameters for that sensor, even if a parameter has a default value. Use of this field requires one of the following Tanium permissions: Stability Level: 1.0 - Experimental (Early Development) |
limitingGroups -
[IdRefInput!]
|
The computer groups to which an endpoint must belong to be targeted. If you define multiple computer groups, an endpoint is targeted if it belongs to any of the groups. Stability Level: 1.0 - Experimental (Early Development) |
questionGroups -
[IdRefInput!]
|
This field was experimental and is now deprecated. Stability Level: 0 - Deprecated |
Example
{
"filter": ComputerGroupFilter,
"limitingGroups": [IdRefInput],
"questionGroups": [IdRefInput]
}
PatchSchedule
Description
A Patch deployment schedule.
Fields
| Field Name | Description |
|---|---|
type -
PatchScheduleType!
|
The deployment schedule type. Stability Level: 1.0 - Experimental (Early Development) |
timeZone -
String
|
The If this is Stability Level: 1.0 - Experimental (Early Development) |
startTime -
Time!
|
The deployment start time. Stability Level: 1.0 - Experimental (Early Development) |
endTime -
Time
|
The deployment end time. Stability Level: 1.0 - Experimental (Early Development) |
distributeOver -
MonotonicDuration
|
The duration over which the deployment start time is randomized on each endpoint by an amount of time up to the value configured. Stability Level: 1.0 - Experimental (Early Development) |
overrideMaintenanceWindows -
Boolean!
|
Whether to allow the deployment to run outside of configured maintenance windows. Stability Level: 1.0 - Experimental (Early Development) |
eussAvailableBeforeStart -
Boolean
|
Whether end users can start a deployment before the scheduled start time and outside of maintenance windows in the Self Service Client application. Only applies to Windows deployments. Stability Level: 1.0 - Experimental (Early Development) |
eussHideFromActivity -
Boolean
|
Whether the Activity tab in the Self Service Client application hides upcoming deployment activity from end users. Hidden deployments do not appear in the History tab. Only applies to Windows deployments. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"type": "SINGLE",
"timeZone": "xyz789",
"startTime": "10:15:30Z",
"endTime": "10:15:30Z",
"distributeOver": MonotonicDuration,
"overrideMaintenanceWindows": false,
"eussAvailableBeforeStart": false,
"eussHideFromActivity": true
}
PatchScheduleInput
Description
A Patch deployment schedule.
Fields
| Input Field | Description |
|---|---|
type -
PatchScheduleType!
|
The deployment schedule type. Stability Level: 1.0 - Experimental (Early Development) |
timeZone -
String
|
The If this is Stability Level: 1.0 - Experimental (Early Development) |
startTime -
Time!
|
The deployment start time. Stability Level: 1.0 - Experimental (Early Development) |
endTime -
Time
|
The deployment end time. Only applies to single deployments. Stability Level: 1.0 - Experimental (Early Development) |
distributeOver -
MonotonicDurationInput
|
The duration over which the deployment start time is randomized on each endpoint by an amount of time up to the value configured. This value must be less than the deployment duration. For single deployments, the duration is the time between Stability Level: 1.0 - Experimental (Early Development) |
overrideMaintenanceWindows -
Boolean!
|
Whether to allow the deployment to run outside of configured maintenance windows. Stability Level: 1.0 - Experimental (Early Development) |
eussAvailableBeforeStart -
Boolean
|
Whether end users can start a deployment before the scheduled start time and outside of maintenance windows in the Self Service Client application. Only applies to Windows deployments. Stability Level: 1.0 - Experimental (Early Development) |
eussHideFromActivity -
Boolean
|
Whether the Activity tab in the Self Service Client application hides upcoming deployment activity from end users. Hidden deployments do not appear in the History tab. Only applies to Windows deployments. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"type": "SINGLE",
"timeZone": "abc123",
"startTime": "10:15:30Z",
"endTime": "10:15:30Z",
"distributeOver": MonotonicDurationInput,
"overrideMaintenanceWindows": true,
"eussAvailableBeforeStart": true,
"eussHideFromActivity": false
}
PatchScheduleType
Description
Patch deployment scheduling options.
Values
| Enum Value | Description |
|---|---|
|
|
A single deployment with a specific start and end time. Stability Level: 1.0 - Experimental (Early Development) |
|
|
An ongoing deployment that does not have an end time. Stability Level: 1.0 - Experimental (Early Development) |
Example
"SINGLE"
PatchStopDeploymentPayload
Description
A response to a request to stop a deployment that is in progress or scheduled to start in the future.
Fields
| Field Name | Description |
|---|---|
deployment -
PatchDeployment
|
The updated deployment. Stability Level: 1.0 - Experimental (Early Development) |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"deployment": PatchDeployment,
"error": SystemError
}
PatchTargets
Description
The endpoints on which a deployment runs.
Fields
| Field Name | Description |
|---|---|
computerGroups -
[IdRef!]
|
The computer groups whose endpoints are targeted by the deployment. An endpoint is targeted if it belongs to any computer group in the list. Stability Level: 1.0 - Experimental (Early Development) |
questionCriteria -
PatchQuestionCriteria
|
The question criteria used to target endpoints for the deployment. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"computerGroups": [IdRef],
"questionCriteria": PatchQuestionCriteria
}
PatchTargetsInput
Description
The endpoints on which a deployment runs. If both computerGroups and questionCriteria are defined, the deployment targets endpoints that match either the defined computer groups or the defined question criteria.
Fields
| Input Field | Description |
|---|---|
computerGroups -
[IdRefInput!]
|
The computer groups whose endpoints are targeted by the deployment. Stability Level: 1.0 - Experimental (Early Development) |
questionCriteria -
PatchQuestionCriteriaInput
|
The question criteria used to target endpoints for the deployment. Stability Level: 1.0 - Experimental (Early Development) |
Example
{
"computerGroups": [IdRefInput],
"questionCriteria": PatchQuestionCriteriaInput
}
PerfQuery
Description
A request to perform a PromQL query.
Fields
| Input Field | Description |
|---|---|
type -
PerfQueryType!
|
The type of PromQL query to perform. Stability Level: 3 - Stable |
query -
String!
|
The PromQL query to perform. Stability Level: 3 - Stable |
from -
Time
|
The start date and time of the PromQL query. Stability Level: 3 - Stable |
to -
Time
|
The end date and time of the PromQL query. Stability Level: 3 - Stable |
step -
String
|
The step size of the PromQL query. Stability Level: 3 - Stable |
Example
{
"type": "QUERY",
"query": "abc123",
"from": "10:15:30Z",
"to": "10:15:30Z",
"step": "abc123"
}
PerfQueryType
Description
The set of performance query types.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"QUERY"
Persona
Description
A set of roles and computer groups that can be used to enforce a set of restrictions on what a user can and cannot do.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the persona. Stability Level: 3 - Stable |
Example
{"name": "xyz789"}
PingDirectConnectionInput
Description
A request to ping an endpoint over a Direct Connect connection (for example, to test connectivity).
Fields
| Input Field | Description |
|---|---|
connectionID -
ID!
|
The ID of the connection to ping. Stability Level: 3 - Stable |
Example
{"connectionID": "4"}
PingDirectConnectionPayload
Description
A response to a request to ping an endpoint over a Direct Connect connection.
Fields
| Field Name | Description |
|---|---|
result -
Boolean!
|
Indicates that the ping is acknowledged. Stability Level: 3 - Stable |
Example
{"result": true}
Principal
Process
Description
A process running on an endpoint.
Fields
| Field Name | Description |
|---|---|
pid -
Int!
|
The ID of the process. Stability Level: 3 - Stable |
ppid -
Int!
|
The ID of the parent of this process. Stability Level: 3 - Stable |
name -
String!
|
The name of the process. Stability Level: 3 - Stable |
commandLine -
String!
|
The command line of the process. Stability Level: 3 - Stable |
userName -
String!
|
The name of the user that started the process. Stability Level: 3 - Stable |
groupName -
String!
|
The group name of the process. Stability Level: 3 - Stable |
cpuUserTimeSeconds -
Float!
|
The seconds of CPU user time used by the process. Stability Level: 3 - Stable |
cpuKernelTimeSeconds -
Float!
|
The seconds of CPU kernel time used by the process. Stability Level: 3 - Stable |
cpuUsagePercent -
Float!
|
The current CPU usage as a percent from 0 to 100. Stability Level: 3 - Stable |
memoryResidentBytes -
Int!
|
The number of memory resident bytes used by the process. Stability Level: 3 - Stable |
Example
{
"pid": 987,
"ppid": 987,
"name": "abc123",
"commandLine": "xyz789",
"userName": "abc123",
"groupName": "xyz789",
"cpuUserTimeSeconds": 987.65,
"cpuKernelTimeSeconds": 987.65,
"cpuUsagePercent": 123.45,
"memoryResidentBytes": 123
}
Processor
Description
The processor details of an endpoint.
Fields
| Field Name | Description |
|---|---|
cpu -
String!
|
The description of the CPU. Example: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz Sensor: CPU Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
architecture -
String!
|
The architecture of the CPU. Example: i386, X86-based PC Sensor: CPU Architecture Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
cacheSize -
String!
|
The cache size of the CPU in KB. Example: 1024 KB Sensor: CPU Cache Size Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
consumption -
String!
|
The current total CPU consumption as a percentage ( Example: 50% Sensor: CPU Consumption Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
highConsumption -
String!
|
Indicates whether the client machine is currently experiencing high utilization of its CPU. Example: Under threshold Sensor: High CPU Consumption Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
family -
String!
|
The CPU family. Example: Xeon, Family 198 Sensor: CPU Family Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
manufacturer -
String!
|
The CPU manufacturer. Example: GenuineIntel Sensor: CPU Manufacturer Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
speed -
String!
|
The speed of the CPU in megahertz. Example: 3200 Mhz Sensor: CPU Speed Mhz Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
revision -
String!
|
The revision number of the CPU. Example: 5898 Sensor: Revision of CPU Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
logicalProcessors -
Int!
|
The number of logical processors. Example: 8 Sensor: CPU Details, Column: Total Logical Processors Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{
"cpu": "abc123",
"architecture": "xyz789",
"cacheSize": "xyz789",
"consumption": "abc123",
"highConsumption": "abc123",
"family": "xyz789",
"manufacturer": "xyz789",
"speed": "abc123",
"revision": "xyz789",
"logicalProcessors": 123
}
Relationship
Description
A relationship between configuration item entities.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique ID of the relationship. Stability Level: 3 - Stable |
entityA -
ID!
|
The ID of the primary configuration item entity. Stability Level: 3 - Stable |
entityB -
ID!
|
The ID of the secondary configuration item entity. Stability Level: 3 - Stable |
type -
String!
|
The type of the relationship. Stability Level: 3 - Stable |
created -
Time!
|
The date and time at which the relationship was stored in the CMDB. Stability Level: 3 - Stable |
updated -
Time!
|
The date and time at which the relationship was last updated in the CMDB. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the entity class. The schema version can be specified as an argument. If it is not specified, the schema version defaults to the latest schema available. Stability Level: 3 - Stable |
Arguments
|
|
Example
{
"id": "4",
"entityA": 4,
"entityB": 4,
"type": "abc123",
"created": "10:15:30Z",
"updated": "10:15:30Z",
"details": Map
}
RelationshipPayload
Description
A request to manage a relationship between configuration item entities.
Fields
| Input Field | Description |
|---|---|
id -
ID
|
The relationship ID. If this relationship ID exists, this request updates the matching relationship. If this relationship ID does not exist, this request creates a new relationship. Stability Level: 3 - Stable |
entityA -
ID!
|
The ID of the primary configuration item entity. Stability Level: 3 - Stable |
entityB -
ID!
|
The ID of the secondary configuration item entity. Stability Level: 3 - Stable |
type -
String!
|
The type of the relationship. Stability Level: 3 - Stable |
details -
Map
|
The semi-structured data for the relationship. Stability Level: 3 - Stable |
Example
{
"id": "4",
"entityA": "4",
"entityB": 4,
"type": "xyz789",
"details": Map
}
RelationshipQueryParams
Description
The configuration item relationships to include in the results.
Fields
| Input Field | Description |
|---|---|
ids -
[ID]
|
The set of configuration item relationship IDs to include in the results. Stability Level: 3 - Stable |
entityIds -
[ID]
|
The set of configuration item entity IDs to include in the results. Stability Level: 3 - Stable |
entityEids -
[ID]
|
The set of configuration item entity endpoint IDs to include in the results. Stability Level: 3 - Stable |
type -
String
|
The type of relationships to include in the results. Stability Level: 3 - Stable |
Example
{
"ids": ["4"],
"entityIds": ["4"],
"entityEids": ["4"],
"type": "xyz789"
}
RelationshipResult
Description
A set of configuration item relationships.
Fields
| Field Name | Description |
|---|---|
items -
[Relationship]!
|
The configuration item relationships. Stability Level: 3 - Stable |
Example
{"items": [Relationship]}
RelationshipSortField
Description
The set of fields by which relationships may be sorted.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"id"
RelationshipSortRequest
Description
The criteria by which to sort the relationships.
Fields
| Input Field | Description |
|---|---|
field -
RelationshipSortField!
|
The field by which to sort. Stability Level: 3 - Stable |
order -
SortOrder
|
The order in which to sort the field values. Stability Level: 3 - Stable |
Example
{"field": "id", "order": "asc"}
RelationshipType
Description
The type of a configuration item relationship.
Fields
| Field Name | Description |
|---|---|
type -
String!
|
The name of the relationship type. Stability Level: 3 - Stable |
edgeDirection -
EdgeDirection!
|
The direction of the relationship type. Stability Level: 3 - Stable |
Example
{"type": "xyz789", "edgeDirection": "AtoB"}
RelationshipTypeResult
Description
A set of configuration item relationship types.
Fields
| Field Name | Description |
|---|---|
items -
[RelationshipType]!
|
The configuration item relationship types. Stability Level: 3 - Stable |
Example
{"items": [RelationshipType]}
Report
Description
A report.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the report. Stability Level: 3 - Stable |
name -
String!
|
The report name. Note that reports are not required to have unique names. Stability Level: 3 - Stable |
description -
String!
|
The description of the report. Stability Level: 3 - Stable |
contentSet -
NamedRef!
|
The content set associated with the report. Stability Level: 3 - Stable |
labels -
[String!]
|
The labels associated with the report. Stability Level: 3 - Stable |
createdTime -
Time!
|
The time at which the report was created. Stability Level: 3 - Stable |
author -
Principal!
|
The report's creator. Stability Level: 3 - Stable |
modifiedTime -
Time!
|
The time at which the report was most recently modified. Stability Level: 3 - Stable |
lastModifiedBy -
Principal!
|
The user who most recently modified the report. Stability Level: 3 - Stable |
moduleName -
String
|
The name of the Tanium module the report is associated with. Stability Level: 3 - Stable |
favorite -
Boolean!
|
Indicates this report is marked as a favorite by the current user. Stability Level: 3 - Stable |
viewDetails -
ReportView!
|
The report view details. These details are read-only through this query. Stability Level: 3 - Stable |
Example
{
"id": "4",
"name": "abc123",
"description": "xyz789",
"contentSet": NamedRef,
"labels": ["abc123"],
"createdTime": "10:15:30Z",
"author": Principal,
"modifiedTime": "10:15:30Z",
"lastModifiedBy": Principal,
"moduleName": "abc123",
"favorite": true,
"viewDetails": ReportView
}
ReportConnection
Description
A page of report edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ReportEdge!]!
|
The list of report edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the report collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of report records available. Stability Level: 3 - Stable |
Example
{
"edges": [ReportEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
ReportDeletePayload
Description
The result of deleting a report.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the report. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"error": SystemError
}
ReportEdge
ReportExportPayload
Description
A response to a request to export a report definition.
Fields
| Field Name | Description |
|---|---|
reportDefinition -
String!
|
The exported report definition data. You can import this report definition using the Stability Level: 3 - Stable |
Example
{"reportDefinition": "abc123"}
ReportFieldFilter
Description
Describes a filter for report field values. A report must match every included filter condition to satisfy the filter.
Fields
| Input Field | Description |
|---|---|
moduleNames -
[String!]
|
Report module name must match one of the specified values. Stability Level: 3 - Stable |
authorNames -
[String!]
|
Report author must match one of the specified values. Stability Level: 3 - Stable |
createdBefore -
Time
|
Report creation time must be before the specified time. Stability Level: 3 - Stable |
createdAfter -
Time
|
Report creation time must be after the specified time. Stability Level: 3 - Stable |
text -
String
|
Report name or description must contain the specified text value. Stability Level: 3 - Stable |
contentSetNames -
[String!]
|
Report content set name must match one of the specified values. Stability Level: 3 - Stable |
labels -
[String!]
|
A report label must match one of the specified values. Stability Level: 3 - Stable |
Example
{
"moduleNames": ["xyz789"],
"authorNames": ["abc123"],
"createdBefore": "10:15:30Z",
"createdAfter": "10:15:30Z",
"text": "abc123",
"contentSetNames": ["xyz789"],
"labels": ["xyz789"]
}
ReportImportInput
Description
A request to import a report definition.
Fields
| Input Field | Description |
|---|---|
allowDuplicate -
Boolean!
|
Specifies whether the operation should allow the import of a report definition with the same name as an existing report. If you import a report definition with the same name as an existing report, this import does not overwrite the existing report. Stability Level: 3 - Stable |
reportDefinition -
String!
|
The report definition data to construct the report from. Must originate from running the Stability Level: 3 - Stable |
Example
{
"allowDuplicate": true,
"reportDefinition": "abc123"
}
ReportImportPayload
Description
A response to a request to import a report definition.
Fields
| Field Name | Description |
|---|---|
report -
Report
|
The report created by the request. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"report": Report,
"error": SystemError
}
ReportResultDataCollectionInfo
Description
Information about the report data results that populate a ReportResultDataConnection.
Fields
| Field Name | Description |
|---|---|
active -
Boolean!
|
Indicates results may still continue to accumulate in the underlying collection, and you may refresh the cursor to get complete results. Stability Level: 3 - Stable |
startCursor -
Cursor
|
The cursor for the beginning of the collection. This will be populated if the collection is empty, as long as the collection has the possibility of being refreshed with new results. Stability Level: 3 - Stable |
Example
{"active": true, "startCursor": Cursor}
ReportResultDataColumn
Description
A report result data column.
Fields
| Field Name | Description |
|---|---|
values -
[String!]
|
The list of values for the column. Stability Level: 3 - Stable |
Example
{"values": ["xyz789"]}
ReportResultDataConnection
Description
A page of report result data.
Fields
| Field Name | Description |
|---|---|
viewDetails -
ReportView!
|
The report view details. These details are read-only through this query. Stability Level: 3 - Stable |
edges -
[ReportResultDataEdge!]!
|
The list of report result data edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the report result data collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of report result data entries available. Stability Level: 3 - Stable |
collectionInfo -
ReportResultDataCollectionInfo!
|
Information about the report data results that contribute to the collection. Stability Level: 3 - Stable |
Example
{
"viewDetails": ReportView,
"edges": [ReportResultDataEdge],
"pageInfo": PageInfo,
"totalRecords": 987,
"collectionInfo": ReportResultDataCollectionInfo
}
ReportResultDataEdge
Description
A report result data row within a page.
Fields
| Field Name | Description |
|---|---|
node -
ReportResultDataRow!
|
The report result data row. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ReportResultDataRow,
"cursor": Cursor
}
ReportResultDataRow
Description
A report result data row.
Fields
| Field Name | Description |
|---|---|
columns -
[ReportResultDataColumn!]!
|
The data columns in a report result data row. Stability Level: 3 - Stable |
count -
Int!
|
The total count of entities grouped into a result data row. Stability Level: 3 - Stable |
Example
{"columns": [ReportResultDataColumn], "count": 987}
ReportView
Description
The view details of a report. This determines what data the report returns and how the data is sorted through the reportResultData query.
Fields
| Field Name | Description |
|---|---|
sources -
[ReportViewSource!]!
|
The data sources queried by the view. Stability Level: 3 - Stable |
columns -
[ReportViewColumn!]!
|
The columns queried by the view. Stability Level: 3 - Stable |
sort -
[ReportViewColumnSort!]!
|
The sort order of columns within the view. Stability Level: 3 - Stable |
Example
{
"sources": [ReportViewSource],
"columns": [ReportViewColumn],
"sort": [ReportViewColumnSort]
}
ReportViewColumn
Description
A column used in a report view.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the report column. Stability Level: 3 - Stable |
sourceName -
String!
|
The name of the report source this column is derived from. Stability Level: 3 - Stable |
sourceColumnName -
String!
|
The name of the report source column that this column is derived from. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"sourceName": "abc123",
"sourceColumnName": "xyz789"
}
ReportViewColumnSort
Description
Defines the sort order of a column within a report view.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the report column being sorted. Stability Level: 3 - Stable |
index -
Int!
|
The index of the column being sorted. Stability Level: 3 - Stable |
descending -
Boolean!
|
Whether the column is sorted in descending order (high to low). Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"index": 123,
"descending": true
}
ReportViewSource
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The name of the report source. Stability Level: 3 - Stable |
flatten -
Boolean!
|
Whether result data from this report is flattened. For more information, see Tanium Reporting User Guide: Flattened data Stability Level: 3 - Stable |
Example
{"name": "xyz789", "flatten": true}
ReportingDashboardDeletePayload
Description
The result of deleting a Reporting dashboard.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The dashboard ID. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"error": SystemError
}
ScheduledAction
Description
A scheduled action.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the scheduled action. Stability Level: 3 - Stable |
targets -
ActionTargets!
|
The endpoints on which the scheduled action runs. Stability Level: 3 - Stable |
package -
PackageRef!
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which any given action is active. Stability Level: 3 - Stable |
endTime -
Time
|
The end time of a scheduled action. If this is Stability Level: 3 - Stable |
issueSeconds -
Int
|
The time between action runs. Stability Level: 3 - Stable |
startTime -
Time
|
The start time of the scheduled action. Stability Level: 3 - Stable |
name -
String!
|
The name of the scheduled action. Stability Level: 3 - Stable |
comment -
String!
|
A short description of the scheduled action. Stability Level: 3 - Stable |
approved -
Boolean!
|
Indicates the scheduled action is allowed to create actions. Stability Level: 3 - Stable |
issueCount -
Int!
|
The number of actions created by the scheduled action. Stability Level: 3 - Stable |
lastStartTime -
Time
|
The most recent time at which an action was created by the scheduled action. Stability Level: 3 - Stable |
nextStartTime -
Time
|
The next time at which an action will be created by the scheduled action. Stability Level: 3 - Stable |
status -
ScheduledActionStatus
|
The status of the scheduled action. Stability Level: 3 - Stable |
creator -
Principal!
|
The scheduled action's creator. Stability Level: 3 - Stable |
approver -
Principal
|
The scheduled action's approver, if any. Stability Level: 3 - Stable |
metadata -
[Metadata!]!
|
The Tanium server metadata about the scheduled action. Stability Level: 3 - Stable |
lastAction -
Action
|
The action most recently created by the scheduled action. Stability Level: 3 - Stable |
Example
{
"id": 4,
"targets": ActionTargets,
"package": PackageRef,
"distributeSeconds": 123,
"expireSeconds": 987,
"endTime": "10:15:30Z",
"issueSeconds": 987,
"startTime": "10:15:30Z",
"name": "abc123",
"comment": "xyz789",
"approved": true,
"issueCount": 987,
"lastStartTime": "10:15:30Z",
"nextStartTime": "10:15:30Z",
"status": "ENABLED",
"creator": Principal,
"approver": Principal,
"metadata": [Metadata],
"lastAction": Action
}
ScheduledActionApprovePayload
Description
The result of approving a scheduled action.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The ID of the scheduled action. Stability Level: 3 - Stable |
approved -
Boolean
|
Indicates that the scheduled action was approved, or not, if known. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"approved": true,
"error": SystemError
}
ScheduledActionConnection
Description
A page of scheduled action edges.
Fields
| Field Name | Description |
|---|---|
edges -
[ScheduledActionEdge!]!
|
The list of scheduled action edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the scheduled action collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of scheduled action records available. Stability Level: 3 - Stable |
Example
{
"edges": [ScheduledActionEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
ScheduledActionCreateInput
Description
A request to create a scheduled action.
Fields
| Input Field | Description |
|---|---|
targets -
ActionTargetsInput!
|
The endpoints on which the actions run. Stability Level: 3 - Stable |
package -
PackageRefInput!
|
The package containing the action script and any other files. Stability Level: 3 - Stable |
schedule -
ScheduledActionScheduleInput!
|
The schedule on which the actions run. Stability Level: 3 - Stable |
name -
String
|
The scheduled action name. Note that scheduled actions are not required to have unique names. Stability Level: 3 - Stable |
comment -
String
|
A short description. Stability Level: 3 - Stable |
Example
{
"targets": ActionTargetsInput,
"package": PackageRefInput,
"schedule": ScheduledActionScheduleInput,
"name": "abc123",
"comment": "abc123"
}
ScheduledActionCreatePayload
Description
The result of creating a scheduled action.
Fields
| Field Name | Description |
|---|---|
scheduledAction -
ScheduledAction
|
The newly created scheduled action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"scheduledAction": ScheduledAction,
"error": SystemError
}
ScheduledActionDeletePayload
Description
The result of deleting a scheduled action.
Fields
| Field Name | Description |
|---|---|
id -
ID
|
The ID of the scheduled action. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"id": "4",
"error": SystemError
}
ScheduledActionEdge
Description
A scheduled action within a page.
Fields
| Field Name | Description |
|---|---|
node -
ScheduledAction!
|
The scheduled action. Stability Level: 3 - Stable |
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
Example
{
"node": ScheduledAction,
"cursor": Cursor
}
ScheduledActionScheduleInput
Description
The schedule on which the action should run.
Fields
| Input Field | Description |
|---|---|
distributeSeconds -
Int
|
The time over which to distribute actions to endpoints in batches, to prevent spikes in network traffic or other resource consumption. A value of Stability Level: 3 - Stable |
expireSeconds -
Int
|
The time for which any given action is active. This both defaults to and must be greater than or equal to either the package's expiration time or the sum of the package's command timeout and the Stability Level: 3 - Stable |
reissueSeconds -
Int!
|
The time between recurring action runs. This must be greater than the Stability Level: 3 - Stable |
startTime -
Time
|
The start time of the action. This defaults to the current time. Stability Level: 3 - Stable |
endTime -
Time
|
The end time of a scheduled action. The default value is Stability Level: 3 - Stable |
Example
{
"distributeSeconds": 987,
"expireSeconds": 123,
"reissueSeconds": 123,
"startTime": "10:15:30Z",
"endTime": "10:15:30Z"
}
ScheduledActionStatus
Description
The status of a scheduled action.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"ENABLED"
Sensor
Description
A sensor is a named source of endpoint data. Normal sensors are managed by the Tanium Server and executed as scripts on endpoints. Virtual sensors are managed by TDS and typically store data computed and asserted by various systems.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The sensor name. Stability Level: 3 - Stable |
lastUpdatedBy -
String!
|
The name of the user that last modified this entity. Stability Level: 3 - Stable |
description -
String!
|
The sensor description. Stability Level: 3 - Stable |
contentSetName -
String!
|
The name of the content set governing the sensor's access control. Stability Level: 3 - Stable |
virtual -
Boolean!
|
Indicates that the sensor is virtual, managed by TDS, and not available to TS queries. Stability Level: 3 - Stable |
parameters -
[SensorParameter!]
|
The list of parameters accepted when reading the sensor. This is Stability Level: 3 - Stable |
columns -
[SensorColumn!]
|
The list of columns provided by the sensor. This is Stability Level: 3 - Stable |
harvested -
Boolean!
|
Indicates that the sensor is harvested in TDS. Parameterized sensors are never harvested directly; these sensors are harvested with specific sets of parameter values. See the Stability Level: 3 - Stable |
endpointQueryPaths -
[String!]!
|
The list of paths in the endpoints query in which this sensor is read. For example, Stability Level: 3 - Stable |
parameterizations -
[SensorParameterization!]
|
The sets of parameter values for this parameterized sensor that are important, by virtue of being harvested, registered in the endpoints query schema, or similar. This is Stability Level: 3 - Stable |
category -
String!
|
The sensor category. The value Stability Level: 3 - Stable |
maxAgeSeconds -
Int
|
The maximum age of sensor readings in seconds. This is absent for virtual sensors. Stability Level: 3 - Stable |
ignoreCase -
Boolean!
|
Indicates the system should ignore case when comparing sensor readings. Stability Level: 3 - Stable |
keepDuplicatesFlag -
Boolean
|
Indicates that sensors should report all values if a reading obtains duplicates. This is absent for virtual sensors. Stability Level: 3 - Stable |
valueType -
String!
|
The type of value returned by the sensor, used to compare and sort values. The system does not validate or enforce these types. Stability Level: 3 - Stable |
scripts -
[SensorScript!]
|
The scripts which implement the sensor on the various platforms. This is absent for virtual sensors. Stability Level: 3 - Stable |
created -
Time
|
When the sensor was created, if known. Stability Level: 3 - Stable |
updated -
Time
|
When the sensor was last updated, if known. Stability Level: 3 - Stable |
hidden -
Boolean!
|
Indicates the sensor is hidden by default. Note that the Tanium Core Platform, Tanium solutions, or Tanium shared services might use a given hidden sensor. Using or editing a hidden sensor might negatively impact Tanium functionality that relies upon the sensor. Hidden sensors are subject to change without notice. Stability Level: 3 - Stable |
Example
{
"name": "xyz789",
"lastUpdatedBy": "xyz789",
"description": "xyz789",
"contentSetName": "xyz789",
"virtual": false,
"parameters": [SensorParameter],
"columns": [SensorColumn],
"harvested": true,
"endpointQueryPaths": ["xyz789"],
"parameterizations": [SensorParameterization],
"category": "abc123",
"maxAgeSeconds": 987,
"ignoreCase": true,
"keepDuplicatesFlag": false,
"valueType": "xyz789",
"scripts": [SensorScript],
"created": "10:15:30Z",
"updated": "10:15:30Z",
"hidden": true
}
SensorColumn
Description
A sensor column describes a named portion of a sensor reading.
Fields
| Field Name | Description |
|---|---|
name -
String!
|
The column name. Stability Level: 3 - Stable |
ignoreCase -
Boolean!
|
Indicates the system should ignore case when comparing column values. Stability Level: 3 - Stable |
valueType -
String!
|
The type of value in the column, used to compare and sort values. The system does not validate or enforce these types. Stability Level: 3 - Stable |
hidden -
Boolean!
|
Indicates the column is hidden by default. Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"ignoreCase": true,
"valueType": "xyz789",
"hidden": true
}
SensorConnection
Description
A page of sensor edges.
Fields
| Field Name | Description |
|---|---|
edges -
[SensorEdge!]!
|
The list of sensor edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the sensor collection. Stability Level: 3 - Stable |
totalRecords -
Int!
|
The total number of sensor records available. Stability Level: 3 - Stable |
Example
{
"edges": [SensorEdge],
"pageInfo": PageInfo,
"totalRecords": 987
}
SensorEdge
SensorHarvestInput
Description
A request to manage the harvest registration of a sensor in TDS.
Fields
| Input Field | Description |
|---|---|
name -
String!
|
The name of the sensor to harvest. Stability Level: 3 - Stable |
parameters -
[EndpointSensorRefParam!]
|
The values of the parameterizable sensor to harvest. Stability Level: 3 - Stable |
integrationName -
String!
|
The name of the integration for which the sensor is being harvested. This should be a lowercase compound string joined by hyphens, where the first part indicates the name of the company responsible for the integration and the second part indicates the name or purpose of the integration. The prefix Stability Level: 3 - Stable |
harvest -
Boolean!
|
Indicates the sensor is being registered or deregistered for harvest. Stability Level: 3 - Stable |
cursor -
Cursor
|
The cursor value from a previous sensor harvest request. Stability Level: 3 - Stable |
Example
{
"name": "abc123",
"parameters": [EndpointSensorRefParam],
"integrationName": "xyz789",
"harvest": false,
"cursor": Cursor
}
SensorHarvestPayload
Description
A response to a harvest registration request.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor
|
Indicates the request is not complete and provides an identifier for subsequent calls to determine the request's terminal state. Stability Level: 3 - Stable |
success -
Boolean
|
Indicates the request completed successfully or failed. Stability Level: 3 - Stable |
error -
SystemError
|
Specifies that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"success": true,
"error": SystemError
}
SensorParameter
Description
A sensor parameter describes an argument to a sensor.
Example
{
"name": "xyz789",
"defaultValue": "xyz789"
}
SensorParameterValue
SensorParameterization
Description
A sensor parameterization is a specific set of sensor parameter values.
Fields
| Field Name | Description |
|---|---|
values -
[SensorParameterValue!]!
|
The values of this parameterization. The values are returned in the order parameters are defined in the sensor definition. Stability Level: 3 - Stable |
harvested -
Boolean!
|
Indicates the parameterized sensor is registered for harvest in TDS with these values. Stability Level: 3 - Stable |
endpointQueryPaths -
[String!]!
|
The list of paths in the endpoints query in which this sensor is read with these parameters. Stability Level: 3 - Stable |
Example
{
"values": [SensorParameterValue],
"harvested": true,
"endpointQueryPaths": ["abc123"]
}
SensorScript
Description
The script implementing a sensor for a given platform.
Fields
| Field Name | Description |
|---|---|
platform -
EndpointPlatform!
|
The platform on which the sensor script runs. Stability Level: 3 - Stable |
source -
String!
|
The source code. Stability Level: 3 - Stable |
type -
SensorScriptType!
|
The type. Stability Level: 3 - Stable |
Example
{
"platform": "Unknown",
"source": "abc123",
"type": "Unknown"
}
SensorScriptType
Description
The types of sensor scripts allowed by the platform.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"Unknown"
SensorValueFilter
Description
Describes a filter for endpoint sensor values. Sensor values matching the filter are included in the query results. Sensor value filters may be single or compound (nested one level deep).
Any filter that is not valid causes the query to return an error.
Fields
| Input Field | Description |
|---|---|
column -
String
|
The name of the sensor column to apply the filter to. If this does not resolve to an existing column name on the associated sensor, the query returns an error. This is required for single sensor value filters, and ignored for compound sensor value filters. Stability Level: 3 - Stable |
op -
SensorValueFilterOp!
|
The operator by which to compare the specified value to the sensor value. This is required for single sensor value filters, and ignored for compound sensor value filters. Stability Level: 3 - Stable |
value -
String
|
The constant value to compare with the sensor value, expressed as a string. This is required for single sensor value filters, and not allowed for compound sensor value filters. Stability Level: 3 - Stable |
filters -
[SensorValueFilter!]
|
Describes the set of filters which comprise this compound filter. All of the filters comprising this compound filter must pass for the compound filter to pass. This is required for compound sensor value filters, and not allowed for single sensor value filters. Stability Level: 3 - Stable |
any -
Boolean!
|
Indicates that if any of the filters comprising this compound filter passes, the compound filter passes. This defaults to This is allowed for compound field filters and ignored for single field filters. Stability Level: 3 - Stable |
restrictOwner -
Boolean!
|
Indicates that the filters should apply to owner records participating in the query, in addition to returned field values. This can be used to exclude records that do not match the filter, or would return an undefined value such as This is ignored for filters at the root level of a query. Stability Level: 3 - Stable |
Example
{
"column": "xyz789",
"op": "EQ",
"value": "abc123",
"filters": [SensorValueFilter],
"any": true,
"restrictOwner": false
}
SensorValueFilterOp
Description
The set of operations permitted on SensorValueFilter instances.
Values
| Enum Value | Description |
|---|---|
|
|
The equality operator. The sensor value and specified values must be equal. Stability Level: 3 - Stable |
|
|
The less than operator. The sensor value must be less than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
LTE is the less than or equals operator, the sensor value must be less than or equal to the given value. This is only valid for comparable types. Stability Level: 3 - Stable |
|
|
The greater than operator. The sensor value must be greater than the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The greater than or equals operator. The sensor value must be greater than or equal to the specified value. This is valid only for comparable types. Stability Level: 3 - Stable |
|
|
The string contains operator. The sensor value must contain the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string starts with operator. The sensor value must start with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string ends with operator. The sensor value must end with the specified value. This is valid only for string types. Stability Level: 3 - Stable |
|
|
The string matches operator. The sensor value must fully match the specified value, which is interpreted as a regular expression in Perl syntax. This is valid only for string types. Stability Level: 3 - Stable |
Example
"EQ"
Signal
Description
The set of signals that can be sent to processes.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"SIGINT"
SoftwareApplicabilityCounts
Description
The number of endpoints in each applicability status.
Fields
| Field Name | Description |
|---|---|
installEligibleCount -
Int!
|
The number of endpoints where the software is not installed and system requirements are met. Stability Level: 3 - Stable |
installedCount -
Int!
|
The number of systems where the software package is already installed. Stability Level: 3 - Stable |
notApplicableCount -
Int!
|
The number of endpoints where the system requirements or prerequisites are not met. Stability Level: 3 - Stable |
updateEligibleCount -
Int!
|
The number of endpoints where one or more of the previous versions of the application are detected, and the software package can update those systems. Stability Level: 3 - Stable |
updateIneligibleCount -
Int!
|
The number of endpoints where one or more of the previous versions of the application are detected, but the system requirements are not met. Stability Level: 3 - Stable |
Example
{
"installEligibleCount": 123,
"installedCount": 987,
"notApplicableCount": 987,
"updateEligibleCount": 987,
"updateIneligibleCount": 123
}
SoftwareDeploymentDetails
Description
The details of a software deployment.
Fields
| Field Name | Description |
|---|---|
ID -
ID!
|
The ID of the software deployment. Stability Level: 3 - Stable |
name -
String!
|
The name of the software deployment. Stability Level: 3 - Stable |
errors -
[SoftwareDeploymentErrorCount!]
|
Any error messages logged during software deployment. Stability Level: 3 - Stable |
status -
SoftwareDeploymentStatus
|
The status of the software deployment. Stability Level: 3 - Stable |
Example
{
"ID": 4,
"name": "xyz789",
"errors": [SoftwareDeploymentErrorCount],
"status": SoftwareDeploymentStatus
}
SoftwareDeploymentErrorCount
SoftwareDeploymentStatus
Description
The status and related details of a software deployment.
Fields
| Field Name | Description |
|---|---|
label -
SoftwareDeploymentStatusLabel!
|
The status label for the software deployment. Stability Level: 3 - Stable |
completeCount -
Int!
|
The number of endpoints where the deployment completed. Stability Level: 3 - Stable |
downloadCompleteWaitingCount -
Int!
|
The number of endpoints that finished downloading files and are waiting to run the deployment. Stability Level: 3 - Stable |
downloadingCount -
Int!
|
The number of endpoints that are downloading required files. Stability Level: 3 - Stable |
failedCount -
Int!
|
The number of endpoints where the deployment failed. Stability Level: 3 - Stable |
notApplicableCount -
Int!
|
The number of endpoints where the system requirements or prerequisites are not met. Stability Level: 3 - Stable |
runningCount -
Int!
|
The number of endpoints that finished downloading files and are running the deployment. Stability Level: 3 - Stable |
waitingCount -
Int!
|
The number of endpoints waiting to run the deployment. Stability Level: 3 - Stable |
Example
{
"label": "ACTIVE",
"completeCount": 987,
"downloadCompleteWaitingCount": 987,
"downloadingCount": 123,
"failedCount": 987,
"notApplicableCount": 987,
"runningCount": 987,
"waitingCount": 987
}
SoftwareDeploymentStatusLabel
Description
The set of status labels for a software deployment.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"ACTIVE"
SoftwareOperation
Description
The set of operations permitted for software package deployments.
Values
| Enum Value | Description |
|---|---|
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
|
|
Stability Level: 3 - Stable |
Example
"INSTALL"
SoftwarePackage
Description
The details of a software package.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The ID of the software package. Stability Level: 3 - Stable |
platform -
EndpointPlatform!
|
The operating system platform on which the software package runs. Stability Level: 3 - Stable |
productName -
String!
|
The name of the software package. Stability Level: 3 - Stable |
productVendor -
String!
|
The vendor of the software package. Stability Level: 3 - Stable |
productVersion -
String!
|
The version of the software package. Stability Level: 3 - Stable |
applicabilityCounts -
SoftwareApplicabilityCounts
|
The number of endpoints in each applicability status. Stability Level: 3 - Stable |
Example
{
"id": "4",
"platform": "Unknown",
"productName": "xyz789",
"productVendor": "abc123",
"productVersion": "abc123",
"applicabilityCounts": SoftwareApplicabilityCounts
}
SoftwarePackageConnection
Description
A page of software packages.
Fields
| Field Name | Description |
|---|---|
edges -
[SoftwarePackageEdge]!
|
The list of software package edges. Stability Level: 3 - Stable |
pageInfo -
PageInfo!
|
Information about the software package collection. Stability Level: 3 - Stable |
totalCount -
Int!
|
The total number of records in the software package collection. Stability Level: 3 - Stable |
Example
{
"edges": [SoftwarePackageEdge],
"pageInfo": PageInfo,
"totalCount": 987
}
SoftwarePackageEdge
Description
A software package within a page.
Fields
| Field Name | Description |
|---|---|
cursor -
Cursor!
|
The cursor of this edge within the collection. Stability Level: 3 - Stable |
node -
SoftwarePackage!
|
The software package. Stability Level: 3 - Stable |
Example
{
"cursor": Cursor,
"node": SoftwarePackage
}
SoftwareTarget
Description
The endpoints on which to perform a software management operation.
Fields
| Input Field | Description |
|---|---|
targetGroup -
String
|
The name of the group of endpoints on which to perform the operation. This is a subset of the action group. This defaults to the Stability Level: 3 - Stable |
endpoints -
[ID]
|
The list of endpoint IDs on which to perform the operation. You can add up to 25 endpoints. Stability Level: 3 - Stable |
Example
{
"targetGroup": "abc123",
"endpoints": ["4"]
}
SortOrder
Description
The directions in which entities can be sorted.
Values
| Enum Value | Description |
|---|---|
|
|
Ascending order. Stability Level: 1.0 - Experimental (Early Development) |
|
|
Descending order. Stability Level: 1.0 - Experimental (Early Development) |
Example
"asc"
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
SyncAssetResult
Description
A response to a request to synchronize assets.
Fields
| Field Name | Description |
|---|---|
success -
Boolean!
|
Indicates a successful synchronization. Stability Level: 3 - Stable |
Example
{"success": true}
SystemError
Description
A system error represents a problem that occurred while trying to process a command.
Fields
| Field Name | Description |
|---|---|
message -
String
|
Briefly describes the problem and any possible solutions. Stability Level: 3 - Stable |
retryable -
Boolean
|
Indicates that the system might succeed on a subsequent try of the same request. Stability Level: 3 - Stable |
timedOut -
Boolean
|
Indicates that the system timed out while trying to process the command, and it is not known if it succeeded or not. Stability Level: 3 - Stable |
Example
{
"message": "xyz789",
"retryable": false,
"timedOut": true
}
TaniumPlatformUser
Description
A user who can access the Tanium platform.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique user ID. Stability Level: 1.1 - Experimental (Active Development) |
username -
String
|
The unique user name, used for authentication to the Tanium platform. Stability Level: 1.1 - Experimental (Active Development) |
displayName -
String
|
The user display name. Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"id": 4,
"username": "abc123",
"displayName": "abc123"
}
TaniumPlatformUserContext
Description
A Tanium platform user context, containing the Tanium platform user and selected persona.
Fields
| Field Name | Description |
|---|---|
user -
TaniumPlatformUser!
|
The Tanium platform user. Stability Level: 1.1 - Experimental (Active Development) |
persona -
TaniumPlatformUserPersona
|
The Tanium platform user persona. A Stability Level: 1.1 - Experimental (Active Development) |
Example
{
"user": TaniumPlatformUser,
"persona": TaniumPlatformUserPersona
}
TaniumPlatformUserPersona
Description
A user persona in the Tanium platform. Note that the default persona is represented as a null reference to this type.
Fields
| Field Name | Description |
|---|---|
id -
ID!
|
The unique user persona ID. Stability Level: 1.1 - Experimental (Active Development) |
Example
{"id": 4}
ThreatResponseAlertRef
Description
Identifies a Threat Response alert. The guid must be specified.
Fields
| Input Field | Description |
|---|---|
guid -
ID
|
The alert's guid. Stability Level: 3 - Stable |
Example
{"guid": 4}
ThreatResponseAlertResolvePayload
Description
The result of resolving a Threat Response alert.
Fields
| Field Name | Description |
|---|---|
resolved -
Boolean
|
Indicates that the alert was resolved. Stability Level: 3 - Stable |
guid -
ID
|
The alert's guid. Stability Level: 3 - Stable |
error -
SystemError
|
Indicates that the request terminated in an error. Stability Level: 3 - Stable |
Example
{
"resolved": false,
"guid": "4",
"error": SystemError
}
Time
Description
An instant in time in RFC 3339 format.
Example
"10:15:30Z"
UpdateConfigurationItemPropertiesInput
Description
A request to update properties of the configuration item in the CMDB.
Fields
| Input Field | Description |
|---|---|
userSpecifiedAssetsMaxAge -
Int
|
The maximum age in seconds of user-specified Unmanaged Assets. Stability Level: 3 - Stable |
Example
{"userSpecifiedAssetsMaxAge": 987}
UpdateConfigurationItemPropertiesResult
Description
A response to a request to update properties of the configuration item in the CMDB.
Fields
| Field Name | Description |
|---|---|
userSpecifiedAssetsMaxAge -
Int
|
The maximum age in seconds of user-specified Unmanaged Assets. Stability Level: 3 - Stable |
Example
{"userSpecifiedAssetsMaxAge": 123}
WirelessAdapter
Description
The wireless adapter details of an endpoint.
Fields
| Field Name | Description |
|---|---|
ssid -
String!
|
The SSID (name) of the wireless network to which this wireless adapter connects. Example: linksys Sensor: Wireless Network Connected SSID, Column: Wireless Network Connected SSID Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
state -
ConnectedState!
|
The state of the adapter connection to its network. Example: CONNECTED Sensor: Wireless Network Connected SSID, Column: Wireless Network Connected SSID Use of this field requires the Core Content solution. Stability Level: 3 - Stable |
Example
{"ssid": "abc123", "state": "CONNECTED"}