Tanium Cloud Release Notes API Gateway
This page is deprecated. Future release notes will be available under Tanium Gateway at the Tanium Resource Center. See also Tanium Cloud Release Notes Gateway.
Cloud Release Starting on: November 8, 2023
New Features
- Tanium API Gateway has been rebranded to Tanium Gateway.
- Future release notes will be available at the Tanium Resource Center.
- RBAC role names were updated to Gateway.
- Updated GraphiQL interface in the Gateway workbench.
Improvements
- Miscellaneous improvements to types and data storage.
New Fields
- The following fields are added at stability index
1.2 - Experimental (Release Candidate):query.endpoints.edges.node.compliance.complianceFindings.excepted- retrieve whether this compliance finding is exceptedquery.endpoints.edges.node.compliance.cveFindings.affectedProducts- retrieve the affected products associated with a CVEquery.endpoints.edges.node.compliance.cveFindings.cisaDateAdded- retrieve the date the vulnerability was added to the CISA KEV catalogquery.endpoints.edges.node.compliance.cveFindings.cisaDueDate- retrieve the CISA KEV entry due date for taking actionquery.endpoints.edges.node.compliance.cveFindings.cisaNotes- retrieve the CISA KEV entry notesquery.endpoints.edges.node.compliance.cveFindings.cisaProduct- retrieve the CISA KEV entry product informationquery.endpoints.edges.node.compliance.cveFindings.cisaRequiredAction- retrieve the CISA KEV entry listed action to address the vulnerabilityquery.endpoints.edges.node.compliance.cveFindings.cisaShortDescription- retrieve the CISA KEV entry short descriptionquery.endpoints.edges.node.compliance.cveFindings.cisaVendor- retrieve the CISA KEV entry vendor or project namequery.endpoints.edges.node.compliance.cveFindings.cisaVulnerabilityName- retrieve the CISA KEV entry vulnerability namequery.endpoints.edges.node.compliance.cveFindings.cpes- retrieve Common Platform Enumerations (CPE) associated with the CVEquery.endpoints.edges.node.compliance.cveFindings.excepted- retrieve whether this CVE finding is exceptedquery.endpoints.edges.node.compliance.cveFindings.isCisaKev- retrieve whether this CVE finding is included in the CISA KEV catalogquery.endpoints.edges.node.compliance.cveFindings.scanType- retrieve the method used to discover the vulnerability finding
Field Stability Index Changes
- The following field is changed to stability index
2 - Legacy:query.packagesis legacy. Usequery.packageSpecinstead, for improved pagination and parameter support.
Resolved Issues
- Miscellaneous improvements for future solution integrations.
Cloud Release Starting on: September 27, 2023
Improvements
- Improved error logging.
- Improved performance and stability.
- Improved schema descriptions for stable and legacy Direct Connect functionality.
Resolved Issues
- Miscellaneous improvements for future solution integrations.
Cloud Release Starting on: August 22, 2023
Resolved Issues
- Miscellaneous improvements for future solution integrations.
Improvements
- Improved error logging.
- Improved performance and stability.
- Improved schema descriptions for stable and legacy Direct Connect functionality.
New Fields
No new fields are introduced in this release.
Field Stability Index Changes
No fields changed stability index in this release.
Deprecated Fields
No fields are deprecated in this release.
Security Update
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
Cloud Release Starting on: July 24, 2023
Resolved Issues
- Miscellaneous bug fixes
Cloud Release Starting on: July 5, 2023
New Features
- The
endpointsquery filter now supportseidFirstSeenandeidLastSeen. - This release introduces the stability index for fields, to convey the level of support for a field.
0 - Deprecated: Deprecated fields stop receiving support.- Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability
0 - Deprecated.
- Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability
1.0 - Experimental (Early Development): Experimental fields in early development are not stable, and might change significantly.1.1 - Experimental (Active Development): Experimental fields in active development are not stable, and the implemented functionality is closer to meeting requirements than experimental fields in early development.1.2 - Experimental (Release Candidate): Experimental fields as release candidate are not stable, and the functionality is ready for evaluation.2 - Legacy: Legacy fields are not actively developed.3 - Stable: Stable fields have active support.- Existing fields in active support are changed to stability
3 - Stablein this release.
- Existing fields in active support are changed to stability
Improvements
- Added new limits on memory and concurrent responses to improve performance and resource allocation.
New Fields
The following new fields add new request functionality:
- Sensors requests
query.sensors (includeHidden)- include hidden sensors in the responsequery.sensors.edges.node.hidden- whether a sensor is hidden by default
Field Stability Index Changes
The following fields have an updated stability index:
- The following fields are changed to stability index
1.2 - Experimental (Release Candidate):query.directConnectEndpoint.performance._dev_query
- The following fields are changed to stability index
2 - Legacy:mutation.closeDirectConnectionis legacy. Usemutation.directConnectCloseinstead.mutation.killProcessis legacy. Usemutation.directConnectProcessTerminateinstead.mutation.openDirectConnectionis legacy. Usemutation.directConnectOpeninstead.mutation.pingDirectConnectionis legacy. Usemutation.directConnectPinginstead.query.directEndpointis legacy. Usequery.directConnectEndpointinstead.
- The following fields are changed to stability 3 - Deprecated.
query.endpointLastSeenis deprecated. Usequery.endpoints (filter: {path: id})to filter on endpoint ID, then includequery.endpoints.edges.node.eidLastSeenin the request.
Fields are changed to stability index 0 - Deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. For more information on stability index changes, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#jul_2023.
Resolved Issues
- Miscellaneous improvements for future solution integrations
Cloud Release Starting on: June 7, 2023
New Fields
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings.absoluteFirstFoundDate- retrieve the first date a CVE was ever found on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.cveFindings.lastScanDate- retrieve the date a CVE was last scanned for on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.complianceFindings.firstFoundDate- retrieve the date a compliance issue was first found on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.complianceFindings.lastScanDate- retrieve the date a compliance issue was last scanned for on an endpoint- Note that you cannot filter a Comply request on this field.
Resolved Issues
- Fixed an issue where max page size was not set to 5000
Cloud Release Starting on: May 8, 2023
Resolved Issues
- Miscellaneous bug fixes and supportability improvements
Cloud Release Starting on: May 1, 2023
New Features
Comparison operators (GT, GTE, LT, LTE) and the any operator can now be used in the endpoints query for line-based filters on sensor readings and registered fields.
New Fields
The following new fields add new request functionality:
- Direct Connect requests
mutation.directConnectClose- close an open Direct Connect connection with an endpointmutation.directConnectConnectionStatus- get the status of a Direct Connect connectionmutation.directConnectProcessTerminate- terminate the specified process on an endpoint using a Direct Connect connectionmutation.directConnectOpen- establish a Direct Connect connection with an endpointmutation.directConnectPing- ping an endpoint using a Direct Connect connectionquery.directConnectEndpoint- obtain data from an endpoint using a Direct Connect connection
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:
mutation.closeDirectConnectionis deprecated. Usemutation.directConnectCloseinstead.mutation.killProcessis deprecated. Usemutation.directConnectProcessTerminateinstead.mutation.openDirectConnectionis deprecated. Usemutation.directConnectOpeninstead.mutation.pingDirectConnectionis deprecated. Usemutation.directConnectPinginstead.query.directEndpointis deprecated. Usequery.directConnectEndpointinstead.
For more information, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#may_2023.
Fields No Longer Supported
The following fields, deprecated in November 2021, are no longer supported as of May 2023:
mutation.installSoftwareis no longer supported. Usemutation.manageSoftwareinstead.mutation.removeSoftwareis no longer supported. Usemutation.manageSoftwareinstead.mutation.upsertEntityis no longer supported. Usemutation.importConfigurationItemEntitiesinstead.query.directConnectionis no longer supported. Usequery.directConnectEndpointinstead.query.endpoints.edges.node.diskSpaceis no longer supported. Usequery.endpoints.edges.node.disksinstead.query.endpoints.edges.node.memory.usedis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.query.endpoints.edges.node.memory.usedPercentageis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.query.entitiesis no longer supported. Usequery.configIremEntitiesinstead.query.relationshipsis no longer supported. Usequery.configItemRelationshipsinstead.query.softwareis no longer supported. Usequery.softwarePackageinstead.query.directEndpoint.performance.memoryUsagePercentis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.
Cloud Release Date: Jan 18, 2023
New Features
- The
endpointsquery now supports filtering capabilities for thecompliance.cveFindings,complianceFindings, andsensorReadingsfields.- The currently supported operations include:
EQ,CONTAINS,STARTS_WITH,ENDS_WITH, andMATCHES. - A new flag (
restrictOwner) controls whether the filter applies only to the sensor values or also restricts the participating endpoints. This defaults totrue. - Use of the compliance filters requires a Comply solution available by February 2023.
- The currently supported operations include:
- The
endpointsquery now supports the ability to filter out endpoints that containerroror[no results]in requested sensors. This can be configured through setting theexcludeErrorsorexcludeNoResultsflags in thetdsandtssources. - The
endpointsquery now omits hidden sensor columns from thesensorReadingsfield by default. Hidden columns will be displayed if they are selected explicitly by name, or if the newincludeHiddenColumnsargument is given with atruevalue.
New Fields
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings (filter)- filter endpoint results based on CVE findings field valuesquery.endpoints.edges.node.compliance.complianceFindings (filter)- filter endpoints results based on compliance findings field values
- Endpoint requests
query.endpoints (filter.memberOf.id)- filter endpoint results based on computer group membership, referencing the computer group IDquery.endpoints (source.tds.excludeErrors)- exclude endpoint results that contain common errors in returned field values from the Tanium Data Service sourcequery.endpoints (source.tds.excludeNoResults)- exclude endpoint results that contain[no results]in returned field values from the Tanium Data Service sourcequery.endpoints (source.ts.excludeErrors)- exclude endpoint results that contain common errors in returned field values from the Tanium Server sourcequery.endpoints (source.ts.excludeNoResults)- exclude endpoint results that contain[no results]in returned field values from the Tanium Server source- query.endpoints.edges.node.sensorReadings (includeHiddenColumns) - return hidden sensor columns in the response
query.endpoints.edges.node.sensorReadings (sensors.filter)- filter endpoint results based on sensor reading column values
- Sensor requests
query.sensors.edges.node.columns.hidden- return whether a sensor column is hidden or not hidden by default
Deprecated Fields
No fields are deprecated in this release. Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.
Improvements
- The
endpointsquerytsdata source honors itsmaxWaitTimeargument and computes success correctly. - The
endpointsquery no longer requires column names to be specified for filters on multi-column sensors when using theUPDATED_AFTERorCREATED_AFTERoperators with thetdsdata source. - The
endpointsquery allows much larger responses when used with thetdsdata source.
Cloud Release Date: Nov 17, 2022
Resolved Issues
- Minor bug fixes.
TaaS Release Date: Nov 09, 2022
New Features
- Improved subgraph federation.
New Fields available today
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings.cvssScoreV3- retrieve CVSS v3 scorequery.endpoints.edges.node.compliance.cveFindings.severityV3- retrieve CVSS v3 severity
- Direct Connect requests
query.directEndpoint.alerts.all (scope.startTime, endTime)- define a lookback period for retrieving alerts
- Endpoint requests
query.endpoints.edges.node.sensorReadings.columns- retrieve specified sensor columns and values
New Fields available in a future release of Asset and Reporting
This version of API Gateway adds support for the following new fields once future versions of Asset and Reporting are released. These fields will not be functional until the Asset and Reporting teams announce their support:
- Asset requests (requires a future release of Asset)
mutation.assetsImport- import assets, creating assets or updating existing assets
- Reporting requests (requires a future release of Reporting)
mutation.reportImport- import a previously exported report definitionquery.reportExport- export a report definitionquery.reportResultData- retrieve report dataquery.reports- retrieve report definitionsquery.report (ref)- retrieve report definition by ID
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.
The following fields are deprecated in favor of new fields:
query.endpoints.edges.node.softwareis deprecated. Usequery.endpoints.edges.node.installedApplicationsandquery.endpoints.edges.node.deployedSoftwarePackagesinstead.
For more information, see API Gateway User Guide: November 2022 deprecated fields.
Improvements
- Added Comply CVSS v3 scoring to API Gateway schema.
- Improved error logging.
Resolved Issues
- Various bug fixes
Cloud Release Date: Oct 25, 2022
Resolved Issues
- Minor bug fixes.
TaaS Release Date: Oct 4, 2022
Resolved Issues
- Minor bug fixes.
Cloud Release Date: August 30, 2022
New Fields
The following new fields add new request functionality:
- Action requests
mutation.actionPerform- run one of an enumerated list of action operations on endpointsmutation.actionStop- stop an actionmutation.scheduledActionApprove- approve a scheduled actionmutation.scheduledActionCreate- create a scheduled actionmutation.scheduledActionDelete- delete an action or scheduled actionquery.packageSpecs- retrieve information about a package specquery.scheduledAction- retrieve information about a scheduled actionquery.scheduledActions- retrieve information about multiple scheduled actions
- Action group requests
mutation.actionGroupCreate- create an action groupmutation.actionGroupDelete- delete an action groupquery.actionGroup- retrieve information about an action groupquery.actionGroups- retrieve information about multiple action groups
- Computer group requests
mutation.computerGroupCreate- create a computer group, filter group, or management rights groupmutation.computerGroupDelete- delete a computer group, filter group, or management rights groupquery.computerGroup- retrieve information about a computer groupquery.computerGroups- retrieve information about multiple computer groups
- Direct Connect requests
query.directEndpoint.performance.memoryUsedPercent- retrieve the percentage of memory used on an endpointquery.directEndpoint.performance.processes.all.cpuUsagePercent- retrieve an endpoint’s CPU usage percentage
- Endpoint requests
query.endpoints.edges.node.eidFirstSeen- retrieve the time an endpoint was first seenquery.endpoints.edges.node.eidLastSeen- retrieve the time an endpoint was most recently seenquery.endpoints.edges.node.installedApplications- retrieve the applications installed on endpointsquery.endpoints.edges.node.sentinel- retrieve endpoint Microsoft Sentinel informationquery.endpoints(source.tds.namespaces)- retrieve endpoint data from a configured namespacequery.endpoints(source.ts.maxAge)- retrieve sensor data, up to this maximum age in secondsquery.endpoints.edges.node.sensorReadings(sensors.maxAge)- retrieve sensor data, up to this maximum age in seconds
- Threat Response requests
mutation.threatResponseAlertResolve- Assign Resolved status to a Threat Response alert. This mutation request requires Threat Response.
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:
mutation.createActionis deprecated. Usemutation.scheduledActionCreateandmutation.actionPerforminstead.mutation.deleteActionis deprecated. Usemutation.scheduledActionDeleteinstead.query.directEndpoint.performance.memoryUsagePercentis deprecated. Usequery.directEndpoint.performance.memoryUsedPercentinstead.query.lastActionDetailsis deprecated. Usequery.scheduledAction.lastActioninstead.query.lastActionResultsis deprecated. Usequery.scheduledAction.lastAction.resultsinstead.
For more information, see Gateway User Guide: August 2022 deprecated fields.
Cloud Release Date: August 8, 2022
Improvements
- Upgraded various third-party libraries to most recent versions
Cloud Release Date: June 8, 2022
New Features
- For more information, see
EndpointRiskandEndpointCompliancein the Documentation Explorer.
- For more information, see
- The API Gateway now provides API token management (
query.myAPIToken,mutation.apiTokenGrant,mutation.apiTokenRevoke,mutation.apiTokenRotate) in the schema.- Integrations can automate creation and renewal of API tokens, supporting token rotation without manual intervention.
- The API Gateway now provides sensor registration with Tanium Data Service (
mutation.sensorHarvest), and retrieval of all platform (query.sensors (filter: {path: virtual, value: false}) and TDS-registered (query.sensors (filter: {path: virtual, value: true}) sensors.- Integrations can ensure the sensors they depend on are registered in TDS as part of their bootstrapping.
- Integrations can verify that the sensors they depend on are available in the platform before using them.
- The API Gateway now provides cursor refresh when using pagination by passing
refresh:<cursor-value>as an argument to the endpoints query.
Improvements
- Improved error messages for missing sensor parameters.
Resolved Issues
- Fixed an issue where the
endpoints.edges.node.diskSpacefield returned information for only the C drive on Windows endpoints.
TaaS Release Date: Mar 17, 2022
Resolved Issues
- Minor bug fixes.
Taas Release Date: March 1, 2022
New Features
- The Endpoints query now supports two additional filtering options, which allow users more control over which endpoints they receive data from:
- a computer group filter, using the filter syntax:
filter: {memberOf: {name: "computer-group-name"}} - a sensor readings filter, using the filter syntax:
filter: {sensor: {name: "sensor-name", value: “filter-value”}}
- a computer group filter, using the filter syntax:
- The API Gateway provides improved error handling for unavailable fields. Fields can be unavailable for a variety of reasons, including not registered for collection in TDS, or the underlying sensor not installed in the Tanium platform through either a module or solution. Whenever possible, the API Gateway returns all available fields and provides information in an error field about sensors that could not be returned. This capability makes it easier for integrators to build solutions for multiple customers who may have different Tanium modules and content solutions installed.
- Multiple fields have updated schema documentation to show which underlying sensors are used to collect information.
Resolved Issues
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
- Various bug fixes and enhancements
Taas Release Date: December 16, 2021
Resolved Issues
- Fixed a bug where all relevant sensors were not registered correctly in the Tanium Data Service.
- Fixed a bug where the networking.dnsServers field listed the previous value.
- Fixed a bug where querying the os.language field returned an error.
Taas Release Date: December 9, 2021
Updated December 10, 2021
Resolved Issues
- Minor bug fixes.
Known Issues
- To use sensors from the Tanium Data Service in the API Gateway, sensors must be registered with Tanium Data Service for collection. API Gateway does not automatically register some common sensors in the endpoints and assets queries with the Tanium Data Service. This will be resolved in an upcoming release. In the meantime, you can manually register sensors with Tanium Data Service to use in API Gateway. For steps on how to register sensors with the Tanium Data Service, see Tanium Console User Guide: Manage sensor results collection.
Taas Release Date: November 9, 2021
The API Gateway is a single and stable API integration point for the various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium Platform.
Important Notes
This release is the initial public release of Tanium API Gateway which delivers simplified integration capabilities for customer and partner developers to query data, perform actions on endpoints and deploy software from automated systems.
New Features
- API Gateway Query Explorer in the Shared Services menu of Tanium Console
- Documentation available at Gateway User Guide
Known Issues
- The endpoint.os.language field returns an error. This issue will be resolved in an upcoming release.
