IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Tanium Cloud Release Notes API Gateway

From Tanium Knowledge Base
Jump to navigation Jump to search

This page is deprecated. Future release notes will be available under Tanium Gateway at the Tanium Resource Center. See also Tanium Cloud Release Notes Gateway.

Cloud Release Starting on: November 8, 2023

New Features

  • Tanium API Gateway has been rebranded to Tanium Gateway.
  • RBAC role names were updated to Gateway.
  • Updated GraphiQL interface in the Gateway workbench.

Improvements

  • Miscellaneous improvements to types and data storage.

New Fields

  • The following fields are added at stability index 1.2 - Experimental (Release Candidate):
    • query.endpoints.edges.node.compliance.complianceFindings.excepted - retrieve whether this compliance finding is excepted
    • query.endpoints.edges.node.compliance.cveFindings.affectedProducts - retrieve the affected products associated with a CVE
    • query.endpoints.edges.node.compliance.cveFindings.cisaDateAdded - retrieve the date the vulnerability was added to the CISA KEV catalog
    • query.endpoints.edges.node.compliance.cveFindings.cisaDueDate - retrieve the CISA KEV entry due date for taking action
    • query.endpoints.edges.node.compliance.cveFindings.cisaNotes - retrieve the CISA KEV entry notes
    • query.endpoints.edges.node.compliance.cveFindings.cisaProduct - retrieve the CISA KEV entry product information
    • query.endpoints.edges.node.compliance.cveFindings.cisaRequiredAction - retrieve the CISA KEV entry listed action to address the vulnerability
    • query.endpoints.edges.node.compliance.cveFindings.cisaShortDescription - retrieve the CISA KEV entry short description
    • query.endpoints.edges.node.compliance.cveFindings.cisaVendor - retrieve the CISA KEV entry vendor or project name
    • query.endpoints.edges.node.compliance.cveFindings.cisaVulnerabilityName - retrieve the CISA KEV entry vulnerability name
    • query.endpoints.edges.node.compliance.cveFindings.cpes - retrieve Common Platform Enumerations (CPE) associated with the CVE
    • query.endpoints.edges.node.compliance.cveFindings.excepted - retrieve whether this CVE finding is excepted
    • query.endpoints.edges.node.compliance.cveFindings.isCisaKev - retrieve whether this CVE finding is included in the CISA KEV catalog
    • query.endpoints.edges.node.compliance.cveFindings.scanType - retrieve the method used to discover the vulnerability finding

Field Stability Index Changes

  • The following field is changed to stability index 2 - Legacy:
    • query.packages is legacy. Use query.packageSpec instead, for improved pagination and parameter support.

Resolved Issues

  • Miscellaneous improvements for future solution integrations.

Cloud Release Starting on: September 27, 2023

Improvements

  • Improved error logging.
  • Improved performance and stability.
  • Improved schema descriptions for stable and legacy Direct Connect functionality.

Resolved Issues

  • Miscellaneous improvements for future solution integrations.

Cloud Release Starting on: August 22, 2023

Resolved Issues

  • Miscellaneous improvements for future solution integrations.

Improvements

  • Improved error logging.
  • Improved performance and stability.
  • Improved schema descriptions for stable and legacy Direct Connect functionality.

New Fields

No new fields are introduced in this release.

Field Stability Index Changes

No fields changed stability index in this release.

Deprecated Fields

No fields are deprecated in this release.

Security Update

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.


Cloud Release Starting on: July 24, 2023

Resolved Issues

  • Miscellaneous bug fixes


Cloud Release Starting on: July 5, 2023

New Features

  • The endpoints query filter now supports eidFirstSeen and eidLastSeen.
  • This release introduces the stability index for fields, to convey the level of support for a field.
    • 0 - Deprecated: Deprecated fields stop receiving support.
      • Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability 0 - Deprecated.
    • 1.0 - Experimental (Early Development): Experimental fields in early development are not stable, and might change significantly.
    • 1.1 - Experimental (Active Development): Experimental fields in active development are not stable, and the implemented functionality is closer to meeting requirements than experimental fields in early development.
    • 1.2 - Experimental (Release Candidate): Experimental fields as release candidate are not stable, and the functionality is ready for evaluation.
    • 2 - Legacy: Legacy fields are not actively developed.
    • 3 - Stable: Stable fields have active support.
      • Existing fields in active support are changed to stability 3 - Stable in this release.

Improvements

  • Added new limits on memory and concurrent responses to improve performance and resource allocation.

New Fields

The following new fields add new request functionality:

  • Sensors requests
    • query.sensors (includeHidden) - include hidden sensors in the response
    • query.sensors.edges.node.hidden - whether a sensor is hidden by default

Field Stability Index Changes

The following fields have an updated stability index:

  • The following fields are changed to stability index 1.2 - Experimental (Release Candidate):
    • query.directConnectEndpoint.performance._dev_query
  • The following fields are changed to stability index 2 - Legacy:
    • mutation.closeDirectConnection is legacy. Use mutation.directConnectClose instead.
    • mutation.killProcess is legacy. Use mutation.directConnectProcessTerminate instead.
    • mutation.openDirectConnection is legacy. Use mutation.directConnectOpen instead.
    • mutation.pingDirectConnection is legacy. Use mutation.directConnectPing instead.
    • query.directEndpoint is legacy. Use query.directConnectEndpoint instead.
  • The following fields are changed to stability 3 - Deprecated.
    • query.endpointLastSeen is deprecated. Use query.endpoints (filter: {path: id}) to filter on endpoint ID, then include query.endpoints.edges.node.eidLastSeen in the request.

Fields are changed to stability index 0 - Deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. For more information on stability index changes, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#jul_2023.

Resolved Issues

  • Miscellaneous improvements for future solution integrations

Cloud Release Starting on: June 7, 2023

New Fields

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings.absoluteFirstFoundDate - retrieve the first date a CVE was ever found on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.cveFindings.lastScanDate - retrieve the date a CVE was last scanned for on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.complianceFindings.firstFoundDate - retrieve the date a compliance issue was first found on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.complianceFindings.lastScanDate - retrieve the date a compliance issue was last scanned for on an endpoint
      • Note that you cannot filter a Comply request on this field.

Resolved Issues

  • Fixed an issue where max page size was not set to 5000

Cloud Release Starting on: May 8, 2023

Resolved Issues

  • Miscellaneous bug fixes and supportability improvements

Cloud Release Starting on: May 1, 2023

New Features

Comparison operators (GT, GTE, LT, LTE) and the any operator can now be used in the endpoints query for line-based filters on sensor readings and registered fields.

New Fields

The following new fields add new request functionality:

  • Direct Connect requests
    • mutation.directConnectClose - close an open Direct Connect connection with an endpoint
    • mutation.directConnectConnectionStatus - get the status of a Direct Connect connection
    • mutation.directConnectProcessTerminate - terminate the specified process on an endpoint using a Direct Connect connection
    • mutation.directConnectOpen - establish a Direct Connect connection with an endpoint
    • mutation.directConnectPing - ping an endpoint using a Direct Connect connection
    • query.directConnectEndpoint - obtain data from an endpoint using a Direct Connect connection

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:

  • mutation.closeDirectConnection is deprecated. Use mutation.directConnectClose instead.
  • mutation.killProcess is deprecated. Use mutation.directConnectProcessTerminate instead.
  • mutation.openDirectConnection is deprecated. Use mutation.directConnectOpen instead.
  • mutation.pingDirectConnection is deprecated. Use mutation.directConnectPing instead.
  • query.directEndpoint is deprecated. Use query.directConnectEndpoint instead.

For more information, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#may_2023.

Fields No Longer Supported

The following fields, deprecated in November 2021, are no longer supported as of May 2023:

  • mutation.installSoftware is no longer supported. Use mutation.manageSoftware instead.
  • mutation.removeSoftware is no longer supported. Use mutation.manageSoftware instead.
  • mutation.upsertEntity is no longer supported. Use mutation.importConfigurationItemEntities instead.
  • query.directConnection is no longer supported. Use query.directConnectEndpoint instead.
  • query.endpoints.edges.node.diskSpace is no longer supported. Use query.endpoints.edges.node.disks instead.
  • query.endpoints.edges.node.memory.used is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.
  • query.endpoints.edges.node.memory.usedPercentage is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.
  • query.entities is no longer supported. Use query.configIremEntities instead.
  • query.relationships is no longer supported. Use query.configItemRelationships instead.
  • query.software is no longer supported. Use query.softwarePackage instead.
  • query.directEndpoint.performance.memoryUsagePercent is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.


Cloud Release Date: Jan 18, 2023

New Features

  • The endpoints query now supports filtering capabilities for the compliance.cveFindings, complianceFindings, and sensorReadings fields.
    • The currently supported operations include: EQ, CONTAINS, STARTS_WITH, ENDS_WITH, and MATCHES.
    • A new flag (restrictOwner) controls whether the filter applies only to the sensor values or also restricts the participating endpoints. This defaults to true.
    • Use of the compliance filters requires a Comply solution available by February 2023.
  • The endpoints query now supports the ability to filter out endpoints that contain error or [no results] in requested sensors. This can be configured through setting the excludeErrors or excludeNoResults flags in the tds and ts sources.
  • The endpoints query now omits hidden sensor columns from the sensorReadings field by default. Hidden columns will be displayed if they are selected explicitly by name, or if the new includeHiddenColumns argument is given with a true value.

New Fields

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings (filter) - filter endpoint results based on CVE findings field values
    • query.endpoints.edges.node.compliance.complianceFindings (filter) - filter endpoints results based on compliance findings field values
  • Endpoint requests
    • query.endpoints (filter.memberOf.id) - filter endpoint results based on computer group membership, referencing the computer group ID
    • query.endpoints (source.tds.excludeErrors) - exclude endpoint results that contain common errors in returned field values from the Tanium Data Service source
    • query.endpoints (source.tds.excludeNoResults) - exclude endpoint results that contain [no results] in returned field values from the Tanium Data Service source
    • query.endpoints (source.ts.excludeErrors) - exclude endpoint results that contain common errors in returned field values from the Tanium Server source
    • query.endpoints (source.ts.excludeNoResults) - exclude endpoint results that contain [no results] in returned field values from the Tanium Server source
    • query.endpoints.edges.node.sensorReadings (includeHiddenColumns) - return hidden sensor columns in the response
    • query.endpoints.edges.node.sensorReadings (sensors.filter) - filter endpoint results based on sensor reading column values
  • Sensor requests
    • query.sensors.edges.node.columns.hidden - return whether a sensor column is hidden or not hidden by default

Deprecated Fields

No fields are deprecated in this release. Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.

Improvements

  • The endpoints query ts data source honors its maxWaitTime argument and computes success correctly.
  • The endpoints query no longer requires column names to be specified for filters on multi-column sensors when using the UPDATED_AFTER or CREATED_AFTER operators with the tds data source.
  • The endpoints query allows much larger responses when used with the tds data source.

Cloud Release Date: Nov 17, 2022

Resolved Issues

  • Minor bug fixes.


TaaS Release Date: Nov 09, 2022

New Features

  • Improved subgraph federation.

New Fields available today

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings.cvssScoreV3 - retrieve CVSS v3 score
    • query.endpoints.edges.node.compliance.cveFindings.severityV3 - retrieve CVSS v3 severity
  • Direct Connect requests
    • query.directEndpoint.alerts.all (scope.startTime, endTime) - define a lookback period for retrieving alerts
  • Endpoint requests
    • query.endpoints.edges.node.sensorReadings.columns - retrieve specified sensor columns and values

New Fields available in a future release of Asset and Reporting

This version of API Gateway adds support for the following new fields once future versions of Asset and Reporting are released. These fields will not be functional until the Asset and Reporting teams announce their support:

  • Asset requests (requires a future release of Asset)
    • mutation.assetsImport - import assets, creating assets or updating existing assets
  • Reporting requests (requires a future release of Reporting)
    • mutation.reportImport - import a previously exported report definition
    • query.reportExport - export a report definition
    • query.reportResultData - retrieve report data
    • query.reports - retrieve report definitions
    • query.report (ref) - retrieve report definition by ID

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.

The following fields are deprecated in favor of new fields:

  • query.endpoints.edges.node.software is deprecated. Use query.endpoints.edges.node.installedApplications and query.endpoints.edges.node.deployedSoftwarePackages instead.

For more information, see API Gateway User Guide: November 2022 deprecated fields.

Improvements

  • Added Comply CVSS v3 scoring to API Gateway schema.
  • Improved error logging.

Resolved Issues

  • Various bug fixes

Cloud Release Date: Oct 25, 2022

Resolved Issues

  • Minor bug fixes.

TaaS Release Date: Oct 4, 2022

Resolved Issues

  • Minor bug fixes.

Cloud Release Date: August 30, 2022

New Fields

The following new fields add new request functionality:

  • Action requests
    • mutation.actionPerform - run one of an enumerated list of action operations on endpoints
    • mutation.actionStop - stop an action
    • mutation.scheduledActionApprove - approve a scheduled action
    • mutation.scheduledActionCreate - create a scheduled action
    • mutation.scheduledActionDelete - delete an action or scheduled action
    • query.packageSpecs - retrieve information about a package spec
    • query.scheduledAction - retrieve information about a scheduled action
    • query.scheduledActions - retrieve information about multiple scheduled actions
  • Action group requests
    • mutation.actionGroupCreate - create an action group
    • mutation.actionGroupDelete - delete an action group
    • query.actionGroup - retrieve information about an action group
    • query.actionGroups - retrieve information about multiple action groups
  • Computer group requests
    • mutation.computerGroupCreate - create a computer group, filter group, or management rights group
    • mutation.computerGroupDelete - delete a computer group, filter group, or management rights group
    • query.computerGroup - retrieve information about a computer group
    • query.computerGroups - retrieve information about multiple computer groups
  • Direct Connect requests
    • query.directEndpoint.performance.memoryUsedPercent - retrieve the percentage of memory used on an endpoint
    • query.directEndpoint.performance.processes.all.cpuUsagePercent - retrieve an endpoint’s CPU usage percentage
  • Endpoint requests
    • query.endpoints.edges.node.eidFirstSeen - retrieve the time an endpoint was first seen
    • query.endpoints.edges.node.eidLastSeen - retrieve the time an endpoint was most recently seen
    • query.endpoints.edges.node.installedApplications - retrieve the applications installed on endpoints
    • query.endpoints.edges.node.sentinel - retrieve endpoint Microsoft Sentinel information
    • query.endpoints(source.tds.namespaces) - retrieve endpoint data from a configured namespace
    • query.endpoints(source.ts.maxAge) - retrieve sensor data, up to this maximum age in seconds
    • query.endpoints.edges.node.sensorReadings(sensors.maxAge) - retrieve sensor data, up to this maximum age in seconds
  • Threat Response requests
    • mutation.threatResponseAlertResolve - Assign Resolved status to a Threat Response alert. This mutation request requires Threat Response.

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:

  • mutation.createAction is deprecated. Use mutation.scheduledActionCreate and mutation.actionPerform instead.
  • mutation.deleteAction is deprecated. Use mutation.scheduledActionDelete instead.
  • query.directEndpoint.performance.memoryUsagePercent is deprecated. Use query.directEndpoint.performance.memoryUsedPercent instead.
  • query.lastActionDetails is deprecated. Use query.scheduledAction.lastAction instead.
  • query.lastActionResults is deprecated. Use query.scheduledAction.lastAction.results instead.

For more information, see Gateway User Guide: August 2022 deprecated fields.

Cloud Release Date: August 8, 2022

Improvements

  • Upgraded various third-party libraries to most recent versions

Cloud Release Date: June 8, 2022

New Features

    • For more information, see EndpointRisk and EndpointCompliance in the Documentation Explorer.
  • The API Gateway now provides API token management (query.myAPIToken, mutation.apiTokenGrant, mutation.apiTokenRevoke, mutation.apiTokenRotate) in the schema.
    • Integrations can automate creation and renewal of API tokens, supporting token rotation without manual intervention.
  • The API Gateway now provides sensor registration with Tanium Data Service (mutation.sensorHarvest), and retrieval of all platform (query.sensors (filter: {path: virtual, value: false}) and TDS-registered (query.sensors (filter: {path: virtual, value: true}) sensors.
    • Integrations can ensure the sensors they depend on are registered in TDS as part of their bootstrapping.
    • Integrations can verify that the sensors they depend on are available in the platform before using them.
  • The API Gateway now provides cursor refresh when using pagination by passing refresh:<cursor-value> as an argument to the endpoints query.

Improvements

  • Improved error messages for missing sensor parameters.

Resolved Issues

  • Fixed an issue where the endpoints.edges.node.diskSpace field returned information for only the C drive on Windows endpoints.

TaaS Release Date: Mar 17, 2022

Resolved Issues

  • Minor bug fixes.

Taas Release Date: March 1, 2022

New Features

  • The Endpoints query now supports two additional filtering options, which allow users more control over which endpoints they receive data from:
    • a computer group filter, using the filter syntax:
      filter: {memberOf: {name: "computer-group-name"}}
    • a sensor readings filter, using the filter syntax:
      filter: {sensor: {name: "sensor-name", value: “filter-value”}}
  • The API Gateway provides improved error handling for unavailable fields. Fields can be unavailable for a variety of reasons, including not registered for collection in TDS, or the underlying sensor not installed in the Tanium platform through either a module or solution. Whenever possible, the API Gateway returns all available fields and provides information in an error field about sensors that could not be returned. This capability makes it easier for integrators to build solutions for multiple customers who may have different Tanium modules and content solutions installed.
  • Multiple fields have updated schema documentation to show which underlying sensors are used to collect information.

Resolved Issues

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
  • Various bug fixes and enhancements

Taas Release Date: December 16, 2021

Resolved Issues

  • Fixed a bug where all relevant sensors were not registered correctly in the Tanium Data Service.
  • Fixed a bug where the networking.dnsServers field listed the previous value.
  • Fixed a bug where querying the os.language field returned an error.


Taas Release Date: December 9, 2021

Updated December 10, 2021

Resolved Issues

  • Minor bug fixes.

Known Issues

  • To use sensors from the Tanium Data Service in the API Gateway, sensors must be registered with Tanium Data Service for collection. API Gateway does not automatically register some common sensors in the endpoints and assets queries with the Tanium Data Service. This will be resolved in an upcoming release. In the meantime, you can manually register sensors with Tanium Data Service to use in API Gateway. For steps on how to register sensors with the Tanium Data Service, see Tanium Console User Guide: Manage sensor results collection.

Taas Release Date: November 9, 2021

The API Gateway is a single and stable API integration point for the various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium Platform.

Important Notes

This release is the initial public release of Tanium API Gateway which delivers simplified integration capabilities for customer and partner developers to query data, perform actions on endpoints and deploy software from automated systems.

New Features

  • API Gateway Query Explorer in the Shared Services menu of Tanium Console
  • Documentation available at Gateway User Guide

Known Issues

  • The endpoint.os.language field returns an error. This issue will be resolved in an upcoming release.