Tanium Cloud Release Notes Gateway
Cloud Release Starting on: June 25, 2026
Resolved Issues
- Fixed an issue where an
endpointsquery filtering on multiple columns of a multi-line sensor usingrestrictOwnerflag could return endpoints not matching the filter when run with a session that had restricted management rights.
Cloud Release Starting on: June 17, 2026
Improvements
- The
sensorReadingandsensorReadingsfields are now exempt from the alias limit, allowing queries to use more than five aliases.
Resolved Issues
- Fixed an issue where queries using multiple
sensorReadingfields with filter arguments could fail or return incorrect results due to filter values being corrupted.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: June 4, 2026
Resolved Issues
- Fixed an issue where scheduling an action by package name could occasionally select the wrong package, causing the action to run with unintended settings.
- Fixed an issue where some sensors were incorrectly shown as available to query, causing queries against those sensors to fail.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: May 26, 2026
Improvements
- This release includes updates for internal code dependencies. These updates improve general stability.
Cloud Release Starting on: May 07, 2026
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: April 02, 2026
Resolved Issues
- Miscellaneous bug fixes and performance improvements.
Cloud Release Starting on: March 26, 2026
Resolved Issues
- This release contains updates to internal code dependencies.
Cloud Release Starting on: March 12, 2026
Resolved Issues
- Fixed an issue where
query.computerGroupfiltered by name returned an action group instead of a computer group when a same-named action group existed.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: February 25, 2026
Improvements
- An expiration limit of 30 days (2592000 seconds) is applied to
expireSecondsfield in the following action mutations -mutation.actionCreatemutation.scheduledActionCreatemutation.actionPerform
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: February 04, 2026
Improvements
- GraphQL schema documentation in the Tanium Gateway workbench now contains the stability level for each field.
Removed Fields
The following fields are end of support and are removed from Tanium Gateway:
- Risk Score 1.0 fields - Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.
query.endpoints.edges.node.riskquery.endpoints.edges.node.risk.assetCriticalityquery.endpoints.edges.node.risk.criticalityScorequery.endpoints.edges.node.risk.riskLevelquery.endpoints.edges.node.risk.totalScoresquery.endpoints.edges.node.risk.vectors
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: January 20, 2026
Resolved Issues
- Fixed an issue where the
negatedfield was ignored when used with the memberOf field inComputerGroupFilterandEndpointFieldFilter.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: December 08, 2025
Improvements
- Removed Tanium internal fields from the GraphQL Schema documentation. This change does not impact any queries using these fields, and the queries should continue to function normally.
- The following fields are added at stability 1.2 - Experimental (Release Candidate):
query.endpoints.edges.node.compliance.cveFindings.cvssScoreV4query.endpoints.edges.node.compliance.cveFindings.cvssSeverityV4query.endpoints.edges.node.compliance.cveFindings.epssScorequery.endpoints.edges.node.compliance.cveFindings.epssPercentilequery.endpoints.edges.node.compliance.cveFindings.cvssTemporalScoreV3query.endpoints.edges.node.compliance.cveFindings.cvssThreatScoreV4query.endpoints.edges.node.compliance.cveFindings.maxMaturityquery.endpoints.edges.node.compliance.cveFindings.aliasquery.endpoints.edges.node.compliance.cveFindings.cwesquery.endpoints.edges.node.compliance.cveFindings.mitreAttacksquery.endpoints.edges.node.compliance.cveFindings.mitreLinkquery.endpoints.edges.node.compliance.cveFindings.nistLinkquery.endpoints.edges.node.compliance.cveFindings.secpodLinkquery.endpoints.edges.node.compliance.cveFindings.solutionLinksquery.endpoints.edges.node.compliance.cveFindings.remediation
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: October 22, 2025
Improvements
- Added support for filtering by name in computerGroups query. An example usage is provided in Tanium Gateway User Guide: Gateway Examples.
Resolved Issues
- Fixed an issue where sensorHarvest mutation returned success for blocked sensors.
Cloud Release Starting on: September 23, 2025
Improvements
- Added support for metadata inputs in action mutations that are available in Gateway. An example usage is provided in Tanium Gateway User Guide: Gateway Examples.
- Improved support for filtering endpoints by using a list of row values for multi-column sensors.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: September 04, 2025
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: August 07, 2025
Improvements
- The following fields are added at stability 1.2 - Experimental (Release Candidate):
query.endpoints.edges.node.compliance.cveFindings.detectedCPEs- retrieve the detected CPEs for the CVE.query.endpoints.edges.node.compliance.cveFindings.detectedProducts- retrieve the detected products for the CVE.
- Implemented foundational improvements for upcoming support of additional endpoint types. This introduces the following fields at stability 1.1 - Experimental (Active Development)
query.endpoints.edges.node.entityProviderType- Provider Type of the entity.query.endpoints.edges.node.entityProviderName- If the entityProviderType value is Tanium Client, this value is Tanium. If the entityProviderType is configured by a user, this value is the entity provider instance name.query.endpoints.edges.node.entityType- Type of the entity.query.endpoints.edges.node.isEndpoint- Returns whether the entity is an endpoint.- Added EndpointScope filter with the following values-
TANIUM_CLIENTS- Filters entities where entityProviderType is ‘Tanium Client’.ALL_TS_SOURCED_ENTITIES- All available entities, including Tanium Client managed endpoints and entity provider managed entities, such as Intune mobile devices or OT devices.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: May 29, 2025
Improvements
- Moved deprecated date details in the Gateway schema documentation to the Deprecation Notice section of the fields for improved clarity.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: April 28, 2025
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: April 10, 2025
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: April 04, 2025
Resolved Issues
- Fixed an issue where actions created using packages with parameters and no verification query did not target any endpoints.
Cloud Release Starting on: March 24, 2025
Resolved Issues
- Fixed an issue with
mutation.actionCreate,mutation.actionPerformandmutation.scheduleActionCreatewhen using packages with parameters where verification queries would not run and would not return an appropriate status.
- Fixed an issue with the action query where
pendingVerificationresults improperly returned0instead of the actual result count.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: March 18, 2025
Improvements
- Improved the behavior of
mutation.manageSoftwareto allow only users with appropriate Management rights to create deployments.
Cloud Release Starting on: March 13, 2025
Resolved Issues
- Fixed an issue where deploying a package containing an odd number of double pipes would result in an internal error.
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: February 19, 2025
Security Update
- This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: January 21, 2025
Security Update
- This release includes security update for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Starting on: January 09, 2025
Improvements
- The name field is added to the TaniumPlatformUserPersona type at stability 1.1 - Experimental (Active Development). This affects the currentUserContext and other queries that return the TaniumPlatformUserPersona type.
- For example:
query.currentUserContext.persona.name- retrieves the active persona name for the current user.
- For example:
Resolved Issues
- Fixed an issue with the action query where
verifiedandfailedVerificationresults improperly returned0instead of the actual result count, and theidresult did not return a value.
Cloud Release Starting on: November 05, 2024
Improvements
- The following query is added at stability 1.1 - Experimental (Active Development)
query.managementRightsGroups- retrieve the list of management rights groups that apply to the requesting user and active persona. Please refer to the user guide for examples of this query.
- Improved schema documentation to provide the approximate month and year a field or query was deprecated. These deprecated fields and queries might be either replaced or removed in the future.
Cloud Release Start on: October 09, 2024
Security Update
- This release includes security update for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.
Cloud Release Start on: September 17, 2024
Improvements
- Improved schema documentation to indicate that
firstandlastfields for list queries return up to the requested count of records.
- The following field is added at stability 1.2 - Experimental (Release Candidate)
query.computerGroups.edges.node.modifiedTime- retrieve the time that a computer group was last updatedquery.computerGroup.modifiedTime- retrieve the time that the computer group was last updated
Resolved Issues
- Fixed an issue where specific sensors would not target any endpoints when deploying actions.
- Fixed an issue where submitting multiple requests using
mutation.actionPerformreturned an error message of "the parameter name is not valid" after the first request.
- Fixed an issue with the order of sensor parameters if an
endpointsquery request used thesensorReadingsfield.
Cloud Release Start on: September 5, 2024
Changes to included components
- Upgraded the internal dependency on JavaScript packages.
Cloud Release Start on: August 8, 2024
Improvements
- Improved schema documentation.
- Added the ability to add private APIs, for Tanium internal use, to the schema. Private APIs should not be used by customers, and no support is provided to customers that directly use private APIs. To identify private APIs, schema documentation for private APIs contains the following string: "This is intended for Tanium internal use and should not be used by customers."
Deprecated Fields
The following fields are changed to stability index 0 - Deprecated; support for these fields ends March 2026:
- Salesforce integration fields
mutation.deleteConfigurationItemElement- Gateway does not provide a replacement field.mutation.deleteRelationship- Gateway does not provide a replacement field.mutation.importConfigurationItemEntities- Gateway does not provide a replacement field.mutation.mergeConfigurationItemElements- Gateway does not provide a replacement field.mutation.syncAssets- Gateway does not provide a replacement field.mutation.updateConfigurationItemProperties- Gateway does not provide a replacement field.mutation.upsertRelationship- Gateway does not provide a replacement field.query.configurationItemEntities- Gateway does not provide a replacement field.query.configurationItemProperties- Gateway does not provide a replacement field.query.configurationItemRelationships- Gateway does not provide a replacement field.query.endpoints.edges.node.configurationItem- Gateway does not provide a replacement field.query.relationshipTypes- Gateway does not provide a replacement field.
- Risk Score 1.0 fields
query.endpoints.edges.node.risk- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.query.endpoints.edges.node.risk.assetCriticality- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.query.endpoints.edges.node.risk.criticalityScore- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.query.endpoints.edges.node.risk.riskLevel- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.query.endpoints.edges.node.risk.totalScores- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.query.endpoints.edges.node.risk.vectors- Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.
Security Updates
- This release includes security updates. An authorization check has been added to
mutation.apiTokenRotateto allow only the token owner to rotate a given API token. This update can affect existing integrations that utilizemutation.apiTokenRotate. As a workaround, integrations can still rotate tokens by callingmutation.apiTokenRotateand including the token to be rotated in the session header. Users are advised to review their existing integrations and reconfigure as needed.
Cloud Release Start on: July 22, 2024
Changes to included components
- Upgraded from Node 20.15.0 to Node 20.15.1.
Cloud Release Start on: July 8, 2024
Improvements
- Improved support for filtering endpoints by using a list of row values for multi-column sensors.
Changes to included components
- Upgraded from Node 18.20.2 to Node 20.15.0.
Resolved Issues
- Fixed an issue with the schema documentation to no longer augment with "Use of this field requires the Gateway solution" message.
- Miscellaneous bug fixes and improvements.
Cloud Release Start on: June 17, 2024
Improvements
- Improved schema documentation strings.
- Improved display for input fields to make it clearer when fields are deprecated.
New Fields
- The following fields are added at stability index
1.0 - Experimental (Early Development):query.endpointCounts (input.refresh)- refresh the endpoint counts collection identified by the given cursor, to retrieve results that might be slow to populate.query.endpointCounts.collectionInfo- retrieve information about the endpoint count collection, including the counts of endpoints that contribute to the collection, and cursor information.
Field Stability Index Changes
No fields changed stability index in this release.
Deprecated Fields
No fields are deprecated in this release.
Resolved Issues
- This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained from Tanium Resource Center, or by contacting support.
- Miscellaneous bug fixes and improvements.
Cloud Release Starting on: May 6, 2024
Improvements
- Improved filtering on the
query.endpointsfield. For child fields that support filtering using theFieldFilterobject, such asinstalledApplications,deployedSoftwarePackages,cveFindings, orsensorReadings, you can now negate theCONTAINSoperator, and filter to return results that do not contain the provided filter value. - Stability improvements.
- Error handling and message improvements.
New Fields
- The following field is added at stability index
1.1 - Experimental (Active Development):query.endpoints.collectionInfo.question.consoleURL- retrieve the URL of the Question Results page for this question in Tanium Console
Resolved Issues
- Fixed an issue where a validation error was occurring when trying to filter with an empty string using a
sensorReadingsfilter. - Fixed an issue where some virtual sensors were improperly labeled as sensors, instead of as virtual sensors.
Field Stability Index Changes
- The
query.endpoints (sort)field is changed to stability index3 - Stable.
Security Updates
- This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Community site, or by contacting support.
Cloud Release Starting on: April 16, 2024
Enhancements
- Improved stability.
Cloud Release Starting on: March 19, 2024
Improvements
- Miscellaneous improvements to error handling and error messages.
- Miscellaneous improvements to schema documentation rendering in the Documentation Explorer.
New Fields
- The following fields are added at stability index
1.0 - Experimental (Early Development):query.endpointCounts- retrieve endpoint counts matching the input sensor column valuesquery.endpointCounts.edges.node.columns- retrieve the sensor columns and values associated with the matching endpoint count>query.endpointCounts.edges.node.count- retrieve the endpoint count matching the input sensor column valuesquery.endpoints.collectionInfo.question.id- retrieve the ID of the question used to query the Tanium Server (ts) data source for endpoint information
- The following field is added at stability index
1.1 - Experimental (Active Development):query.endpoints.edges.node.sensorReading- retrieve endpoint data from a single sensor, and convert the sensor result data type
- The following field is added at stability index
1.2 - Experimental (Release Candidate):query.endpoints (sort)- sort the returned endpoints based on a single field or sensor column
- The following fields are added at stability index
3 - Stable:query.packageSpecs.edges.node.lastUpdatedBy- retrieve the last user to update a package spec objectquery.sensors.edges.node.lastUpdatedBy- retrieve the last user to update a sensor
Cloud Release Starting on: January 24, 2024
New Fields
- The following field is added at stability index
1.1 - Experimental (Active Development):query.currentUserContext- retrieve the current user and selected persona
- The following field is added at stability index
1.2 - Experimental (Release Candidate):query.actions- retrieve multiple actions
Resolved Issues
- Fixed an issue where queries with multiple values may result in an error.
Cloud Release Starting on: December 13, 2023
Improvements
- User Guide URLs in the workbench were updated to Tanium Resource Center.
Cloud Release Starting on: November 30, 2023
Resolved Issues
- Miscellaneous bug fixes.
Cloud Release Starting on: November 8, 2023
New Features
- Tanium API Gateway has been rebranded to Tanium Gateway.
- Prior release notes are available at the Tanium Resource Center.
- RBAC role names were updated to Gateway.
- Updated GraphiQL interface in the Gateway workbench.
Improvements
- Miscellaneous improvements to types and data storage.
New Fields
- The following fields are added at stability index
1.2 - Experimental (Release Candidate):query.endpoints.edges.node.compliance.complianceFindings.excepted- retrieve whether this compliance finding is exceptedquery.endpoints.edges.node.compliance.cveFindings.affectedProducts- retrieve the affected products associated with a CVEquery.endpoints.edges.node.compliance.cveFindings.cisaDateAdded- retrieve the date the vulnerability was added to the CISA KEV catalogquery.endpoints.edges.node.compliance.cveFindings.cisaDueDate- retrieve the CISA KEV entry due date for taking actionquery.endpoints.edges.node.compliance.cveFindings.cisaNotes- retrieve the CISA KEV entry notesquery.endpoints.edges.node.compliance.cveFindings.cisaProduct- retrieve the CISA KEV entry product informationquery.endpoints.edges.node.compliance.cveFindings.cisaRequiredAction- retrieve the CISA KEV entry listed action to address the vulnerabilityquery.endpoints.edges.node.compliance.cveFindings.cisaShortDescription- retrieve the CISA KEV entry short descriptionquery.endpoints.edges.node.compliance.cveFindings.cisaVendor- retrieve the CISA KEV entry vendor or project namequery.endpoints.edges.node.compliance.cveFindings.cisaVulnerabilityName- retrieve the CISA KEV entry vulnerability namequery.endpoints.edges.node.compliance.cveFindings.cpes- retrieve Common Platform Enumerations (CPE) associated with the CVEquery.endpoints.edges.node.compliance.cveFindings.excepted- retrieve whether this CVE finding is exceptedquery.endpoints.edges.node.compliance.cveFindings.isCisaKev- retrieve whether this CVE finding is included in the CISA KEV catalogquery.endpoints.edges.node.compliance.cveFindings.scanType- retrieve the method used to discover the vulnerability finding
Field Stability Index Changes
- The following field is changed to stability index
2 - Legacy:query.packagesis legacy. Usequery.packageSpecinstead, for improved pagination and parameter support.
Cloud Release Starting on: September 27, 2023
Improvements
- Improved error logging.
- Improved performance and stability.
- Improved schema descriptions for stable and legacy Direct Connect functionality.
Cloud Release Starting on: August 22, 2023
Improvements
- Improved error logging.
- Improved performance and stability.
- Improved schema descriptions for stable and legacy Direct Connect functionality.
New Fields
No new fields are introduced in this release.
Field Stability Index Changes
No fields changed stability index in this release.
Deprecated Fields
No fields are deprecated in this release.
Security Update
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
Cloud Release Starting on: July 24, 2023
Resolved Issues
- Miscellaneous bug fixes
Cloud Release Starting on: July 5, 2023
New Features
- The
endpointsquery filter now supportseidFirstSeenandeidLastSeen. - This release introduces the stability index for fields, to convey the level of support for a field.
0 - Deprecated: Deprecated fields stop receiving support.- Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability
0 - Deprecated.
- Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability
1.0 - Experimental (Early Development): Experimental fields in early development are not stable, and might change significantly.1.1 - Experimental (Active Development): Experimental fields in active development are not stable, and the implemented functionality is closer to meeting requirements than experimental fields in early development.1.2 - Experimental (Release Candidate): Experimental fields as release candidate are not stable, and the functionality is ready for evaluation.2 - Legacy: Legacy fields are not actively developed.3 - Stable: Stable fields have active support.- Existing fields in active support are changed to stability
3 - Stablein this release.
- Existing fields in active support are changed to stability
Improvements
- Added new limits on memory and concurrent responses to improve performance and resource allocation.
New Fields
The following new fields add new request functionality:
- Sensors requests
query.sensors (includeHidden)- include hidden sensors in the responsequery.sensors.edges.node.hidden- whether a sensor is hidden by default
Field Stability Index Changes
The following fields have an updated stability index:
- The following fields are changed to stability index
1.2 - Experimental (Release Candidate):query.directConnectEndpoint.performance._dev_query
- The following fields are changed to stability index
2 - Legacy:mutation.closeDirectConnectionis legacy. Usemutation.directConnectCloseinstead.mutation.killProcessis legacy. Usemutation.directConnectProcessTerminateinstead.mutation.openDirectConnectionis legacy. Usemutation.directConnectOpeninstead.mutation.pingDirectConnectionis legacy. Usemutation.directConnectPinginstead.query.directEndpointis legacy. Usequery.directConnectEndpointinstead.
- The following fields are changed to stability 3 - Deprecated.
query.endpointLastSeenis deprecated. Usequery.endpoints (filter: {path: id})to filter on endpoint ID, then includequery.endpoints.edges.node.eidLastSeenin the request.
Fields are changed to stability index 0 - Deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. For more information on stability index changes, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#jul_2023.
Cloud Release Starting on: June 7, 2023
New Fields
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings.absoluteFirstFoundDate- retrieve the first date a CVE was ever found on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.cveFindings.lastScanDate- retrieve the date a CVE was last scanned for on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.complianceFindings.firstFoundDate- retrieve the date a compliance issue was first found on an endpoint- Note that you cannot filter a Comply request on this field.
query.endpoints.edges.node.compliance.complianceFindings.lastScanDate- retrieve the date a compliance issue was last scanned for on an endpoint- Note that you cannot filter a Comply request on this field.
Resolved Issues
- Fixed an issue where max page size was not set to 5000
Cloud Release Starting on: May 8, 2023
Resolved Issues
- Miscellaneous bug fixes and supportability improvements
Cloud Release Starting on: May 1, 2023
New Features
Comparison operators (GT, GTE, LT, LTE) and the any operator can now be used in the endpoints query for line-based filters on sensor readings and registered fields.
New Fields
The following new fields add new request functionality:
- Direct Connect requests
mutation.directConnectClose- close an open Direct Connect connection with an endpointmutation.directConnectConnectionStatus- get the status of a Direct Connect connectionmutation.directConnectProcessTerminate- terminate the specified process on an endpoint using a Direct Connect connectionmutation.directConnectOpen- establish a Direct Connect connection with an endpointmutation.directConnectPing- ping an endpoint using a Direct Connect connectionquery.directConnectEndpoint- obtain data from an endpoint using a Direct Connect connection
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:
mutation.closeDirectConnectionis deprecated. Usemutation.directConnectCloseinstead.mutation.killProcessis deprecated. Usemutation.directConnectProcessTerminateinstead.mutation.openDirectConnectionis deprecated. Usemutation.directConnectOpeninstead.mutation.pingDirectConnectionis deprecated. Usemutation.directConnectPinginstead.query.directEndpointis deprecated. Usequery.directConnectEndpointinstead.
For more information, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#may_2023.
Fields No Longer Supported
The following fields, deprecated in November 2021, are no longer supported as of May 2023:
mutation.installSoftwareis no longer supported. Usemutation.manageSoftwareinstead.mutation.removeSoftwareis no longer supported. Usemutation.manageSoftwareinstead.mutation.upsertEntityis no longer supported. Usemutation.importConfigurationItemEntitiesinstead.query.directConnectionis no longer supported. Usequery.directConnectEndpointinstead.query.endpoints.edges.node.diskSpaceis no longer supported. Usequery.endpoints.edges.node.disksinstead.query.endpoints.edges.node.memory.usedis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.query.endpoints.edges.node.memory.usedPercentageis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.query.entitiesis no longer supported. Usequery.configIremEntitiesinstead.query.relationshipsis no longer supported. Usequery.configItemRelationshipsinstead.query.softwareis no longer supported. Usequery.softwarePackageinstead.query.directEndpoint.performance.memoryUsagePercentis no longer supported. Usequery.directConnectEndpoint.performance.memoryUsedPercentinstead.
Cloud Release Date: Jan 18, 2023
New Features
- The
endpointsquery now supports filtering capabilities for thecompliance.cveFindings,complianceFindings, andsensorReadingsfields.- The currently supported operations include:
EQ,CONTAINS,STARTS_WITH,ENDS_WITH, andMATCHES. - A new flag (
restrictOwner) controls whether the filter applies only to the sensor values or also restricts the participating endpoints. This defaults totrue. - Use of the compliance filters requires a Comply solution available by February 2023.
- The currently supported operations include:
- The
endpointsquery now supports the ability to filter out endpoints that containerroror[no results]in requested sensors. This can be configured through setting theexcludeErrorsorexcludeNoResultsflags in thetdsandtssources. - The
endpointsquery now omits hidden sensor columns from thesensorReadingsfield by default. Hidden columns will be displayed if they are selected explicitly by name, or if the newincludeHiddenColumnsargument is given with atruevalue.
New Fields
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings (filter)- filter endpoint results based on CVE findings field valuesquery.endpoints.edges.node.compliance.complianceFindings (filter)- filter endpoints results based on compliance findings field values
- Endpoint requests
query.endpoints (filter.memberOf.id)- filter endpoint results based on computer group membership, referencing the computer group IDquery.endpoints (source.tds.excludeErrors)- exclude endpoint results that contain common errors in returned field values from the Tanium Data Service sourcequery.endpoints (source.tds.excludeNoResults)- exclude endpoint results that contain[no results]in returned field values from the Tanium Data Service sourcequery.endpoints (source.ts.excludeErrors)- exclude endpoint results that contain common errors in returned field values from the Tanium Server sourcequery.endpoints (source.ts.excludeNoResults)- exclude endpoint results that contain[no results]in returned field values from the Tanium Server source- query.endpoints.edges.node.sensorReadings (includeHiddenColumns) - return hidden sensor columns in the response
query.endpoints.edges.node.sensorReadings (sensors.filter)- filter endpoint results based on sensor reading column values
- Sensor requests
query.sensors.edges.node.columns.hidden- return whether a sensor column is hidden or not hidden by default
Deprecated Fields
No fields are deprecated in this release. Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.
Improvements
- The
endpointsquerytsdata source honors itsmaxWaitTimeargument and computes success correctly. - The
endpointsquery no longer requires column names to be specified for filters on multi-column sensors when using theUPDATED_AFTERorCREATED_AFTERoperators with thetdsdata source. - The
endpointsquery allows much larger responses when used with thetdsdata source.
Cloud Release Date: Nov 17, 2022
Resolved Issues
- Minor bug fixes.
TaaS Release Date: Nov 09, 2022
New Features
- Improved subgraph federation.
New Fields available today
The following new fields add new request functionality:
- Comply requests
query.endpoints.edges.node.compliance.cveFindings.cvssScoreV3- retrieve CVSS v3 scorequery.endpoints.edges.node.compliance.cveFindings.severityV3- retrieve CVSS v3 severity
- Direct Connect requests
query.directEndpoint.alerts.all (scope.startTime, endTime)- define a lookback period for retrieving alerts
- Endpoint requests
query.endpoints.edges.node.sensorReadings.columns- retrieve specified sensor columns and values
New Fields available in a future release of Asset and Reporting
This version of API Gateway adds support for the following new fields once future versions of Asset and Reporting are released. These fields will not be functional until the Asset and Reporting teams announce their support:
- Asset requests (requires a future release of Asset)
mutation.assetsImport- import assets, creating assets or updating existing assets
- Reporting requests (requires a future release of Reporting)
mutation.reportImport- import a previously exported report definitionquery.reportExport- export a report definitionquery.reportResultData- retrieve report dataquery.reports- retrieve report definitionsquery.report (ref)- retrieve report definition by ID
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.
The following fields are deprecated in favor of new fields:
query.endpoints.edges.node.softwareis deprecated. Usequery.endpoints.edges.node.installedApplicationsandquery.endpoints.edges.node.deployedSoftwarePackagesinstead.
For more information, see API Gateway User Guide: November 2022 deprecated fields.
Improvements
- Added Comply CVSS v3 scoring to API Gateway schema.
- Improved error logging.
Resolved Issues
- Various bug fixes
Cloud Release Date: Oct 25, 2022
Resolved Issues
- Minor bug fixes.
TaaS Release Date: Oct 4, 2022
Resolved Issues
- Minor bug fixes.
Cloud Release Date: August 30, 2022
New Fields
The following new fields add new request functionality:
- Action requests
mutation.actionPerform- run one of an enumerated list of action operations on endpointsmutation.actionStop- stop an actionmutation.scheduledActionApprove- approve a scheduled actionmutation.scheduledActionCreate- create a scheduled actionmutation.scheduledActionDelete- delete an action or scheduled actionquery.packageSpecs- retrieve information about a package specquery.scheduledAction- retrieve information about a scheduled actionquery.scheduledActions- retrieve information about multiple scheduled actions
- Action group requests
mutation.actionGroupCreate- create an action groupmutation.actionGroupDelete- delete an action groupquery.actionGroup- retrieve information about an action groupquery.actionGroups- retrieve information about multiple action groups
- Computer group requests
mutation.computerGroupCreate- create a computer group, filter group, or management rights groupmutation.computerGroupDelete- delete a computer group, filter group, or management rights groupquery.computerGroup- retrieve information about a computer groupquery.computerGroups- retrieve information about multiple computer groups
- Direct Connect requests
query.directEndpoint.performance.memoryUsedPercent- retrieve the percentage of memory used on an endpointquery.directEndpoint.performance.processes.all.cpuUsagePercent- retrieve an endpoint’s CPU usage percentage
- Endpoint requests
query.endpoints.edges.node.eidFirstSeen- retrieve the time an endpoint was first seenquery.endpoints.edges.node.eidLastSeen- retrieve the time an endpoint was most recently seenquery.endpoints.edges.node.installedApplications- retrieve the applications installed on endpointsquery.endpoints.edges.node.sentinel- retrieve endpoint Microsoft Sentinel informationquery.endpoints(source.tds.namespaces)- retrieve endpoint data from a configured namespacequery.endpoints(source.ts.maxAge)- retrieve sensor data, up to this maximum age in secondsquery.endpoints.edges.node.sensorReadings(sensors.maxAge)- retrieve sensor data, up to this maximum age in seconds
- Threat Response requests
mutation.threatResponseAlertResolve- Assign Resolved status to a Threat Response alert. This mutation request requires Threat Response.
Deprecated Fields
Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:
mutation.createActionis deprecated. Usemutation.scheduledActionCreateandmutation.actionPerforminstead.mutation.deleteActionis deprecated. Usemutation.scheduledActionDeleteinstead.query.directEndpoint.performance.memoryUsagePercentis deprecated. Usequery.directEndpoint.performance.memoryUsedPercentinstead.query.lastActionDetailsis deprecated. Usequery.scheduledAction.lastActioninstead.query.lastActionResultsis deprecated. Usequery.scheduledAction.lastAction.resultsinstead.
For more information, see Gateway User Guide: August 2022 deprecated fields.
Cloud Release Date: August 8, 2022
Improvements
- Upgraded various third-party libraries to most recent versions
Cloud Release Date: June 8, 2022
New Features
- For more information, see
EndpointRiskandEndpointCompliancein the Documentation Explorer.
- For more information, see
- The API Gateway now provides API token management (
query.myAPIToken,mutation.apiTokenGrant,mutation.apiTokenRevoke,mutation.apiTokenRotate) in the schema.- Integrations can automate creation and renewal of API tokens, supporting token rotation without manual intervention.
- The API Gateway now provides sensor registration with Tanium Data Service (
mutation.sensorHarvest), and retrieval of all platform (query.sensors (filter: {path: virtual, value: false}) and TDS-registered (query.sensors (filter: {path: virtual, value: true}) sensors.- Integrations can ensure the sensors they depend on are registered in TDS as part of their bootstrapping.
- Integrations can verify that the sensors they depend on are available in the platform before using them.
- The API Gateway now provides cursor refresh when using pagination by passing
refresh:<cursor-value>as an argument to the endpoints query.
Improvements
- Improved error messages for missing sensor parameters.
Resolved Issues
- Fixed an issue where the
endpoints.edges.node.diskSpacefield returned information for only the C drive on Windows endpoints.
TaaS Release Date: Mar 17, 2022
Resolved Issues
- Minor bug fixes.
Taas Release Date: March 1, 2022
New Features
- The Endpoints query now supports two additional filtering options, which allow users more control over which endpoints they receive data from:
- a computer group filter, using the filter syntax:
filter: {memberOf: {name: "computer-group-name"}} - a sensor readings filter, using the filter syntax:
filter: {sensor: {name: "sensor-name", value: “filter-value”}}
- a computer group filter, using the filter syntax:
- The API Gateway provides improved error handling for unavailable fields. Fields can be unavailable for a variety of reasons, including not registered for collection in TDS, or the underlying sensor not installed in the Tanium platform through either a module or solution. Whenever possible, the API Gateway returns all available fields and provides information in an error field about sensors that could not be returned. This capability makes it easier for integrators to build solutions for multiple customers who may have different Tanium modules and content solutions installed.
- Multiple fields have updated schema documentation to show which underlying sensors are used to collect information.
Resolved Issues
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
- Various bug fixes and enhancements
Taas Release Date: December 16, 2021
Resolved Issues
- Fixed a bug where all relevant sensors were not registered correctly in the Tanium Data Service.
- Fixed a bug where the networking.dnsServers field listed the previous value.
- Fixed a bug where querying the os.language field returned an error.
Taas Release Date: December 9, 2021
Updated December 10, 2021
Resolved Issues
- Minor bug fixes.
Known Issues
- To use sensors from the Tanium Data Service in the API Gateway, sensors must be registered with Tanium Data Service for collection. API Gateway does not automatically register some common sensors in the endpoints and assets queries with the Tanium Data Service. This will be resolved in an upcoming release. In the meantime, you can manually register sensors with Tanium Data Service to use in API Gateway. For steps on how to register sensors with the Tanium Data Service, see Tanium Console User Guide: Manage sensor results collection.
Taas Release Date: November 9, 2021
The API Gateway is a single and stable API integration point for the various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium Platform.
Important Notes
This release is the initial public release of Tanium API Gateway which delivers simplified integration capabilities for customer and partner developers to query data, perform actions on endpoints and deploy software from automated systems.
New Features
- API Gateway Query Explorer in the Shared Services menu of Tanium Console
- Documentation available at Gateway User Guide
Known Issues
- The endpoint.os.language field returns an error. This issue will be resolved in an upcoming release.
