IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Tanium Cloud Release Notes Gateway

From Tanium Knowledge Base
Jump to navigation Jump to search

Cloud Release Starting on: June 25, 2026

Resolved Issues

  • Fixed an issue where an endpoints query filtering on multiple columns of a multi-line sensor using restrictOwner flag could return endpoints not matching the filter when run with a session that had restricted management rights.

Cloud Release Starting on: June 17, 2026

Improvements

  • The sensorReading and sensorReadings fields are now exempt from the alias limit, allowing queries to use more than five aliases.

Resolved Issues

  • Fixed an issue where queries using multiple sensorReading fields with filter arguments could fail or return incorrect results due to filter values being corrupted.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: June 4, 2026

Resolved Issues

  • Fixed an issue where scheduling an action by package name could occasionally select the wrong package, causing the action to run with unintended settings.
  • Fixed an issue where some sensors were incorrectly shown as available to query, causing queries against those sensors to fail.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: May 26, 2026

Improvements

  • This release includes updates for internal code dependencies. These updates improve general stability.

Cloud Release Starting on: May 07, 2026

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: April 02, 2026

Resolved Issues

  • Miscellaneous bug fixes and performance improvements.

Cloud Release Starting on: March 26, 2026

Resolved Issues

  • This release contains updates to internal code dependencies.

Cloud Release Starting on: March 12, 2026

Resolved Issues

  • Fixed an issue where query.computerGroup filtered by name returned an action group instead of a computer group when a same-named action group existed.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: February 25, 2026

Improvements

  • An expiration limit of 30 days (2592000 seconds) is applied to expireSeconds field in the following action mutations - 
    • mutation.actionCreate
    • mutation.scheduledActionCreate
    • mutation.actionPerform

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: February 04, 2026

Improvements

  • GraphQL schema documentation in the Tanium Gateway workbench now contains the stability level for each field.

Removed Fields

The following fields are end of support and are removed from Tanium Gateway: 

  • Risk Score 1.0 fields - Use Risk Score 2.0 instead, which aligns to the newest Benchmark product data. For more information, see Tanium Benchmark User Guide: Evaluating your risk score.
    • query.endpoints.edges.node.risk
    • query.endpoints.edges.node.risk.assetCriticality
    • query.endpoints.edges.node.risk.criticalityScore
    • query.endpoints.edges.node.risk.riskLevel
    • query.endpoints.edges.node.risk.totalScores
    • query.endpoints.edges.node.risk.vectors

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: January 20, 2026

Resolved Issues

  • Fixed an issue where the negated field was ignored when used with the memberOf field in ComputerGroupFilter and EndpointFieldFilter.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: December 08, 2025

Improvements

  • Removed Tanium internal fields from the GraphQL Schema documentation. This change does not impact any queries using these fields, and the queries should continue to function normally.
  • The following fields are added at stability 1.2 - Experimental (Release Candidate):
    • query.endpoints.edges.node.compliance.cveFindings.cvssScoreV4
    • query.endpoints.edges.node.compliance.cveFindings.cvssSeverityV4
    • query.endpoints.edges.node.compliance.cveFindings.epssScore
    • query.endpoints.edges.node.compliance.cveFindings.epssPercentile
    • query.endpoints.edges.node.compliance.cveFindings.cvssTemporalScoreV3
    • query.endpoints.edges.node.compliance.cveFindings.cvssThreatScoreV4
    • query.endpoints.edges.node.compliance.cveFindings.maxMaturity
    • query.endpoints.edges.node.compliance.cveFindings.alias
    • query.endpoints.edges.node.compliance.cveFindings.cwes
    • query.endpoints.edges.node.compliance.cveFindings.mitreAttacks
    • query.endpoints.edges.node.compliance.cveFindings.mitreLink
    • query.endpoints.edges.node.compliance.cveFindings.nistLink
    • query.endpoints.edges.node.compliance.cveFindings.secpodLink
    • query.endpoints.edges.node.compliance.cveFindings.solutionLinks
    • query.endpoints.edges.node.compliance.cveFindings.remediation

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: October 22, 2025

Improvements

Resolved Issues

  • Fixed an issue where sensorHarvest mutation returned success for blocked sensors.

Cloud Release Starting on: September 23, 2025

Improvements

  • Added support for metadata inputs in action mutations that are available in Gateway. An example usage is provided in Tanium Gateway User Guide: Gateway Examples.
  • Improved support for filtering endpoints by using a list of row values for multi-column sensors.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: September 04, 2025

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: August 07, 2025

Improvements

  • The following fields are added at stability 1.2 - Experimental (Release Candidate): 
    • query.endpoints.edges.node.compliance.cveFindings.detectedCPEs - retrieve the detected CPEs for the CVE.
    • query.endpoints.edges.node.compliance.cveFindings.detectedProducts - retrieve the detected products for the CVE.
  • Implemented foundational improvements for upcoming support of additional endpoint types. This introduces the following fields at stability 1.1 - Experimental (Active Development)
    • query.endpoints.edges.node.entityProviderType - Provider Type of the entity.
    • query.endpoints.edges.node.entityProviderName - If the entityProviderType value is Tanium Client, this value is Tanium. If the entityProviderType is configured by a user, this value is the entity provider instance name.
    • query.endpoints.edges.node.entityType - Type of the entity.
    • query.endpoints.edges.node.isEndpoint - Returns whether the entity is an endpoint.
    • Added EndpointScope filter with the following values-
      • TANIUM_CLIENTS - Filters entities where entityProviderType is ‘Tanium Client’.
      • ALL_TS_SOURCED_ENTITIES - All available entities, including Tanium Client managed endpoints and entity provider managed entities, such as Intune mobile devices or OT devices.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: May 29, 2025

Improvements

  • Moved deprecated date details in the Gateway schema documentation to the Deprecation Notice section of the fields for improved clarity.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: April 28, 2025

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: April 10, 2025

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: April 04, 2025

Resolved Issues

  • Fixed an issue where actions created using packages with parameters and no verification query did not target any endpoints.

Cloud Release Starting on: March 24, 2025

Resolved Issues

  • Fixed an issue with mutation.actionCreate, mutation.actionPerform and mutation.scheduleActionCreate when using packages with parameters where verification queries would not run and would not return an appropriate status.
  • Fixed an issue with the action query where pendingVerification results improperly returned 0 instead of the actual result count.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: March 18, 2025

Improvements

  • Improved the behavior of mutation.manageSoftware to allow only users with appropriate Management rights to create deployments.

Cloud Release Starting on: March 13, 2025

Resolved Issues

  • Fixed an issue where deploying a package containing an odd number of double pipes would result in an internal error.

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: February 19, 2025

Security Update

  • This release includes security updates for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: January 21, 2025

Security Update

  • This release includes security update for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Starting on: January 09, 2025

Improvements

  • The name field is added to the TaniumPlatformUserPersona type at stability 1.1 - Experimental (Active Development). This affects the currentUserContext and other queries that return the TaniumPlatformUserPersona type.
    • For example: query.currentUserContext.persona.name - retrieves the active persona name for the current user.

Resolved Issues

  • Fixed an issue with the action query where verified and failedVerification results improperly returned 0 instead of the actual result count, and the id result did not return a value.

Cloud Release Starting on: November 05, 2024

Improvements

  • The following query is added at stability 1.1 - Experimental (Active Development)
    • query.managementRightsGroups - retrieve the list of management rights groups that apply to the requesting user and active persona. Please refer to the user guide for examples of this query.
  • Improved schema documentation to provide the approximate month and year a field or query was deprecated. These deprecated fields and queries might be either replaced or removed in the future.

Cloud Release Start on: October 09, 2024

Security Update

  • This release includes security update for internal code dependencies. The updates improve general security, and stability, and do not directly mitigate any potentially impacting vulnerabilities.

Cloud Release Start on: September 17, 2024

Improvements

  • Improved schema documentation to indicate that first and last fields for list queries return up to the requested count of records.
  • The following field is added at stability 1.2 - Experimental (Release Candidate)
    • query.computerGroups.edges.node.modifiedTime - retrieve the time that a computer group was last updated
    • query.computerGroup.modifiedTime - retrieve the time that the computer group was last updated

Resolved Issues

  • Fixed an issue where specific sensors would not target any endpoints when deploying actions.
  • Fixed an issue where submitting multiple requests using mutation.actionPerform returned an error message of "the parameter name is not valid" after the first request.
  • Fixed an issue with the order of sensor parameters if an endpoints query request used the sensorReadings field.

Cloud Release Start on: September 5, 2024

Changes to included components

  • Upgraded the internal dependency on JavaScript packages.

Cloud Release Start on: August 8, 2024

Improvements

  • Improved schema documentation.
  • Added the ability to add private APIs, for Tanium internal use, to the schema. Private APIs should not be used by customers, and no support is provided to customers that directly use private APIs. To identify private APIs, schema documentation for private APIs contains the following string: "This is intended for Tanium internal use and should not be used by customers."

Deprecated Fields

The following fields are changed to stability index 0 - Deprecated; support for these fields ends March 2026:

  • Salesforce integration fields
    • mutation.deleteConfigurationItemElement - Gateway does not provide a replacement field.
    • mutation.deleteRelationship - Gateway does not provide a replacement field.
    • mutation.importConfigurationItemEntities - Gateway does not provide a replacement field.
    • mutation.mergeConfigurationItemElements - Gateway does not provide a replacement field.
    • mutation.syncAssets - Gateway does not provide a replacement field.
    • mutation.updateConfigurationItemProperties - Gateway does not provide a replacement field.
    • mutation.upsertRelationship - Gateway does not provide a replacement field.
    • query.configurationItemEntities - Gateway does not provide a replacement field.
    • query.configurationItemProperties - Gateway does not provide a replacement field.
    • query.configurationItemRelationships - Gateway does not provide a replacement field.
    • query.endpoints.edges.node.configurationItem - Gateway does not provide a replacement field.
    • query.relationshipTypes - Gateway does not provide a replacement field.

Security Updates

  • This release includes security updates. An authorization check has been added to mutation.apiTokenRotate to allow only the token owner to rotate a given API token. This update can affect existing integrations that utilize mutation.apiTokenRotate. As a workaround, integrations can still rotate tokens by calling mutation.apiTokenRotate and including the token to be rotated in the session header. Users are advised to review their existing integrations and reconfigure as needed.

Cloud Release Start on: July 22, 2024

Changes to included components

  • Upgraded from Node 20.15.0 to Node 20.15.1.

Cloud Release Start on: July 8, 2024

Improvements

  • Improved support for filtering endpoints by using a list of row values for multi-column sensors.

Changes to included components

  • Upgraded from Node 18.20.2 to Node 20.15.0.

Resolved Issues

  • Fixed an issue with the schema documentation to no longer augment with "Use of this field requires the Gateway solution" message.
  • Miscellaneous bug fixes and improvements.

Cloud Release Start on: June 17, 2024

Improvements

  • Improved schema documentation strings.
  • Improved display for input fields to make it clearer when fields are deprecated.

New Fields

  • The following fields are added at stability index 1.0 - Experimental (Early Development):
    • query.endpointCounts (input.refresh) - refresh the endpoint counts collection identified by the given cursor, to retrieve results that might be slow to populate.
    • query.endpointCounts.collectionInfo - retrieve information about the endpoint count collection, including the counts of endpoints that contribute to the collection, and cursor information.

Field Stability Index Changes

No fields changed stability index in this release.

Deprecated Fields

No fields are deprecated in this release.

Resolved Issues

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained from Tanium Resource Center, or by contacting support.
  • Miscellaneous bug fixes and improvements.

Cloud Release Starting on: May 6, 2024

Improvements

  • Improved filtering on the query.endpoints field. For child fields that support filtering using the FieldFilter object, such as installedApplications, deployedSoftwarePackages, cveFindings, or sensorReadings, you can now negate the CONTAINS operator, and filter to return results that do not contain the provided filter value.
  • Stability improvements.
  • Error handling and message improvements.

New Fields

  • The following field is added at stability index 1.1 - Experimental (Active Development):
    • query.endpoints.collectionInfo.question.consoleURL - retrieve the URL of the Question Results page for this question in Tanium Console

Resolved Issues

  • Fixed an issue where a validation error was occurring when trying to filter with an empty string using a sensorReadings filter.
  • Fixed an issue where some virtual sensors were improperly labeled as sensors, instead of as virtual sensors.

Field Stability Index Changes

  • The query.endpoints (sort) field is changed to stability index 3 - Stable.

Security Updates

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Community site, or by contacting support.

Cloud Release Starting on: April 16, 2024

Enhancements

  • Improved stability.

Cloud Release Starting on: March 19, 2024

Improvements

  • Miscellaneous improvements to error handling and error messages.
  • Miscellaneous improvements to schema documentation rendering in the Documentation Explorer.

New Fields

  • The following fields are added at stability index 1.0 - Experimental (Early Development):
    • query.endpointCounts - retrieve endpoint counts matching the input sensor column values
    • query.endpointCounts.edges.node.columns - retrieve the sensor columns and values associated with the matching endpoint count
    • >query.endpointCounts.edges.node.count - retrieve the endpoint count matching the input sensor column values
    • query.endpoints.collectionInfo.question.id - retrieve the ID of the question used to query the Tanium Server (ts) data source for endpoint information
  • The following field is added at stability index 1.1 - Experimental (Active Development):
    • query.endpoints.edges.node.sensorReading - retrieve endpoint data from a single sensor, and convert the sensor result data type
  • The following field is added at stability index 1.2 - Experimental (Release Candidate):
    • query.endpoints (sort) - sort the returned endpoints based on a single field or sensor column
  • The following fields are added at stability index 3 - Stable:
    • query.packageSpecs.edges.node.lastUpdatedBy - retrieve the last user to update a package spec object
    • query.sensors.edges.node.lastUpdatedBy - retrieve the last user to update a sensor


Cloud Release Starting on: January 24, 2024

New Fields

  • The following field is added at stability index 1.1 - Experimental (Active Development):
    • query.currentUserContext - retrieve the current user and selected persona
  • The following field is added at stability index 1.2 - Experimental (Release Candidate):
    • query.actions - retrieve multiple actions

Resolved Issues

  • Fixed an issue where queries with multiple values may result in an error.


Cloud Release Starting on: December 13, 2023

Improvements

Cloud Release Starting on: November 30, 2023

Resolved Issues

  • Miscellaneous bug fixes.

Cloud Release Starting on: November 8, 2023

New Features

  • Tanium API Gateway has been rebranded to Tanium Gateway.
  • RBAC role names were updated to Gateway.
  • Updated GraphiQL interface in the Gateway workbench.

Improvements

  • Miscellaneous improvements to types and data storage.

New Fields

  • The following fields are added at stability index 1.2 - Experimental (Release Candidate):
    • query.endpoints.edges.node.compliance.complianceFindings.excepted - retrieve whether this compliance finding is excepted
    • query.endpoints.edges.node.compliance.cveFindings.affectedProducts - retrieve the affected products associated with a CVE
    • query.endpoints.edges.node.compliance.cveFindings.cisaDateAdded - retrieve the date the vulnerability was added to the CISA KEV catalog
    • query.endpoints.edges.node.compliance.cveFindings.cisaDueDate - retrieve the CISA KEV entry due date for taking action
    • query.endpoints.edges.node.compliance.cveFindings.cisaNotes - retrieve the CISA KEV entry notes
    • query.endpoints.edges.node.compliance.cveFindings.cisaProduct - retrieve the CISA KEV entry product information
    • query.endpoints.edges.node.compliance.cveFindings.cisaRequiredAction - retrieve the CISA KEV entry listed action to address the vulnerability
    • query.endpoints.edges.node.compliance.cveFindings.cisaShortDescription - retrieve the CISA KEV entry short description
    • query.endpoints.edges.node.compliance.cveFindings.cisaVendor - retrieve the CISA KEV entry vendor or project name
    • query.endpoints.edges.node.compliance.cveFindings.cisaVulnerabilityName - retrieve the CISA KEV entry vulnerability name
    • query.endpoints.edges.node.compliance.cveFindings.cpes - retrieve Common Platform Enumerations (CPE) associated with the CVE
    • query.endpoints.edges.node.compliance.cveFindings.excepted - retrieve whether this CVE finding is excepted
    • query.endpoints.edges.node.compliance.cveFindings.isCisaKev - retrieve whether this CVE finding is included in the CISA KEV catalog
    • query.endpoints.edges.node.compliance.cveFindings.scanType - retrieve the method used to discover the vulnerability finding

Field Stability Index Changes

  • The following field is changed to stability index 2 - Legacy:
    • query.packages is legacy. Use query.packageSpec instead, for improved pagination and parameter support.


Cloud Release Starting on: September 27, 2023

Improvements

  • Improved error logging.
  • Improved performance and stability.
  • Improved schema descriptions for stable and legacy Direct Connect functionality.

Cloud Release Starting on: August 22, 2023

Improvements

  • Improved error logging.
  • Improved performance and stability.
  • Improved schema descriptions for stable and legacy Direct Connect functionality.

New Fields

No new fields are introduced in this release.

Field Stability Index Changes

No fields changed stability index in this release.

Deprecated Fields

No fields are deprecated in this release.

Security Update

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.


Cloud Release Starting on: July 24, 2023

Resolved Issues

  • Miscellaneous bug fixes


Cloud Release Starting on: July 5, 2023

New Features

  • The endpoints query filter now supports eidFirstSeen and eidLastSeen.
  • This release introduces the stability index for fields, to convey the level of support for a field.
    • 0 - Deprecated: Deprecated fields stop receiving support.
      • Unless otherwise stated in Field Stability Index Changes below, fields deprecated in prior releases are changed to stability 0 - Deprecated.
    • 1.0 - Experimental (Early Development): Experimental fields in early development are not stable, and might change significantly.
    • 1.1 - Experimental (Active Development): Experimental fields in active development are not stable, and the implemented functionality is closer to meeting requirements than experimental fields in early development.
    • 1.2 - Experimental (Release Candidate): Experimental fields as release candidate are not stable, and the functionality is ready for evaluation.
    • 2 - Legacy: Legacy fields are not actively developed.
    • 3 - Stable: Stable fields have active support.
      • Existing fields in active support are changed to stability 3 - Stable in this release.

Improvements

  • Added new limits on memory and concurrent responses to improve performance and resource allocation.

New Fields

The following new fields add new request functionality:

  • Sensors requests
    • query.sensors (includeHidden) - include hidden sensors in the response
    • query.sensors.edges.node.hidden - whether a sensor is hidden by default

Field Stability Index Changes

The following fields have an updated stability index:

  • The following fields are changed to stability index 1.2 - Experimental (Release Candidate):
    • query.directConnectEndpoint.performance._dev_query
  • The following fields are changed to stability index 2 - Legacy:
    • mutation.closeDirectConnection is legacy. Use mutation.directConnectClose instead.
    • mutation.killProcess is legacy. Use mutation.directConnectProcessTerminate instead.
    • mutation.openDirectConnection is legacy. Use mutation.directConnectOpen instead.
    • mutation.pingDirectConnection is legacy. Use mutation.directConnectPing instead.
    • query.directEndpoint is legacy. Use query.directConnectEndpoint instead.
  • The following fields are changed to stability 3 - Deprecated.
    • query.endpointLastSeen is deprecated. Use query.endpoints (filter: {path: id}) to filter on endpoint ID, then include query.endpoints.edges.node.eidLastSeen in the request.

Fields are changed to stability index 0 - Deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. For more information on stability index changes, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#jul_2023.


Cloud Release Starting on: June 7, 2023

New Fields

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings.absoluteFirstFoundDate - retrieve the first date a CVE was ever found on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.cveFindings.lastScanDate - retrieve the date a CVE was last scanned for on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.complianceFindings.firstFoundDate - retrieve the date a compliance issue was first found on an endpoint
      • Note that you cannot filter a Comply request on this field.
    • query.endpoints.edges.node.compliance.complianceFindings.lastScanDate - retrieve the date a compliance issue was last scanned for on an endpoint
      • Note that you cannot filter a Comply request on this field.

Resolved Issues

  • Fixed an issue where max page size was not set to 5000

Cloud Release Starting on: May 8, 2023

Resolved Issues

  • Miscellaneous bug fixes and supportability improvements

Cloud Release Starting on: May 1, 2023

New Features

Comparison operators (GT, GTE, LT, LTE) and the any operator can now be used in the endpoints query for line-based filters on sensor readings and registered fields.

New Fields

The following new fields add new request functionality:

  • Direct Connect requests
    • mutation.directConnectClose - close an open Direct Connect connection with an endpoint
    • mutation.directConnectConnectionStatus - get the status of a Direct Connect connection
    • mutation.directConnectProcessTerminate - terminate the specified process on an endpoint using a Direct Connect connection
    • mutation.directConnectOpen - establish a Direct Connect connection with an endpoint
    • mutation.directConnectPing - ping an endpoint using a Direct Connect connection
    • query.directConnectEndpoint - obtain data from an endpoint using a Direct Connect connection

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:

  • mutation.closeDirectConnection is deprecated. Use mutation.directConnectClose instead.
  • mutation.killProcess is deprecated. Use mutation.directConnectProcessTerminate instead.
  • mutation.openDirectConnection is deprecated. Use mutation.directConnectOpen instead.
  • mutation.pingDirectConnection is deprecated. Use mutation.directConnectPing instead.
  • query.directEndpoint is deprecated. Use query.directConnectEndpoint instead.

For more information, see https://help.tanium.com/bundle/ug_gateway_cloud/page/gateway/deprecated.html#may_2023.

Fields No Longer Supported

The following fields, deprecated in November 2021, are no longer supported as of May 2023:

  • mutation.installSoftware is no longer supported. Use mutation.manageSoftware instead.
  • mutation.removeSoftware is no longer supported. Use mutation.manageSoftware instead.
  • mutation.upsertEntity is no longer supported. Use mutation.importConfigurationItemEntities instead.
  • query.directConnection is no longer supported. Use query.directConnectEndpoint instead.
  • query.endpoints.edges.node.diskSpace is no longer supported. Use query.endpoints.edges.node.disks instead.
  • query.endpoints.edges.node.memory.used is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.
  • query.endpoints.edges.node.memory.usedPercentage is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.
  • query.entities is no longer supported. Use query.configIremEntities instead.
  • query.relationships is no longer supported. Use query.configItemRelationships instead.
  • query.software is no longer supported. Use query.softwarePackage instead.
  • query.directEndpoint.performance.memoryUsagePercent is no longer supported. Use query.directConnectEndpoint.performance.memoryUsedPercent instead.


Cloud Release Date: Jan 18, 2023

New Features

  • The endpoints query now supports filtering capabilities for the compliance.cveFindings, complianceFindings, and sensorReadings fields.
    • The currently supported operations include: EQ, CONTAINS, STARTS_WITH, ENDS_WITH, and MATCHES.
    • A new flag (restrictOwner) controls whether the filter applies only to the sensor values or also restricts the participating endpoints. This defaults to true.
    • Use of the compliance filters requires a Comply solution available by February 2023.
  • The endpoints query now supports the ability to filter out endpoints that contain error or [no results] in requested sensors. This can be configured through setting the excludeErrors or excludeNoResults flags in the tds and ts sources.
  • The endpoints query now omits hidden sensor columns from the sensorReadings field by default. Hidden columns will be displayed if they are selected explicitly by name, or if the new includeHiddenColumns argument is given with a true value.

New Fields

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings (filter) - filter endpoint results based on CVE findings field values
    • query.endpoints.edges.node.compliance.complianceFindings (filter) - filter endpoints results based on compliance findings field values
  • Endpoint requests
    • query.endpoints (filter.memberOf.id) - filter endpoint results based on computer group membership, referencing the computer group ID
    • query.endpoints (source.tds.excludeErrors) - exclude endpoint results that contain common errors in returned field values from the Tanium Data Service source
    • query.endpoints (source.tds.excludeNoResults) - exclude endpoint results that contain [no results] in returned field values from the Tanium Data Service source
    • query.endpoints (source.ts.excludeErrors) - exclude endpoint results that contain common errors in returned field values from the Tanium Server source
    • query.endpoints (source.ts.excludeNoResults) - exclude endpoint results that contain [no results] in returned field values from the Tanium Server source
    • query.endpoints.edges.node.sensorReadings (includeHiddenColumns) - return hidden sensor columns in the response
    • query.endpoints.edges.node.sensorReadings (sensors.filter) - filter endpoint results based on sensor reading column values
  • Sensor requests
    • query.sensors.edges.node.columns.hidden - return whether a sensor column is hidden or not hidden by default

Deprecated Fields

No fields are deprecated in this release. Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.

Improvements

  • The endpoints query ts data source honors its maxWaitTime argument and computes success correctly.
  • The endpoints query no longer requires column names to be specified for filters on multi-column sensors when using the UPDATED_AFTER or CREATED_AFTER operators with the tds data source.
  • The endpoints query allows much larger responses when used with the tds data source.

Cloud Release Date: Nov 17, 2022

Resolved Issues

  • Minor bug fixes.


TaaS Release Date: Nov 09, 2022

New Features

  • Improved subgraph federation.

New Fields available today

The following new fields add new request functionality:

  • Comply requests
    • query.endpoints.edges.node.compliance.cveFindings.cvssScoreV3 - retrieve CVSS v3 score
    • query.endpoints.edges.node.compliance.cveFindings.severityV3 - retrieve CVSS v3 severity
  • Direct Connect requests
    • query.directEndpoint.alerts.all (scope.startTime, endTime) - define a lookback period for retrieving alerts
  • Endpoint requests
    • query.endpoints.edges.node.sensorReadings.columns - retrieve specified sensor columns and values

New Fields available in a future release of Asset and Reporting

This version of API Gateway adds support for the following new fields once future versions of Asset and Reporting are released. These fields will not be functional until the Asset and Reporting teams announce their support:

  • Asset requests (requires a future release of Asset)
    • mutation.assetsImport - import assets, creating assets or updating existing assets
  • Reporting requests (requires a future release of Reporting)
    • mutation.reportImport - import a previously exported report definition
    • query.reportExport - export a report definition
    • query.reportResultData - retrieve report data
    • query.reports - retrieve report definitions
    • query.report (ref) - retrieve report definition by ID

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields.

The following fields are deprecated in favor of new fields:

  • query.endpoints.edges.node.software is deprecated. Use query.endpoints.edges.node.installedApplications and query.endpoints.edges.node.deployedSoftwarePackages instead.

For more information, see API Gateway User Guide: November 2022 deprecated fields.

Improvements

  • Added Comply CVSS v3 scoring to API Gateway schema.
  • Improved error logging.

Resolved Issues

  • Various bug fixes

Cloud Release Date: Oct 25, 2022

Resolved Issues

  • Minor bug fixes.

TaaS Release Date: Oct 4, 2022

Resolved Issues

  • Minor bug fixes.

Cloud Release Date: August 30, 2022

New Fields

The following new fields add new request functionality:

  • Action requests
    • mutation.actionPerform - run one of an enumerated list of action operations on endpoints
    • mutation.actionStop - stop an action
    • mutation.scheduledActionApprove - approve a scheduled action
    • mutation.scheduledActionCreate - create a scheduled action
    • mutation.scheduledActionDelete - delete an action or scheduled action
    • query.packageSpecs - retrieve information about a package spec
    • query.scheduledAction - retrieve information about a scheduled action
    • query.scheduledActions - retrieve information about multiple scheduled actions
  • Action group requests
    • mutation.actionGroupCreate - create an action group
    • mutation.actionGroupDelete - delete an action group
    • query.actionGroup - retrieve information about an action group
    • query.actionGroups - retrieve information about multiple action groups
  • Computer group requests
    • mutation.computerGroupCreate - create a computer group, filter group, or management rights group
    • mutation.computerGroupDelete - delete a computer group, filter group, or management rights group
    • query.computerGroup - retrieve information about a computer group
    • query.computerGroups - retrieve information about multiple computer groups
  • Direct Connect requests
    • query.directEndpoint.performance.memoryUsedPercent - retrieve the percentage of memory used on an endpoint
    • query.directEndpoint.performance.processes.all.cpuUsagePercent - retrieve an endpoint’s CPU usage percentage
  • Endpoint requests
    • query.endpoints.edges.node.eidFirstSeen - retrieve the time an endpoint was first seen
    • query.endpoints.edges.node.eidLastSeen - retrieve the time an endpoint was most recently seen
    • query.endpoints.edges.node.installedApplications - retrieve the applications installed on endpoints
    • query.endpoints.edges.node.sentinel - retrieve endpoint Microsoft Sentinel information
    • query.endpoints(source.tds.namespaces) - retrieve endpoint data from a configured namespace
    • query.endpoints(source.ts.maxAge) - retrieve sensor data, up to this maximum age in seconds
    • query.endpoints.edges.node.sensorReadings(sensors.maxAge) - retrieve sensor data, up to this maximum age in seconds
  • Threat Response requests
    • mutation.threatResponseAlertResolve - Assign Resolved status to a Threat Response alert. This mutation request requires Threat Response.

Deprecated Fields

Fields are deprecated in favor of replacement fields, which offer improved functionality or ease-of-use. After 12 months from the initial announcement, deprecated fields receive support and maintenance for a minimum of 6 months. For the best results, migrate any deprecated fields in your requests to the suggested replacement fields. The following fields are deprecated in favor of new fields:

  • mutation.createAction is deprecated. Use mutation.scheduledActionCreate and mutation.actionPerform instead.
  • mutation.deleteAction is deprecated. Use mutation.scheduledActionDelete instead.
  • query.directEndpoint.performance.memoryUsagePercent is deprecated. Use query.directEndpoint.performance.memoryUsedPercent instead.
  • query.lastActionDetails is deprecated. Use query.scheduledAction.lastAction instead.
  • query.lastActionResults is deprecated. Use query.scheduledAction.lastAction.results instead.

For more information, see Gateway User Guide: August 2022 deprecated fields.

Cloud Release Date: August 8, 2022

Improvements

  • Upgraded various third-party libraries to most recent versions

Cloud Release Date: June 8, 2022

New Features

    • For more information, see EndpointRisk and EndpointCompliance in the Documentation Explorer.
  • The API Gateway now provides API token management (query.myAPIToken, mutation.apiTokenGrant, mutation.apiTokenRevoke, mutation.apiTokenRotate) in the schema.
    • Integrations can automate creation and renewal of API tokens, supporting token rotation without manual intervention.
  • The API Gateway now provides sensor registration with Tanium Data Service (mutation.sensorHarvest), and retrieval of all platform (query.sensors (filter: {path: virtual, value: false}) and TDS-registered (query.sensors (filter: {path: virtual, value: true}) sensors.
    • Integrations can ensure the sensors they depend on are registered in TDS as part of their bootstrapping.
    • Integrations can verify that the sensors they depend on are available in the platform before using them.
  • The API Gateway now provides cursor refresh when using pagination by passing refresh:<cursor-value> as an argument to the endpoints query.

Improvements

  • Improved error messages for missing sensor parameters.

Resolved Issues

  • Fixed an issue where the endpoints.edges.node.diskSpace field returned information for only the C drive on Windows endpoints.

TaaS Release Date: Mar 17, 2022

Resolved Issues

  • Minor bug fixes.

Taas Release Date: March 1, 2022

New Features

  • The Endpoints query now supports two additional filtering options, which allow users more control over which endpoints they receive data from:
    • a computer group filter, using the filter syntax:
      filter: {memberOf: {name: "computer-group-name"}}
    • a sensor readings filter, using the filter syntax:
      filter: {sensor: {name: "sensor-name", value: “filter-value”}}
  • The API Gateway provides improved error handling for unavailable fields. Fields can be unavailable for a variety of reasons, including not registered for collection in TDS, or the underlying sensor not installed in the Tanium platform through either a module or solution. Whenever possible, the API Gateway returns all available fields and provides information in an error field about sensors that could not be returned. This capability makes it easier for integrators to build solutions for multiple customers who may have different Tanium modules and content solutions installed.
  • Multiple fields have updated schema documentation to show which underlying sensors are used to collect information.

Resolved Issues

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
  • Various bug fixes and enhancements

Taas Release Date: December 16, 2021

Resolved Issues

  • Fixed a bug where all relevant sensors were not registered correctly in the Tanium Data Service.
  • Fixed a bug where the networking.dnsServers field listed the previous value.
  • Fixed a bug where querying the os.language field returned an error.


Taas Release Date: December 9, 2021

Updated December 10, 2021

Resolved Issues

  • Minor bug fixes.

Known Issues

  • To use sensors from the Tanium Data Service in the API Gateway, sensors must be registered with Tanium Data Service for collection. API Gateway does not automatically register some common sensors in the endpoints and assets queries with the Tanium Data Service. This will be resolved in an upcoming release. In the meantime, you can manually register sensors with Tanium Data Service to use in API Gateway. For steps on how to register sensors with the Tanium Data Service, see Tanium Console User Guide: Manage sensor results collection.

Taas Release Date: November 9, 2021

The API Gateway is a single and stable API integration point for the various Tanium solutions. It is designed for Tanium partners and customers interested in building integrated solutions with the Tanium Platform.

Important Notes

This release is the initial public release of Tanium API Gateway which delivers simplified integration capabilities for customer and partner developers to query data, perform actions on endpoints and deploy software from automated systems.

New Features

  • API Gateway Query Explorer in the Shared Services menu of Tanium Console
  • Documentation available at Gateway User Guide

Known Issues

  • The endpoint.os.language field returns an error. This issue will be resolved in an upcoming release.