Skip to main content

Cyware Orchestrate

Tanium GraphQL

App Vendor: Tanium

App Category: Endpoint

Connector Version: 1.0.0

API Version: v1.2.53

About App

The Tanium GraphQL app enables you to run GraphQL queries on the Tanium platform. The Tanium GraphQL connector app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Run GraphQL

This action allows executing of both GraphQL queries and GraphQL mutations.

Configuration Parameters

The following configuration parameters are required for the Tanium GraphQL app to communicate with the Tanium GraphQL enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the base URL for your Tanium application.

Example:

"https://tanium.domain.tld"

Text

Required

API Token

Enter the API token to authenticate Tanium API endpoints.

Example:

"356d5f5bbb3671f28e24f65be3bdd54d9d81001ca8"

Password

Required

SSL Verify

Enter your preference to verify the SSL certificate for your connection.

Boolean

Optional

Allowed values:

  • Yes

  • No

Default value:

  • No

Action: Run GraphQL

This action runs GraphQL queries and mutations. For example, you can just send a simple '{now}' query in JSON format to get the current server time. You can also use simple filters that constrain the values of fields that participate in the query. You can also run mutations such as 'mutation {ping}'

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

GraphQL statement

Enter the query or mutation to run in your Tanium server. Examples are provided below.

Text

Required

For more query and mutation examples see Tanium Documentation

Example Request

The below example shows a simple filter in the path property with a period of separate levels in the graph starting at the record type.

{
   endpoints("filter":{
      "path":"primaryuser.email",
      "value":"user@example.com"
   }")"{
      "edges"{
         "node"{
            "id primaryuser"{
               "email"
            }
         }
      }
   }
}

The below example shows an example mutation.

"mutation {
  createAction(
    action: {description: ""Increasing log verbosity level on all debian endpoints for troubleshooting"", target: {targetGroup: ""All Debian"", platforms: [Linux]}, changeClientSetting: {name: LOG_VERBOSITY_LEVEL, value: "41"}}
  ) {
    id
  }
}"

The below example shows a query for returning endpoint sensor information.

{
endpoints(first: 2) {
    edges {
        node {
            name
            computerID
            ipAddress
            isVirtual
            chassisType
            systemUUID
            domainName
            os {
                name
                platform
                generation
            }
            processor {
                architecture
                cacheSize
                consumption
                cpu
                family
                manufacturer
                speed
            }
            lastLoggedInUser
        }
    }
    pageInfo {
        startCursor
        endCursor
        hasNextPage
    }
}
}