- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
01-09-2024 06:35 AM - edited 07-17-2025 06:32 AM
How do I configure the Tanium Service Graph Connector?
Current Version: 1.8
Sample Application Service to Monitor: MediaWiki
URL: http://10.197.203.212:5000/mediawiki
Tanium Configuration: Tanium Cloud Based Instance (as oppose to Tanium on-premises instance)
Software Asset Management Enabled(Yes\No): Yes
A 2-Tier PHP-based Web Application running on a 5 VM Node configuration in our Crucible Lab Environment will be used to demonstrate the Tanium Service Graph Connector.
Environment:
HAProxy Load Balancer (ardeilmwtnhap01) routes Web Requests to an Apache Web Server Cluster (ardeilmwtnapp01, ardeilmwtnapp02, ardeilmwtnapp03) that has the MediaWiki Application installed and running. The MediaWiki (PHP) Application in turn routes DB Requests to a MySQL Server DB (ardeilmwtndb01) as depicted in the top-down discovered Application Service Map below.
This MediaWiki Application is being monitored by the Tanium SaaS Asset Management cloud-based solution, where all application-component data with respect to the application is stored.
The following topics are covered in this How do I configure the Tanium Service Graph Connector? Article:
A. Set up Application to be monitored in Tanium Cloud
B. Analyze your Application Assets in Tanium Cloud
C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance
D. Run Tanium Service Graph Connector Scheduled Data Import Jobs on your ServiceNow Instance
E. Analyze the CMDB Records created\updated by the Tanium Service Graph Connector for your Application in your ServiceNow Instance
F. Tanium Software Usage - Relevant only when Software Asset Management Professional(SAM Pro) is enabled
A. Set up Application to be monitored in Tanium Cloud
(i) Log into your company's Tanium Cloud Instance
(ii) Install Tanium Client Agents on VM's containing Application components to be monitored, e.g. MediaWiki - Deploying the Tanium Client using an installer or package file
- Navigate to Shared Services, Client Management from Left Hand Menu
- Click on Download Installers
- Select the Installer Package for the Operating System that your Application components run on, e.g. Linux
- This downloads the Installer Package and an <operating system>-client-bundle zip file onto your machine.
- Upload this zip file to each of your VM's and unzip the file to a directory of your choice
- Follow the instructions on your Deploy the Tanium Client to <Operating system> endpoints using Package files Documentation page, e.g. - Deploy the Tanium Client to Linux endpoints using package files to install Tanium Client on the VM's containing the Application to be monitored, e.g. MediaWiki
- Tanium Client makes outbound TCP connections to a non-standard port, port 17472 on your Tanium Cloud Instance - Refer to the Host and Security Requirements section in the Tanium Cloud Requirements documentation for more details.
- Execute an Operating System specific command from your VM's to verify that your VM's can make outgoing TCP connections to Port 17472 on your Tanium Cloud Instance. For example, the nc -vz your Tanium Instance Host Name 17472 Unix Command or the Telnet your Tanium Instance Host Name 17472 Windows Command (from a Windows Command Shell).
- If you get a connection timeout error message like e.g. the "Ncat: Connection timed out" Ncat Unix error message it indicates that your Internal Firewall is blocking TCP traffic from communicating over this Port. You will need to get your Network Security Administrator to open this Port for TCP based Traffic.
Best Practice outlined in the Host and Security Requirements section in Tanium Cloud Requirements: Tanium recommends that you configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of Application identity-based rules
- Start the Tanium Client service, referring to the Manage Tanium Client on <Operating System> Documentation page specific to your Operating System, e.g. - Manage the Tanium Client service on Linux
(iii) Go back to your company's Tanium Cloud Instance Home Page to verify that your VM's successfully registered with your Tanium Cloud Instance
- You should see an Online Endpoints Tile showing the Number of VM's that you have successfully registered with your Tanium Cloud Instance
- Click on this Online Endpoints Tile to see your list of VM's.
Below is an example of this for the 5 MediaWiki Application VMs in our Crucible Lab Environment.
(iv) Create an API Token specific to your ServiceNow Instance that you will be providing as part of the (iv) Guided Setup step outlined in the C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance Section further down.
- Navigate to Administration, API Tokens from the Left Hand Menu
- Click on the Create API Token Button to bring up the Create API Token Dialog Box. Specify the IP Address associated with your ServiceNow Instance in the Trusted IP Addresses Field.
- For IPv4 IP Addresses, use CIDR notation, e.g. 192.168.0/24.
- For IPv6 IP Addresses, enclose the IPv6 Address in Square Brackets. e.g. [2001:db8:3333:4444:8888] or [2001:db8::]/32
(v) Create a Custom Asset View that will be used by the Tanium Service Graph Connector to query your Tanium Cloud Instance for your Asset related data.
- Navigate to Modules, Assets, Views from the Left Hand Menu
- Click on the Create View pushbutton to display the Create View drop-down menu
- Select the "Create ServiceNow View" option on this menu
- This creates a ServiceNow (reserved) View that you will be cloning to create your own Organization
specific ServiceNow Asset View for editing.
- Click on the Create Copy(+) Icon to the right of the newly created ServiceNow (reserved) View to create your own Organization specific ServiceNow Asset View
- Edit this copy and add the below fields:
- All fields from the SIU Product Usage bucket
- Asset -> Last Seen field
- Network Adapter -> Model field
You will be selecting this new Organization specific ServiceNow View as part of the (iv) Guided Setup step outlined in the C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance Section further down.
B. Analyze your Application Assets in Tanium Cloud
The Tanium Service Graph Connector integrates with the Asset Module in Tanium - Tanium Asset overview
(i) Navigate to Modules, Assets, Reports to display the available list of Tanium Asset Reports
(ii) Select the All Assets Report. You should see a list of your VM Assets displayed.
Below is an example of this for the 5 MediaWiki Application VM Assets in our Crucible Lab Environment
(iii) Double click on any of your VM Assets to bring up the Asset Report for that VM. You will an Asset Details Summary Screen with the following Menu Options for your VM in the Left hand Menu:
- Installed Applications
- Logical Disks
- Network Adapters
- Physical Disks
Below is an example of this for our ardeilmwtnapp01 VM where the Asset Details associated with our ardeilmwtnapp01 VM is displayed.
Installed Applications
(iv) Click on the Installed Applications Menu option to bring up the list of Installed Applications on your VM. Below is an example of this for our ardeilmwtnapp01 VM where the list of Installed Applications installed on the ardeilmwtnapp01 VM is displayed.
Logical Disks
(v) Click on the Logical Disks Menu option to bring up the list of Logical Disks on your VM. Below is an example of this for our ardeilmwtnapp01 VM where the list of Logical Disks on the ardeilmwtnapp01 VM is displayed.
Network Adapters
(vi) Click on the Network Adapters Menu option to bring up the list of Network Adapters on your VM. Below is an example of this for our ardeilmwtnapp01 VM where the list of Network Adapters on the ardeilmwtnapp01 VM is displayed.
Physical Disks
(vii) Click on the Physical Disks Menu option to bring up the list of Physical Disks on your VM. Below is an example of this for our ardeilmwtnapp01 VM where the list of Physical Disks on the ardeilmwtnapp01 VM is displayed.
C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance
(i) Login to your ServiceNow Instance
(ii) Install the following Applications & Plugins in the order shown:
Applications
- Integrations Commons for CMDB: sn_cmdb_int_util
- CMDB CI Class Model: sn_cmdb_ci_class
- ITOM Discovery License: com.snc.itom.discovery.license (Included with full Discovery Product)
- Service Graph Connector for Tanium: sn_tanium_integ
Plugins
5. com.glide.hub.action_type.datastream Plugin (ServiceNow IntegrationHub Action Template - Data Stream) - click on the Request Plugin Button from the System Applications Screen
(iii) Navigate to Setup under Tanium in the Filter Menu
(iv) Go through all Guided Setup Steps as per the ServiceNow Documentation: Configure Service Graph Connector for Tanium
Configuring the Connection and Credentials
Your ServiceNow Instance will be authenticating to your Tanium Cloud Instance using Token based Authentication as oppose to Basic Authentication. Specify the following in the below Configure the Connection and Credentials section steps:
- Set authentication type - Specify token to indicate that your ServiceNow Instance will be authenticating to the Tanium Cloud Instance using Token based Authentication
Tanium Cloud processes Tanium REST API HTTP Requests from External Applications via an API Gateway that is expecting an API Token Key to be provided for the Session Parameter in the Header section of the HTTP Requests. This is why token is specified for authentication type.
Note: Tanium On-Prem REST API's can be authenticated with via Basic User Name\Password Authentication as well as API Token Key Authentication. For Basic User Name\Password Authentication basic is specified for authentication type.
- Configure the Token Auth Credentials - Specify the API Token Key you created earlier in the (iv) Create an API Token step in the A. Set up Application to be monitored in Tanium Cloud section above.
- The OOTB SG Tanium Token Auth Credential Credential Record will be updated at the end of this step.
Note: According to Tanium API Token Best Practices, API Tokens should not be shared across ServiceNow Instances. The Tanium Service Graph Connector has implemented Auto-Rotation for Tanium API Tokens ( as per Tanium API Token Best Practices) meaning that when a ServiceNow Instance's API Token is rotated the API Token is then invalid for any other ServiceNow Instances that may be attempting to use it.
Please refer to the Tanium Managing API tokens Documentation Page for more details on Tanium API Token Best Practices.
- Configure the Connection
- Click on the Configure pushbutton to the right of Configure the Connection to bring up the below Dialog Box:
Name Field: Prepopulated with the Name of the OOTB SG Tanium Token Auth Connection Connection Record.
Credential Field: Prepopulated with the SG Tanium Token Auth Credential Credential Record from the previous Configure the Token Auth Credentials step.
Connection alias Field: Prepopulated with the OOTB Parent SG Tanium Token Auth Connection Alias Connection & Credential Alias Record.
Any Child Connection & Credential Aliases that may be created in the Add Multi Instances section in Guided Setup (described further down) will be associated with this Parent Connection & Credential Alias.
Host Field: Specify your Tanium Cloud Instance Host Name
- Configure the View
- Click on the Configure pushbutton to the right of Configure the View to bring up the below SG Tanium View Set Up Screen:
The Pulldown Menu on the this Screen is prepopulated with all available Custom Asset Views in your Tanium Cloud Instance. Your ServiceNow Instance makes an API call to your Tanium Cloud Instance in order to get these Custom Asset Views. The SG Tanium Token Auth Connection Alias Connection & Credential Alias that you created in the previous step is used for authentication with your Tanium Cloud Instance.
Crucible Lab shown in the Pulldown Menu in the above screen is one of the Custom Asset Views in our Tanium Cloud Instance that was returned by this API call.
Note: If you get an "Unable to retrieve views from the Tanium server. Please check your connection and credentials" Error Message when you click on the Configure Pushbutton this generally means that the API Token that you created in your Tanium Cloud Instance has been shared with a different ServiceNow Instance. As per the Note in the above Configure the Token Auth Credentials step, the Tanium Service Graph Connector has implemented Auto-Rotation for Tanium API Tokens. This means that the 2nd ServiceNow Instance that the API Token has been shared with has rotated the Tanium API Token making it valid for the 2nd ServiceNow Instance but invalid for your ServiceNow Instance. You should check to see if another ServiceNow Instance is using the API Token that you created.
- Select the Organization specific ServiceNow View you created earlier in the (v) Create a Custom View step in the A. Set up Application to be monitored in Tanium Cloud section above and click on the Set View Pushbutton. The Tanium Service Graph Connector on your ServiceNow Instance is now configured to use this View.
Generating Out of the Box Data Sources and Scheduled Imports
Completing all the other steps in the Configure the Connection and Credentials section will trigger the creation of Out of the Box Data Sources and Scheduled Imports. Below are the OOB Scheduled Imports that get created for instances that do not have Software Asset Management Professional installed:
Below are the OOB Scheduled Imports that get created for instances that do have Software Asset Management Professional installed:
You will notice the additional SG-Tanium Usage Scheduled import Job that gets created. This job runs on a Monthly basis and captures Last Used Date data for Software being Tracked in Tanium for your Monitored Windows and MacOS Endpoints. It will be explained in more detail in the F. Tanium Software Usage Section below.
Add Multi Instances
There is an Add Multi Instances section in Guided Setup that is not Mandatory but is recommended even if you are only using One Instance. It allows you to create a set of Data Sources and Scheduled Imports that are specific to your Customer Tanium Instance. This is recommended for the following reasons:
- It is good futureproofing for cases where you may need to connect to a 2nd Data Source sometime in the future. For example a Tanium Data Source in a different Geographical location or a Tanium Data Source in a different company that is acquired through corporate M&A activity.
- It prepares you for future upgrades, where the Customer specific Data Source and Scheduled Data Import Records in the sys_data_source Table will not be marked as Skipped Records for Review by the Upgrade. It will allow you to focus on Skipped Records due to intentional Customization as oppose to Execution of the Out of the Box Scheduled Imports.
Go through all the steps in this Add Multi Instances section to specify Customer specific Data Sources and Scheduled Imports. Pay particular attention to the below steps in this section:
- Add another Token Auth Connection step - Clicking on the Configure button brings you to the Flow Designer
- The SG Tanium Token Auth Connection Alias Connection & Credential Alias from the prior Configure the Connection and Credentials section is shown on the Left hand side of the Flow Designer Screen.
- The already existing Connections that are associated with this Connection & Credential Alias are shown on the right hand side of the Flow Designer screen. For example the Out of the Box SG Tanium Token Auth Connection Connection you updated in the prior Configure the Connection and Credentials section.
- Click on the Add Connection button in Flow Designer to bring up the Create Connection Dialog box shown below:
- What is specified in the Connection Name field will be used as part of the naming convention for the newly created Customer Specific Data Sources & Import Sets as per below:
Customer Specific Scheduled Import Jobs | Connection Name - Import Job Name |
Customer Specific Data Sources | Data Source Name - Connection Name |
So in the Connection Name field, populate it with something that will enable you to identify the associated Customer specific Data Source & Scheduled Imports easily after they are created. For example, Europe was specified for our Connection to establish the location that our Tanium Cloud Instance is based in.
Specify your Tanium Host Instance URL and Token API Key in the other fields on this Dialog Box. Clicking on the Create Connection button creates a Child Connection & Credential Alias that is associated with the Parent "SG Tanium Token Auth Connection Alias" Connection & Credential Alias already displayed in Flow Designer
- Generate Data Sources and Scheduled Imports step
Click on Configure to the right of Generate Data Sources and Scheduled Imports to bring up the Dialog box shown below:
Connection and Credentials Alias Field: Specify the Child Connection & Credential Alias you created in the above step.
View Field: Click on the Search icon. A View Name Dialog Box will be displayed with all the available Views in the Instance you're connecting to via the Child Connection & Credential Alias (These will have been created in this Instance in a similar way to how you created the Custom View in step (iv) of the A. Set up Application to be monitored in Tanium Cloud section).
An example of the Customer specific Data Sources and Scheduled Imports that get created when you have finished all the other steps in this section is shown below, where Europe was what was used to identify our Customer specific Schedule Imports and Data Sources:
D. Run Tanium Service Graph Connector Scheduled Data Import Jobs on your ServiceNow Instance
(i) Navigate to Scheduled Data Imports under Tanium in the Filter Menu. 4 Scheduled Data Imports should be listed, with 3 of the 4 being marked Active as shown below.
(ii) Open your SG-Tanium Hardware and Software Parent Scheduled Import job record, for example the Europe - SG Tanium Hardware and Software Scheduled Import Job shown in the above screen shot, and click on the Execute button
(iii) Navigate to Concurrent Import Sets in the Filter Menu.
- Wait for your 2 Active Scheduled Data Import jobs to finish.
Note: The SG-Tanium Applications Import job is currently disabled (Active=False) in this Release. There are plans to enable it in a future release.
E. Analyze the CMDB Records created\updated by the Tanium Service Graph Connector for your Application in your ServiceNow Instance
There are 3 types of Records created by the Tanium Service Graph Connector in the CMDB:
- CMDB CI[cmdb_ci] Records
- Software Installation[cmdb_sam_sw_install] Records - Software Asset Management(SAM) enabled
- Software Instance[cmdb_software_instance] Records - If Software Asset Management(SAM) not enabled
- Serial Number[cmdb_serial_number] Records
CMDB CI Records
(i) Navigate to cmdb_ci.list in the Filter Menu
(ii) Group by Discovery Source
(iii) Navigate to the SG-TaniumSN Discovery Source and double click on its Discovery source:SG-TaniumSN(n) link where n represents the Number of CMDB records(entities) Created\Updated by the Tanium Service Graph Connector.
(iv) Group By Class
A List of CMDB CI Records Created\Updated by the Tanium Service Graph Connector will be displayed grouped by Class. The screen shot below shows all of the Class Records displayed in this Class List for our MediaWiki Application.
- The 5 Linux VM's associated with our MediaWiki Application are listed as Linux Server CI's
- The Network Adapter's, IP Addresses, File System's and Disks associated with each of these Linux Servers are listed as Network Adapter, IP Address, File System and Disk CI Classes respectively. These were populated in turn from their corresponding Network Adapter, IP Address, Logical Disk and Physical Disk Entities in Tanium. The Network Adapter, Logical Disk and Physical Disk Entities for the ardeilmwtnapp01 Linux Server in Tanium are shown in the B. Analyze your Application Assets in Tanium Cloud section above.
The screen shot below shows all the Linux Server specific fields that were populated by the connector for the ardeilmwtnapp01 Linux Server CI created by the Tanium Service Graph Connector, along with the Network Adapter(1), Storage Devices(2), File Systems(3), and CI IPs(1) Tabs that were populated with the Network Adapters, Storage Devices, File Systems and CI IPs records associated with the ardeilmwtnapp01 Linux Server CI respectively. For example, the 00:50:56:96:c8:8f Network Adapter CI shown in the above CMDB CI Class Screen shot is shown in the Network Adapter Tab below.
Notice how the count shown in the Network Adapter, Storage Devices and File System Tabs matches the Network Adapter, Physical Disks and Logical Disk Entity count shown for the ardeilmwtnapp01 Linux Server in the Screen shots in the B. Analyze your Application Assets in Tanium Cloud section above.
Software Installation Records
(i) Navigate to cmdb_sam_sw_install.list in the Filter Menu
(ii) Group by Discovery Source
(iii) Navigate to the SG-TaniumSN Discovery Source and double click on its Discovery source:SG-TaniumSN (n) link where n represents the Number of Software Install Records Created\Updated by the Tanium Service Graph Connector.
(iv) A List of Software Install Records Created\Updated by the Tanium Service Graph Connector will be displayed. The screen shot below shows all the Software Install Records Created\Updated by the Tanium Service Graph Connector for our MediaWiki Application.
(v) The screen shot below shows the Software Install Records displayed in this List for our ardeilmwtnapp01 Linux Server(Installed on=ardeilmwtnapp01) .
Notice that 1480 Records are shown at the bottom of the screen. This matches the Software Installations (1480) count in the Software Installations Tab shown above for the ardeilmwtnapp01 Linux Server. It also matches the (1480) count shown in the Tanium Installation Applications Screen Shot i.e.
F. Tanium Software Usage
If you have Software Asset Management Professional (SAM Pro) activated on your ServiceNow Instance, a SG-Tanium Usage Scheduled Import Job is installed with your SG-Tanium Service Graph Connector Installation (as referenced in the Generating Out of the Box Data Sources and Scheduled Imports step in the above C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance section). This job runs on a Monthly basis and captures Last Used Date data for Software being Tracked in Tanium for your Monitored Windows and MacOS Endpoints.
You need to have Software Monitoring enabled on your Tanium Instance for the Products that you want to capture Software Product Usage data for (Refer to Tanium's Monitoring software inventory documentation page for details on how to do this).
For our Tanium Instance we have enabled Software Monitoring for the following software products:
- Notepad++
- Google Chrome
The screenshot below shows Software Monitoring being enabled for these products in our Tanium Instance with the Used Column showing a value of 1 to indicate that the Product has been detected as being Used on our Monitored Windows based Endpoints.
The SG-Tanium Usage Scheduled Import job pulls the previous Month's Last Used Date Usage data for your Windows based Endpoints being monitored by your Tanium Instance. It populates the Software Usage[samp_sw_usage] Table with your Software Product's previous Month's Last Used Date Usage Data but in order for it to do so, you need to have Last Used Date type Reclamation Rules setup for the Software Products that you want to capture Last Used Date Usage data for (Refer to Add a software reclamation rule ServiceNow Documentation Page for details on how to do this).
For all Product Executable records in the SG-Tanium Usage Staging Table, it checks the Reclamation Rules[samp_sw_reclamation_rule] Table for Last Used Date Reclamation Rules. For every Product Record that it finds a Last Used Reclamation Rule for, it populates the Software Usage[samp_sw_usage] Table with Last Used Date Usage data for that Product.
The screen shot below shows Last Used Date Software Usage data for our Notepad++ and Google Chrome Products that have been set up for Software Monitoring in our Tanium Instance and have been detected as being used on our monitored cruwin10tan Windows Endpoint.
- 11,191 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Anne Marie Duff,
If we want to run scheduled job "SG-Tanium Hardware and Software" with dedicated user specific for this connector, what role we should give to user in ServiceNow?
Also job 'SG-Tanium Applications' is inactive OOB, is it supposed to be inactive only or we need to make it active?
Regards,
Shreya
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Shreya,
1. To run the SG-Tanium Hardware and Software scheduled job with a dedicated user, the user will need to be assigned the connection_admin role, as per the ServiceNow Configure Service Graph Connector for Tanium Documentation Page
2. The SG-Tanium Applications scheduled job is marked as Inactive OOTB. The purpose of this Scheduled Import Job is to ingest Running Process & TCP Connection information associated with the Linux and Windows Hosts being monitored in Tanium.
This Scheduled Import job is currently not supported and is under review with a view to it being supported in a future Tanium Service Graph Connector Release.
Hoping this helps,
Thanks,
Anne-Marie
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Anne Marie Duff ,
Good day !
We are setting up Tanium in lower instances. How do we limit the number of records returned from Tanium for testing.
We want to set a limit for the testing purposes.
Thanks in Advance
Kalyani
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Kalyani,
To limit the Number of records returned from Tanium you can create your own View in your Tanium instance that limits the number of records returned by the View. In other words, in this View you can apply a Filter that filters out records based on the the Query Condition of the Filter.
Hoping this helps,
Thanks,
Anne-Marie
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Anne Marie Duff,
Thanks for this excellent documentation. We are struggling with connecting to our Tanium cloud instance. In the guided setup, when we try to "Configure the View", we are receiving the following error message:
Unable to retrieve views from the Tanium server. Please check your connection and credentials
We pulled an API Token from Tanium using a Trusted IP Address of 0.0.0.0/0 and expiration 365 days.
When we Test the Connection, we receive:
State = Cancelled (and it's red)
Completion code = Success (and it's green)
Message = "org.mozilla.javascript.JavaScriptException: SyntaxError: Unexpected token: < (sys_script_include.ba5ad31a531030106747ddeeff7b1284.script; line 138)"
---------------------------------------
UPDATE
We were able to debug the issue.
We were using our Tanium cloud portal URL: https://<customername>.cloud.tanium.com.
The correct Host URL to use is the Tanium API cloud URL: https://<customername>-api.cloud.tanium.com.
We also confirmed the "Trusted IP Address" to use when creating the Tanium API Token is the "Source address used for integrations into customer network with NO VPN" IP Address under "My IP Addresses" for the desired ServiceNow environment in our ServiceNow Support portal.
@Anne Marie Duff, feel free to update the Community article above with these two findings, so others may not struggle as much as we did to set up the connection 🙂
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Ted,
Generally when you get an "Unable to retrieve views from the Tanium server. Please check your connection and credentials" Error message when you try to Configure the View like you describe above, the API Token that has been created in Tanium has been shared with another ServiceNow Instance.
The Tanium Service Graph Connector has implemented Auto-Rotation for Tanium API Tokens. This means that the 2nd ServiceNow Instance that an API Token has been shared with has rotated the Tanium API Token making it valid for the 2nd ServiceNow Instance but invalid for your ServiceNow Instance. You should check to see if another ServiceNow Instance is using the API Token that you created.
I have put a Note in about this into the Configure the View step in the C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance Section of this Article.
Hoping this helps,
Thanks,
Anne-Marie
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks for that additional info. That wasn't the root cause of my bad connection (my root cause was an incorrect URL and an incorrect Trusted IP address), but your comment about sharing API tokens between ServiceNow instances is informative too.
My only recommendations for the article above are (a) revise the statement
Host Field: Specify your Tanium Cloud Instance Host Name
to
Host Field: Specify your Tanium Cloud API Host Name
and (b) give more detailed information on which "IP Address" is needed in the statement:
Specify the IP Address associated with your ServiceNow Instance in the Trusted IP Addresses Field.
(hint: it's not the IP address of your environment in the "Instance Details" page on ServiceNow Support)
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi, can any you please help me with the trusted IP details in the API token generation. I used 'stats.do' in my servicenow instance and get the ip address from there and followed it by /24. But that doesn't work for me as I am getting the Error while try to configure the view step.
"Unable to retrieve views from the Tanium server. Please check your connection and credentials"
So What should I put on the Trusted Ip Address field?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
In my update 3 posts above, I mentioned that I found success using the following:
- The correct Host URL to use is the Tanium API cloud URL: https://<customername>-api.cloud.tanium.com.
- We also confirmed the "Trusted IP Address" to use when creating the Tanium API Token is the "Source address used for integrations into customer network with NO VPN" IP Address under "My IP Addresses" for the desired ServiceNow environment in our ServiceNow Support portal.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Great Article!!!
We currently have Tanium up and running for EUC devices only.. As we no longer use SCCM to SNOW for a variety of reasons. @Anne Marie Duff, is there an easy way to feed SNOW with several different views from Tanium?
EG.
Laptops Desktops PC
Laptops MAC
Virtual PCs (VDI/AVD)
Servers - SNOW Discovery cannot access
Thank you!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @Anne Marie Duff ,
Thanks for your previous response, it was helpful.
I would like to know, If there is a way get asset tags from tanium? Could you assist on this ?
thanks
Kalyani
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @B Wetzstein,
The answer to your "is there an easy way to feed SNOW with several different views from Tanium, e.g.
Laptops Desktops PC, Laptops MAC, Virtual PCs (VDI/AVD),Servers" is below:
Yes, it is possible to feed data from Tanium to SNOW via several different Views through the use of the Tanium Service Graph Connector Multi Instance Feature. What you do is below:
1. Create your Device Specific View like e.g. Windows Servers in Tanium by making a copy of the ServiceNow Reserved View and adding the appropriate Filters to limit the data to e.g. Windows Servers etc. You could for example Filter on 'operating system' contains 'Windows Server' etc.
2. Go to Tanium Service Graph Connector Guided Setup and navigate to the Add Multi Instances section of Guided Setup to create a set of Scheduled Imports and Data Sources that will pull data from that specific View.
The Multi Instances subsection of the above C. Installing & Configuring Tanium Service Graph Connector on your ServiceNow Instance section of this Article describes how to create a set of Scheduled Imports and Data Sources that will pull data from a specific View. You select the Tanium View that you want these Data Sources to use in the Generate Data Sources and Scheduled Imports step in Multi Instances Setup.
Repeat these steps for the other different Device type Views you want to create like. For Virtual Type Devices you could Filter on e.g. 'Model' contains VMWare etc
At the end of this process you will be left with a different set of Scheduled Imports and Data Sources for each different Device Category. Would suggest that you use the Connection field explained in the above Multi Instances subsection to indicate Device Type like e.g. Server, Virtual, MAC, Windows etc to allow you to easily recognise the type of data that each set of Scheduled Import jobs pull in etc. e.g. Server - SG-Tanium Hardware and Software etc.
Lastly you will need to specify the time that you want each set of Scheduled Imports to run given that you could potentially have 5 different groups of jobs running on the same day etc.
Hoping this helps,
Thanks,
Anne-Marie
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Anne,
Thanks for explaining in details. I have a question.
While running scheduled imports i would like to restrict it only for computer and Software class and not to run for all the CI classes.
How can we do that?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Anne or anyone that uses Tanium SGC.
We are using Tanium as a source for SAM data. We have a new requirement to pull SWID information from servers. I found a blurb in this article - https://community.jamf.com/t5/jamf-pro/installing-tanium/m-p/176742
# awk -F> '/e_4/{print $(NF-1)}' /Library/Tanium/TaniumClient/swidtag/regid.2005-04.com.tanium.client.swidtag | cut -d"<" -f1
Has anyone pulled SWID data from servers for SAM, if so what tool did you use, if not Tanium? Please provide any recommendations? Thank you
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
How do you stop Tanium from duplicating software install records. How can we make it resolve to the same record that discovery creates. What value does Tanium use to determine new vs. existing software installations
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @PhilipHulsh,
For every VM Asset being monitored by Tanium (onPrem\Cloud), the Tanium Service Graph Connector creates a new Software Installation Record in the Software Installs[cmdb_sam_sw_install] Table for every Installed Application being tracked for these VM's in the Tanium Console (as described in the Installed Applications sub section of the above B. Analyze your Application Assets in Tanium Cloud section of this Article). In other words it mirrors exactly what Installed Applications it finds for a VM in Tanium in the Software Installs[cmdb_sam_sw_install] Table.
To answer your question "How do you stop Tanium from duplicating software install records?" refer to this Resolve duplicate software installations in the Software Installation table ServiceNow Documentation page that explains how the same Software Installation being discovered by multiple Discovery Sources on a particular CI are considered Duplicates. To answer your question "How can we make it resolve to the same record that discovery creates?" this documentation page explains how you can resolve these duplicate entries by running the job SAM - Deduplicate Install Table scheduled job.
In the Software Installs[cmdb_sam_sw_install] Table, only Software Install records that have their Active Install fields set to True will be considered from a SAM Licensing perspective. All the Software Install Records brought in by the Tanium Service Graph Connector have their Active Install field set to False by default. The SAM - Deduplicate Install Table Scheduled Job goes through all the Software Install Records for a CI and
determines what Software Install Records are Duplicates based on matching on the Product, Publisher and Version Fields from the Discovery Model associated with these Software Install Records. It marks only 1 of these Duplicate Install Records as Active Install=True with the rest being marked as Active Install=False.
The below screen shot demonstrates this where a Microsoft Update Health Tools Software Install Record was created by both Discovery and the Tanium Service Graph Connector. You can see from below that only the Discovery Microsoft Update Health Tools Software Install Record has Active=True meaning that this is the record that will be considered from a SAM Licensing perspective. This is the Record that the SAM - Deduplicate Install Table Scheduled Job choose to mark as Active=True with the other one being left by the Job as Active=False. It considered these Software Install records as Duplicates based on their match on Product, Publisher and Version (highlighted in yellow) from there respective Discovery Models and chose to mark the Discovery one as Active=True.
Hoping this helps,
Thanks,
Anne-Marie
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @Anne Marie Duff ,
We are setting up Tanium and came across a challenge with Trusted ip range set up.
we noticed that the same IP ranges are used for both sub-prod and prod instances.
Tanium allows only a single token per IP range, which means that since all instances share the same IP range, the integration connection is only permitted for one instance.
This has created a challenge in configuring the Tanium connection, as we need a sub-prod instance for development.
Has anyone encountered this situation? Any guidance would be appreciated.
Thanks,
Kalyani
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi All,
How do i Get the Assigned to populated from the Primary user field form Tanium?
Its not coming over with OOTB integration.
Thanks.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I'm trying to do a business case for getting Tanium SGC but i see there is a license cost for the connector on Servicenow store. does anyone know what this costs?
thanks