Hi Community,
In the case of SGC Tanium usage, Tanium provide the last 90 days data.
We can found in some cases, several records for the same servers.
We want to filter the oldest records to prevent flip-flap on Cis records.
We installed the IntegrationHUB ETL (IHE).
At the beginning, i thinked to modify the SGC Tanium data treatment via IHE :
- create a custom field via "prepare source data for mapping" to validate via an edit/transform that the "last_seen_at" date is oldiest thant a value (48 hours for example) and push a true/false value on the custom attributs
- apply a filter on the following step "Select CMDB Classes to Map Source Data" to exclude the data
But i found that we can't change, add or delete (inactivate only) new filter conditions.
The only way seems to create a new map source and deactive the previous.
That doesn't seem very flexible.
Do you know a way (the more standard possible) to change a filter on a basic class ?
Do you known if an idea have been created on this ?
In the meantime, we are moving towards a business rule on the [sn_tanium_integ_sg_tanium_import].
It's not the more effecticient way from my point of view, but pending more user-friendly management via the IntegrationHub ETL interface...
Thks
