Service Graph Connector for Tanium

Release version: Zurich

Updated July 31, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Service Graph Connector for Tanium

The Service Graph Connector for Tanium enables ServiceNow customers to import hardware, software, and software usage data from their Tanium environments directly into their ServiceNow instance. This integration supports robust CMDB population and maintenance by leveraging Tanium data for configuration items (CIs) and software usage metrics.

Show full answer Show less

Supported Versions and Upgrade Considerations

Supported Tanium versions for hardware and software data start from 1.9, and for software usage from 1.17.
Compatible with ServiceNow releases Washington DC, Xanadu, and Yokohama.
Tanium Platform 7.6.2 and later versions require token-based authorization only.
For on-premise setups:
- Single-instance users must reconfigure existing connections to use token-based auth.
- Multi-instance users must deactivate previous basic auth scheduled jobs and create new token-based connections.

Configuration and Management

Customers should use the SGC Central view within the Service Graph Workspace or CMDB Workspace to install, configure, and manage the connector lifecycle. This centralized interface supports discovering connectors, creating and editing connections, monitoring, and debugging.

Note that the previous guided setup method is deprecated and SGC Central should be used unless configuration issues arise.

Monitoring Integrations

The Integration Commons for CMDB app provides a CMDB Integrations Dashboard that offers a centralized view of all installed integrations’ statuses, processing outcomes, and errors. It includes filtering capabilities by integration, time period, and run instance, facilitating effective monitoring of Tanium data ingestion.

Data Mapping and Processing

Data from Tanium sources is mapped and transformed into ServiceNow CMDB CI classes using the Robust Transform Engine (RTE) and inserted via the Identification and Reconciliation Engine (IRE).

The connector processes several data sources:

Applications: Mapped from SG-Tanium Applications source.
Hardware and Software: Includes computers, file systems, disks, IP addresses, software, and software instances or installations depending on whether the Software Asset Management (SAM) application is installed.
Software Usage: Available only if the SAM Professional plugin is activated, capturing software usage metrics.
Software Removal: Handles deletion of software records no longer present, with buffer timing controls to avoid premature removal based on hardware scan recency.

System properties allow configuring buffer days to delay software removal, preventing data loss due to timing issues between hardware scans and software data imports.

Customers can use the IntegrationHub ETL app to view and manage data maps, enhancing visibility and control over the integration data flows.

Additional Resources

For step-by-step configuration guidance, customers are encouraged to consult the “How do I configure the Tanium Service Graph Connector?” article on the ServiceNow Community site.

Use the Service Graph Connector for Tanium to bring in hardware, software, and software usage data from a Tanium environment into your ServiceNow instance.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Supported versions

Table 1. Versions
Tanium	ServiceNow
Tanium 1.9 or later versions for hardware and software Tanium 1.17 or later versions for software usage	Washington DC Xanadu Yokohama

Important information for upgrading Service Graph Connector for Tanium

Tanium Platform 7.6.2 or later versions support token-based authorization only. After you have installed the latest version of the Service Graph Connector for Tanium, verify the following configurations to use Tanium Platform 7.6.2 or later versions in your on-premise setups:

For a single instance, reconfigure the authentication type of an existing connection to use token-based authorization.
For multiple instances, deactivate the existing scheduled jobs for previously configured instances that used basic authorization, and then create and configure new instances to use token-based authorization.

Configuring a connection

Use the SGC Central view in the Service Graph Workspace or CMDB Workspace to install the connector and configure the connection. The view enables you to install and discover connectors and to manage the full life cycle of creating, editing, monitoring, and debugging connections. For instructions, see Configure Service Graph Connector for Tanium using SGC Central.

Important:

Unless there are configuration issues, use SGC Central to configure the connection. The guided setup method for configuration is being deprecated.

CMDB integrations dashboard

The Integration Commons for CMDB store app provides a dashboard with a central view of the status, processing results, and processing errors of all installed integrations. You can see metrics for all integration runs. You can filter the view to a specific CMDB integration, a specific time duration, or a specific integration run. For more details about monitoring Tanium integrations in the CMDB Integrations Dashboard, see Using the CMDB Integrations Dashboard.

Data mapping

Data from the Tanium data sources is mapped and transformed into the ServiceNow CMDB Configuration Item (CI) class definitions using the Robust Transform Engine (RTE). Data is inserted into the ServiceNow CMDB using the Identification and Reconciliation Engine (IRE).

The following table describes the data sources, the staging tables, and the target tables including CMDB CI and non-CMDB CI classes for the Tanium application.

Table 2. Data mapping for Tanium
Data source	Staging table	Target tables	Resource types
SG-Tanium Applications	SG-Tanium Applications [sn_tanium_integ_sg_tanium_applications]	Application Running Process TCP	Applications
SG-Tanium Hardware and Software	SG Tanium Import [sn_tanium_integ_sg_tanium_import]	Computer File System Disk IP Address When the Software Asset Management (SAM) application isn't installed: Software Software Instance When the SAM application is installed: Software Installation	Server and software
SG-Tanium Usage	SG Tanium Usage Import [sn_tanium_integ_sg_tanium_usage_import]	Software Usage [samp_sw_usage]	None
SG-Tanium Remove Software	Integration Commons Remove Record [sn_cmdb_int_util_remove_record]	None	None

Note:

The SG-Tanium Usage data source is available only when the Software Asset Management Professional plugin (com.snc.samp) plugin is activated on your ServiceNow instance. See Request Software Asset Management.
The SG-Tanium Remove Software data source creates import sets and uses the transform map-based method for removing any target records for software data that weren't updated in the last delta query check. See Managing CMDB data deletion.
Starting with the Service Graph Connector for Tanium 1.8.0 release, a buffer time is added for software removal when the buffer_days_from_last_scan_for_hardware system property is enabled. When this system property is enabled, the software removal candidate is removed only if the last scan time of the hardware on which the software removal candidate is installed is earlier than the last success import time + buffer time. To enable this property, set the value of the buffer_days_from_last_scan_for_hardware system property to a non-zero numeral value according to the number of days of buffer that you require. To disable this property, set the value to 0.

You can use the IntegrationHub ETL app to view the data maps. See IntegrationHub ETL for more information.

Additional resource

How do I configure the Tanium Service Graph Connector? article on the ServiceNow Community site