Exporting data to destinations

You can configure Asset to export data to external destinations, such as Tanium Connect, ServiceNow, and Flexera.

CSV file

You can copy data from an asset report table to the clipboard and paste the data in an application that can interpret a CSV file, such as a database. Select the rows that you want to copy and click Copy. You can then paste the information about the rows you selected.

To save the entire report as displayed in a CSV file, click Export . You might see an Export requested status message before you see a Download link for the CSV file. Each Asset user can export a single report at a time. Multiple Asset users can be logged in, each exporting a single report at the same time.

For scheduling, formatting, and large data sets, consider setting up a Connect destination.

Tanium Connect

To export data from Asset to Connect destinations such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server, create a connection.

Before you begin

  • You must have access to Connect with Connect User role.
  • You must have an Asset report or view from which you want to export data. See Building reports and Configuring views.

Create a connection

With Connect 4.3 to 4.7, choose Asset Report as the connection source. You can choose a predefined or custom Asset report as a connection source.

With Connect 4.8 and later, choose Choose Tanium Asset as the connection source. You can choose from the following types of Asset source: 

Asset Reports

Select any predefined or custom report as the connection source.

Asset Computers

  1. Select any view as a connection source and export structured data using an Asset view.
  2. If you do not enable Flatten Results, the entire data set that is retrieved for one computer is a single record. For example, if you are exporting Installed Applications, a computer has a single row with the entire list of installed applications in that same record. Any change that is made to this data set shows up in the destination. By enabling the Flatten Results setting, each installed application for a computer is processed as a single record.
  3. With Enhanced JSON, the results contain an array of objects for each reference table, instead of an array of strings, numbers, or dates for each reference attribute. The correlation between attributes and destinations can be easier to implement.
  4. Use the default batch size (200). Higher batch sizes can be slower due to increased processing for each batch.
  5. Configure the export format.
    • If you enable Enhanced JSON, you must also choose JSON as the format for your connection.
    • To customize the column names, expand the Columns section and click Add or Modify Columns. Change the display values in the Destination column as needed.
    • If you customize the columns, leave the Value Type as Unmodified to get the expected object output.

COMPATIBILITY

Use the following recommendations for Enhanced JSON and Flatten Results settings for each format in Connect. If you use an unsupported combination, connection failures might occur or incorrect data might get written to the destination.

Table 1:   Connect destination format compatibility
Format Enhanced JSON Support Recommendation
CEF Use Flatten Results
CSV Use Flatten Results
Delimiter separated Use Flatten Results
Elasticsearch Use Enhanced JSON without Flatten Results
HTML Use Flatten Results without Enhanced JSON
JSON Use Enhanced JSON without Flatten Results
LEEF (Optional) Use Flatten Results
SQL Server (Required) Use Flatten Results
Syslog (Optional) Use Flatten Results

Filtering No Results and Errors

Asset automatically filters no results and common error messages and does not send that data to the connection destination.

Examples

Compare the data that is returned from Asset installed applications. ClosedView JSON examples

Example: Enhanced JSON

Example: Flattened JSON

For more information about creating connections, see Tanium Connect User Guide.

ServiceNow: Orlando Patch 7 or later

If you have ServiceNow Orlando Patch 7 or later or Paris Patch 1 or later, you can configure the Service Graph Connector for Tanium Asset app in ServiceNow to import data from Tanium into the ServiceNow CMDB. This integration uses a MID server to collect data from the Tanium Assets API, then sends the data to the ServiceNow data source.

ServiceNow requirements

Tanium requirements

Have the following information available when you configure the Tanium Asset app in ServiceNow:

  • A user with the Asset Report Reader role to use with the API.
  • A view defined in Asset to represent the data that you want to send to ServiceNow.

  • The URL or IP address of the Tanium Server.

If you are using the Tanium Asset app and have an existing ServiceNow destination in Asset, disable the destination after you complete these steps.

Configure secure communication with MID Server

The MID Server is a ServiceNow application that facilitates communication and movement of data between the ServiceNow and external data sources. For the MID Server to communicate with Tanium, you must configure security settings and certificates.

These settings ensure that a valid certificate is used during communication, establishing secure communication between the MID Server and Tanium. If you do not configure these settings, proper certificate validation might not be enforced, resulting in additional security risks that are associated with trusting invalid certificates.

  1. Update the glide.properties settings on the MID server to enable SSL certificate verification. For more information about updating these settings, see ServiceNow Product Documentation: General security settings properties. Set the following values: 

    com.glide.communications.trustmanager_trust_all=false
    com.glide.communications.httpclient.verify_hostname=true

    After you update these properties, restart the MID Server.

  2. Add the Tanium server certificate to the MID Server.

    1. Download the Tanium server certificate. You can download the certificate from the Tanium Server when you log into Tanium from a web browser. For example, in Google Chrome, click the lock icon next to the URL, then click Certificate. Drag the image of the certificate to a location on your computer, which makes a local copy of the CER file.
    2. Add the certificate to the MID server. See ServiceNow Product Documentation: Add SSL certificates for the MID Server.

Configure Service Graph Connector for Tanium Asset app in ServiceNow

In ServiceNow, configure the Service Graph Connector for Tanium Asset app to connect to the Tanium Assets API. Follow the steps in the Getting Started wizard on the Setup page.

  1. Connect to the Tanium Assets API.
    1. For the Configure Credentials step: Specify the Tanium user with Asset Report Reader role. Click Update.
    2. Complete the Configure Connection Details step: 

      • Specify the Tanium Server IP address or host name.
      • Select the MID server on which you configured the Tanium server certificate.
      • Click Test Connection.
      • After the connection completes, in Asset View, select the copy of the ServiceNow (reserved) view.
      • Click Update.
  2. (Optional) Configure field mappings.
    If you have custom fields or tables, you can create field mappings.
  3. Schedule imports.
    Configure how often to pull data from the Assets API. Select the Active check box to update the Repeat Interval and Starting time. By default, concurrent imports are enabled, with a partition size of 15000 records. Click Update to save the settings. Click Execute Now to run the data import before the next scheduled time.

Monitor and verify data

  • Monitor the data imports on the CMDB Integrations Dashboard in ServiceNow. Click CMDB Applications > Tanium Asset Application. You can view actively running imports, errors, number of records imported, and so on.
  • After an import completes, you can check for the data in ServiceNow CMDB. Search for an Asset attribute, such as Computer and verify that Tanium data was added.

ServiceNow: Jakarta-New York

You can configure Tanium as a discovery source in ServiceNow, and then create a destination in Asset to export data to ServiceNow with a defined schedule.

Before you begin

  • You must be using ServiceNow Jakarta-New York release. ServiceNow Software Asset Management Pro is also supported.
  • You must have access to both a test and production instance of your ServiceNow Enterprise CMDB.
  • You must have a service account for ServiceNow that has elevated privileges. After the initial integration is complete, you can Configure least privilege access in ServiceNow.

Test the data export against a copy of your ServiceNow instance before you configure Tanium Asset to export all data to your production instance of ServiceNow. Because the built in identification rules in ServiceNow assume unique computer names or serial numbers, you might need to add one or more identification rules to achieve consistent and expected results.

Prepare ServiceNow to receive Tanium data

  1. In ServiceNow, add an entry for Tanium as a choice in the discovery_source column of the cmdb_ci table. Use Tanium as the value in both the Label and Value fields.
  2. (Optional) Work with Tanium Support and your ServiceNow administrator to update identification rules in ServiceNow. (For more information, see Contact Tanium Support.) Adding identification rules is required if any endpoints in your environment have duplicate serial numbers or computer names. For more information about configuring identification rules, see:

Add ServiceNow as a destination

To enable data to be exported to the ServiceNow CMDB from Asset, enter your ServiceNow Host URL and credentials.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Create Destination > ServiceNow Destination.
  3. Edit the settings, including the ServiceNow Host URL and credentials, log level, view, and the schedule at which you want the export to occur.
    The log level affects the logging in the job/date_time_job#_servicenow_config#.log files. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job.
    For more information about Cron, see Reference: Cron syntax.

Exclude computers from exported ServiceNow data

(Optional) When you create a ServiceNow destination, a reserved view is created. The ServiceNow (reserved) view includes all computers. Create a view with filters enabled if you want to narrow the scope of the export.

  1. From the Asset menu, click Views. Hover over the ServiceNow (reserved) view, and click Create Copy .
  2. Edit and rename the copy of the reserved view. Add a filter to limit the computers that are exported. In this new view, do not select Should be filtered out of the view on any of the filters.
  3. From the Asset menu, click Inventory Management > Destinations > ServiceNow_Destination. Click Edit .

  4. In the View section, select the new view that you created.
  5. Click Update to save the changes.

Edit ServiceNow export mappings

(Optional) After you create the ServiceNow destination, you can edit the Asset to ServiceNow mappings.

From the Asset menu, click Inventory Management > Destinations > ServiceNow. Click Edit . In the ServiceNow Export Mapping section, you can add and edit individual mappings.

Contact Tanium Support to properly edit the ServiceNow export mappings. For more information, see Contact Tanium Support.

Run export

You can run an export to ServiceNow CMDB outside of the configured schedule. From the Asset menu, click Inventory Management > Schedules> Export Schedules. Under your ServiceNow destination in the Asset Export Destinations section, click Run Now.

Check data in ServiceNow

After the Status in the schedule says complete, you can check for the data in ServiceNow CMDB.

  1. Log in to your ServiceNow Enterprise CMDB.
  2. Search for an Asset attribute, such as Computer.
  3. Check the data that got imported into the table.

Configure least privilege access in ServiceNow

After the initial integration with ServiceNow is complete, you can create a role for the Tanium Service Account. This role has an ACL that provides only the necessary permissions.

For more information, see Tanium Support Knowledge Base: Configuring least privilege access for ServiceNow integration (login required).

Flexera FlexNet Manager Suite: 2019 R2.2 or later

If you have FlexNet Manager Suite 2019 R2.2 or later, you can use the Tanium Connector in FlexNet Manager Suite (FNMS) and the existing Tanium Client on your endpoints to export inventory data from Tanium into FNMS. Asset includes content with sensors that are specific to Flexera, including MS Exchange server, SQL server, Last Logged In, Number of CPU sockets, Short Domain, and so on.

FlexNet Manager Suite requirements

  • FlexNet Manager Suite 2019 R2.2 or later

  • FlexNet Beacon 14.2 or later

Tanium requirements

  • Tanium Server 7.3.0 or later
  • Tanium Asset 1.6.3 or later

You do not need to configure a Flexera destination in Asset. If you already have a Flexera destination configured in Asset that you set up for a previous version of Flexera, disable the destination after you complete the integration instructions.

Integration instructions

For detailed integration prerequisites and instructions, see "Tanium Connector" in Flexera FlexNet Manager Suite Inventory Adapters and Connectors Reference.

Flexera FlexNet Manager Suite: 2019 R1 or earlier

If you have Flexera FlexNet Manager Suite 2019 R1 or earlier, you can use the Asset Flexera destination to populate endpoint information in FNMS. When you create a Flexera destination, you enable the Flexera-specific content and a set of custom reports and views are created that include the results of these sensors. To send the results of these reports to Flexera, a set of connections in Tanium Connect are automatically created that connect to the SQL database. Flexera communicates with this SQL database to populate information.

Before you begin

  • You must have access to Connect with Connect User role.
  • You must have Connect 4.3.0 or later. With Connect 4.8.0 and later, you can configure your Flexera connections to use views, which is better for large environments.

  • To create scheduled actions for the file evidence content, you must have Tanium Administrator privileges.
  • You must have an SQL server to use for staging the Flexera data. This database can use Windows or mixed mode authentication. For more information, see Microsoft Docs: Authentication in SQL Server.

Configure Flexera staging database

You must have an SQL database configured that implements the required Flexera database schema.

Use the following query to create the required tables and schema for the Flexera staging database: <Module Server>\services\asset-service\content\flexera\CreateTaniumStagingDatabase.sql

Work with Tanium Support to create the required tables and schema for the Flexera staging database. For more information, see Contact Tanium Support.

For more information about configuring Microsoft SQL database to stage data for Flexera, see Tanium Support Knowledge Base: Configuring Microsoft SQL database to stage data for export to Flexera (login required).

Add Flexera destination

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Create Destination > Flexera Destination.
  3. Edit the Flexera settings, including URL and credentials for the SQL server, log level, and the schedule at which you want the export to occur. Click Get Schemas. When you click this button, a connection is established with the SQL server that looks for databases that match the basic required schema to export Asset data. If a database matches these requirements, it is displayed in the Database and Schema fields.
  4. Click Create.

When you add a Flexera destination, the following actions occur: 

  • Additional attributes are added to Asset. These attributes will be pending until the next Tanium import. See View schedule and run import for more information.

  • Flexera reports are created in Asset. View these reports in the Reports section under Tanium Reports. Do not delete or modify these reports. Modifying these reports disrupts the Flexera export.
  • Flexera views are created. Do not edit these views because they can be overwritten. If necessary, you can look at the fields that are included in the Flexera views to create a copy of the view that includes different settings.


  • For each report, a connection is created in Connect that sends the report data to the SQL server using the views as a source.

 

Use Connect for all troubleshooting of the data transfer to the SQL server. Each Flexera connection contains information about the schedule and success or failure of the data transfer.

Configure Flexera to receive data from Tanium Asset

Check the contents of your custom reports in Asset and the data that is being exported to the configured SQL server. After the data you want is being exported, configure FlexNet Manager Suite to get data from the database. Work with your Flexera administrator to configure this integration.

(Optional) Enable file evidence content

 Asset can integrate with Tanium Index to provide file evidence information to Flexera.

  1. Configure Index security exclusions. See Tanium Incident Response User Guide: Before you begin.

  2. Install Tanium Index and verify that endpoint file systems are being indexed. For assistance with installation, Contact Tanium Support.

    The Distribute Tanium Index Tools , Distribute Tanium Index Config and Start Indexing packages must be deployed to the endpoints and the Index Status sensor should return Running. For more information, see Tanium Incident Response User Guide: Install Index and Tanium Incident Response User Guide: Deploy Index tools.

  3. When everything is configured, the Flexera Report File Evidence custom report begins to get populated with data.