Exporting data to destinations

You can configure Asset to export data to external destinations, such as Tanium Connect, Flexera, and ServiceNow.

Flexera integrations with Asset are not currently possible because Flexera does not support the authentication method required to integrate with Tanium Cloud.

CSV file

You can copy data from an asset report table to the clipboard and paste the data in an application that can interpret a CSV file, such as a database. Select the rows that you want to copy and click Copy. You can then paste the information about the rows you selected.

To save the entire report as displayed in a CSV file, click Export . You might see an Export requested status message before you see a Download link for the CSV file. Each Asset user can export a single report at a time. Multiple Asset users can be signed in, each exporting a single report at the same time.

For scheduling, formatting, and large data sets, consider setting up a Connect destination that uses a view.

Tanium Connect

To export data from Asset to Connect destinations such as email, file, HTTP, Socket Receiver, Splunk, and SQL Server, create a connection.

SQL Server on Azure, Amazon Relational Database Service, and other database as a service providers are not supported as SQL Server destinations.

Requirements

Exporting reports with large data sets (more than 100,000 results) can have a significant performance impact.
If you need to export a large data set, select Asset Computers as the Type for the source and use a view. This source is available with Connect 4.8 and later. For more information about views, see Configuring views.

Create a connection

With Connect 4.3 to 4.7, choose Asset Report as the connection source. You can choose a predefined or custom Asset report as a connection source.

With Connect 4.8 and later, choose Choose Tanium Asset as the connection source. You can choose from the following types of Asset source: 

Asset Reports

Select a predefined or custom report as the connection source.

Asset Computers

  1. Select any view as a connection source and export structured data using an Asset view.
  2. If you do not enable Flatten Results, the entire data set that is retrieved for one computer is a single record. For example, if you are exporting Installed Applications, a computer has a single row with the entire list of installed applications in that same record. Any change that is made to this data set shows up in the destination. By enabling the Flatten Results setting, each installed application for a computer is processed as a single record.
  3. With Enhanced JSON, the results contain an array of objects for each reference table, instead of an array of strings, numbers, or dates for each reference attribute. The correlation between attributes and destinations can be easier to implement.
  4. Use the default batch size (200). Higher batch sizes can be slower due to increased processing for each batch.
  5. Configure the export format.
    • If you enable Enhanced JSON, you must also choose JSON as the format for your connection.
    • To customize the column names, expand the Columns section and click Add or Modify Columns. Change the display values in the Destination column as needed.
    • If you customize the columns, leave the Value Type as Unmodified to get the expected object output.

COMPATIBILITY

Use the following recommendations for Enhanced JSON and Flatten Results settings for each format in Connect. If you use an unsupported combination, connection failures might occur or incorrect data might get written to the destination.

Connect destination format compatibility
Format Enhanced JSON Support Recommendation
CEF Use Flatten Results
CSV Use Flatten Results
Delimiter separated Use Flatten Results
Elasticsearch Use Enhanced JSON without Flatten Results
HTML Use Flatten Results without Enhanced JSON
JSON Use Enhanced JSON without Flatten Results
LEEF (Optional) Use Flatten Results
SQL Server (Required) Use Flatten Results
Syslog (Optional) Use Flatten Results

Filtering No Results and Errors

Asset automatically filters no results and common error messages and does not send that data to the connection destination.

Examples

Compare the data that is returned from Asset installed applications. ClosedView JSON examples

Example: Enhanced JSON

Example: Flattened JSON

For more information about creating connections, see Tanium Connect User Guide.

Flexera One

If you use Flexera One with the IT Visibility or IT Asset Management applications, you can use Tanium as a data source.

Flexera One IT Visibility

For more information about using Tanium with Flexera One IT Visibility, see Flexera One documentation: Getting Started with IT Visibility and Flexera One documentation: Uploading Inventory Data into IT Visibility.

Flexera One IT Asset Management

For more information about using Tanium with Flexera One IT Asset Management (formerly known as FlexNet Manager Suite Cloud), see Flexera One documentation: Managing Tanium Connections.

  • To create the Flexera views, from the Asset menu, click Views > Create Views > Create Flexera Views. Do not edit or delete these views.
  • Steps 1a and 1b in the "Configuring Integration with Tanium" section of Flexera One documentation: Managing Tanium Connections are no longer applicable because staging databases are not used by Flexera One. The API is used for data exports.

(Optional) Enable file evidence content

 Asset can integrate with Tanium Index to provide file evidence information to Flexera.

  1. Configure Index security exclusions. See "Indexing file systems: Before you begin" in the Tanium Incident Response User Guide.

  2. Install Tanium Index and verify that endpoint file systems are being indexed. For assistance with installation, Contact Tanium Support.

    The Distribute Tanium Index Tools, Distribute Tanium Index Config, and Start Indexing packages must be deployed to the endpoints and the Index Status sensor should return Running. For more information, see "Install Index" and "Deploy Index tools to endpoints" in the Tanium Incident Response User Guide.

  3. When everything is configured, the Flexera Report File Evidence custom report begins to get populated with data.

Flexera FlexNet Manager Suite: 2019 R2.2 or later

If you have FlexNet Manager Suite 2019 R2.2 or later, you can use the Tanium Connector in FlexNet Manager Suite (FNMS) and the existing Tanium Client on your endpoints to export inventory data from Tanium into FNMS. Asset includes content with sensors that are specific to Flexera, including MS Exchange server, SQL server, Last Logged In, Number of CPU sockets, Short Domain, and so on.

FlexNet Manager Suite requirements

  • FlexNet Manager Suite 2019 R2.2 or later

  • FlexNet Beacon 14.2 or later

Tanium requirements

  • Tanium Server 7.3.0 or later

  • Tanium Asset 1.11 or later

  • A user with the Asset Report Reader role to use with the Tanium Asset API

You do not need to configure a Flexera destination in Asset. If you already have a Flexera destination configured in Asset that you set up for a previous version of Flexera, disable the destination after you complete the integration instructions.

Integration instructions

For detailed integration prerequisites and instructions, see Flexera documentation: Managing Tanium Connections.

  • The provided link is to the FlexNet Manager Suite 2022 R2 (On-Premises) documentation. For other versions, go to https://docs.flexera.com, select FlexNet Manager Suite and the version that you are using, and click the HTML link for FlexNet Manager Suite - Online Help. Search for Tanium and open the "Managing Tanium Connections" topic.
  • To create the Flexera views, from the Asset menu, click Views > Create Views > Create Flexera Views. Do not edit or delete these views.
  • Steps 1a and 1b in Flexera documentation: Managing Tanium Connections are no longer applicable because staging databases are not used by Flexera FlexNet Manager Suite 2019 R2.2 and later. The API is used for data exports.

(Optional) Enable file evidence content

 Asset can integrate with Tanium Index to provide file evidence information to Flexera.

  1. Configure Index security exclusions. See "Indexing file systems: Before you begin" in the Tanium Incident Response User Guide.

  2. Install Tanium Index and verify that endpoint file systems are being indexed. For assistance with installation, Contact Tanium Support.

    The Distribute Tanium Index Tools, Distribute Tanium Index Config, and Start Indexing packages must be deployed to the endpoints and the Index Status sensor should return Running. For more information, see "Install Index" and "Deploy Index tools to endpoints" in the Tanium Incident Response User Guide.

  3. When everything is configured, the Flexera Report File Evidence custom report begins to get populated with data.

Flexera FlexNet Manager Suite: 2019 R1 or earlier

If you have Flexera FlexNet Manager Suite 2019 R1 or earlier, you can use the Asset Flexera destination to populate endpoint information in FNMS. When you create a Flexera destination, you enable the Flexera-specific content and a set of custom reports and views are created that include the results of these sensors. To send the results of these reports to Flexera, a set of connections in Tanium Connect are automatically created that connect to the SQL database. Flexera communicates with this SQL database to populate information.

Requirements

  • Access to Connect with Connect User role.

  • Connect 4.3.0 or later. With Connect 4.8.0 and later, you can configure your Flexera connections to use views, which is better for large environments.

  • To create scheduled actions for the file evidence content, you must have Tanium Administrator privileges.
  • An SQL server to use for staging the Flexera data. This database can use Windows or mixed mode authentication. For more information, see Microsoft Docs: Authentication in SQL Server.

Configure Flexera staging database

You must have an SQL database configured that implements the required Flexera database schema.

Use the following query to create the required tables and schema for the Flexera staging database: <Module Server>\services\asset-service\content\flexera\CreateTaniumStagingDatabase.sql

Work with Tanium Support to create the required tables and schema for the Flexera staging database. For more information, see Contact Tanium Support.

For more information about configuring Microsoft SQL database to stage data for Flexera, Contact Tanium Support.

Add Flexera destination

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Create Destination > Flexera Destination.
  3. Edit the Flexera settings, including URL and credentials for the SQL server, log level, and the schedule at which you want the export to occur. Click Get Schemas. When you click this button, a connection is established with the SQL server that looks for databases that match the basic required schema to export Asset data. If a database matches these requirements, it is displayed in the Database and Schema fields.
  4. Click Create.

When you add a Flexera destination, the following actions occur: 

  • Additional attributes are added to Asset. These attributes will be pending until the next Tanium import. See View schedule and run import for more information.

  • Flexera reports are created in Asset. View these reports in the Reports section under Tanium Reports. Do not delete or modify these reports. Modifying these reports disrupts the Flexera export.
  • Flexera views are created. Do not edit these views because they can be overwritten. If necessary, you can look at the fields that are included in the Flexera views to create a copy of the view that includes different settings.

  • For each report, a connection is created in Connect that sends the report data to the SQL server using the views as a source.

Use Connect for all troubleshooting of the data transfer to the SQL server. Each Flexera connection contains information about the schedule and success or failure of the data transfer.

Configure Flexera to receive data from Tanium Asset

Check the contents of your custom reports in Asset and the data that is being exported to the configured SQL server. After the data you want is being exported, configure FlexNet Manager Suite to get data from the database. Work with your Flexera administrator to configure this integration.

(Optional) Enable file evidence content

 Asset can integrate with Tanium Index to provide file evidence information to Flexera.

  1. Configure Index security exclusions. See "Indexing file systems: Before you begin" in the Tanium Incident Response User Guide.

  2. Install Tanium Index and verify that endpoint file systems are being indexed. For assistance with installation, Contact Tanium Support.

    The Distribute Tanium Index Tools, Distribute Tanium Index Config, and Start Indexing packages must be deployed to the endpoints and the Index Status sensor should return Running. For more information, see "Install Index" and "Deploy Index tools to endpoints" in the Tanium Incident Response User Guide.

  3. When everything is configured, the Flexera Report File Evidence custom report begins to get populated with data.

ServiceNow: Tanium Asset integration

You can configure Tanium as a discovery source in ServiceNow, and then create a destination in Asset to export data to ServiceNow with a defined schedule.

Requirements

  • ServiceNow Jakarta or later release. ServiceNow Software Asset Management Pro is also supported.
  • Access to both a test and production instance of your ServiceNow Enterprise CMDB.
  • A service account for ServiceNow that has elevated privileges. After the initial integration is complete, you can Configure least privilege access in ServiceNow.

Test the data export against a copy of your ServiceNow instance before you configure Tanium Asset to export all data to your production instance of ServiceNow. Because the built in identification rules in ServiceNow assume unique computer names or serial numbers, you might need to add one or more identification rules to achieve consistent and expected results.

Prepare ServiceNow to receive Tanium data

  1. In ServiceNow, go to All > System Definition > Choice Lists.

    Enter Choice Lists in the menu filter to quickly navigate to that menu item.

  2. Click New.
  3. In the Table dropdown menu, select Configuration Item [cmdb_ci].
  4. In the Element field, enter discovery_source.
  5. In the Label field, enter Tanium.
  6. In the Value field, enter Tanium.
  7. Click Submit.

Confirm that you successfully created the item:

  1. Go to to All > System Definition > Choice Lists.
  2. Click Show/Hide filter .
  3. In the -- choose field -- dropdown menu, select Table.
  4. Leave the default operator, starts with, and in the Input value field, enter cmdb_ci.
  5. Click AND.
  6. In the -- choose field -- dropdown menu, select Element.
  7. Leave the default operator, starts with, and in the Input value field, enter discovery_source.
  8. Click AND.
  9. In the -- choose field -- dropdown menu, select Label.
  10. Leave the default operator, starts with, and in the Input value field, enter Tanium.
  11. Click Run.

You should see the Tanium choice that you added. If you do not see it, go back and check to confirm that you completed each step.

If you are using ServiceNow Paris 10 or Quebec or later with the Tanium Asset integration, ServiceNow creates duplicate entries for some CIs (such as Network Adapters, Storage Devices, and File Systems) in the ServiceNow CMDB when an export runs. To resolve this issue, see Fix duplicate entries in ServiceNow with Tanium Asset integration.

Add tables and Update Identification Rules

You can optionally work with Tanium Support and your ServiceNow administrator to add tables or update identification rules in ServiceNow. For more information about contacting Tanium Support, see Contact Tanium Support.

Adding identification rules is required if any endpoints in your environment have duplicate serial numbers or computer names. For more information about configuring identification rules, see ServiceNow Documentation: Create or edit a CI identification rule.

Add ServiceNow as a destination

To enable data to be exported to the ServiceNow CMDB from Asset, enter your ServiceNow Host URL and credentials.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click Create Destination > ServiceNow Destination.
  3. Edit the settings, including the ServiceNow Host URL and credentials, log level, view, and the schedule at which you want the export to occur.
    The log level affects the logging in the job/date_time_job#_servicenow_config#.log files. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job.
    For more information about Cron, see Reference: Cron syntax.

Exclude computers from exported ServiceNow data

(Optional) When you create a ServiceNow destination, a reserved view is created. The ServiceNow (reserved) view includes all computers. Create a view with filters enabled if you want to narrow the scope of the export.

  1. From the Asset menu, click Views. Hover over the ServiceNow (reserved) view, and click Create Copy .
  2. Edit and rename the copy of the reserved view. Add a filter to limit the computers that are exported. In this new view, do not select Should be filtered out of the view on any of the filters.

  3. From the Asset menu, click Inventory Management > Destinations > ServiceNow_Destination. Click Edit .

  4. In the View section, select the new view that you created.
  5. Click Update to save the changes.

Edit ServiceNow export mappings

(Optional) After you create the ServiceNow destination, you can edit the Asset to ServiceNow mappings.

  1. To add an attribute, find the details for the attribute.

    1. From the Asset menu, click Inventory Management > Attributes.

    2. Click Customize Columns, and select Table Name and Field Name.

    3. Use the Filter Items search to find the attribute.

  2. Click Inventory Management > Destinations > ServiceNow. Click Edit . In the ServiceNow Export Mapping section, add the new mapping. You can also edit individual mappings.

    For more information about the mappings, see Reference: ServiceNow mappings. Contact Tanium Support to properly edit the ServiceNow export mappings. For more information, Contact Tanium Support.

Run export

You can run an export to ServiceNow CMDB outside of the configured schedule. From the Asset menu, click Inventory Management > Schedules> Export Schedules. Under your ServiceNow destination in the Asset Export Destinations section, click Run Now.

Check data in ServiceNow

After the Status in the schedule says complete, you can check for the data in ServiceNow CMDB.

  1. Sign in to your ServiceNow Enterprise CMDB.
  2. Search for an Asset attribute, such as Computer.
  3. Check the data that got imported into the table.

Configure least privilege access in ServiceNow

After the initial integration with ServiceNow is complete, you can create a role for the Tanium Service Account. This role has an ACL that provides only the necessary permissions.

For more information, see Tanium Community article: Configuring least privilege access for ServiceNow integration (registration is required).

ServiceNow: Service Graph Connector

If you have ServiceNow Orlando Patch 7 or later or Paris Patch 1 or later, you can configure the ServiceNow Service Graph Connector for Tanium app in ServiceNow to import data from Tanium into the ServiceNow CMDB. This integration uses a MID server to collect data from the Tanium Asset API, then sends the data to the ServiceNow data source. For more information, see ServiceNow Store: Service Graph Connector for Tanium.

Tanium requirements

  • Tanium Server 7.4.5 or later

  • Tanium™ Asset 1.17.130 or later

  • A user with the Asset Report Reader role to use with the Tanium Asset API
  • An API token owned by the user that has the Asset Report Reader role

You do not need to configure a ServiceNow destination in Asset. If you already have a ServiceNow destination configured in Asset that you set up previously, disable the destination after you complete the integration instructions.

Additionally, the logs generated when importing Asset data into the Service Graph Connector using the API are available only in ServiceNow. If you run into issues with the import you must create a ticket with ServiceNow before contacting Tanium Support.

Integration instructions

This integration depends on a custom view from Tanium. To create this view, complete the following steps.

  1. From the Asset menu, click Views.
  2. If you have not already done so, click Create View > Create ServiceNow View to create the ServiceNow (reserved) view.

    3. The ServiceNow (reserved) view cannot be modified. You must create a copy of this view to use in this integration.

  3. In the list of views, locate the ServiceNow (reserved) view and click Create Copy.
  4. Rename the new view. 
  5. In the Select Columns from Asset Tables section, add the following data to the view: 
    • Add everything under SIU Product Usage.
    • Expand Asset and add Last Seen.
    • Expand Network Adapter and add Model.
  6. Click Submit to save the view.