Exporting data to destinations

You can configure Asset to export data to external destinations, such as ServiceNow CMDB.

CSV file

You can copy data from an asset report table to the clipboard and paste the data in an application that can interpret a CSV file, such as a database. Select the rows that you want to copy and click Copy to Clipboard . You can then paste the information about the rows you selected.

To save the entire report as displayed in a CSV file, click Export .

Tanium Connect

To export data from Asset to Connect destinations such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server, create a connection.

Before you begin

  • You must have access to Connect with Connect User role.
  • You must have an Asset report or view from which you want to export data. See Building reports and Configuring views.

Create a connection

With Connect 4.3 to 4.7, choose Asset Report as the connection source. You can choose a predefined or custom Asset report as a connection source.

With Connect 4.8 and later, choose Tanium Asset as the connection source. You can choose from the following types of Asset source: 

Asset Reports

Select any predefined or custom report as the connection source.

Asset Computers

Select any view as a connection source and export structured data using an Asset view.

If you do not enable Flatten Results, the entire data set that is retrieved for one computer is a single record. For example, if you are exporting Installed Applications, a computer has a single row with the entire list of installed applications in that same record. Any change that is made to this data set shows up in the destination. By enabling the Flatten Results setting, each installed application for a computer is processed as a single record.

With Enhanced JSON, the results contain an array of objects for each reference table, instead of an array of strings, numbers, or dates for each reference attribute. The correlation between attributes and destinations can be easier to implement.

  • If you enable Enhanced JSON, you must also choose JSON as the format for your connection.
  • To customize the column names, expand the Columns section and click Add or Modify Columns. Change the display values in the Destination column as needed.
  • If you customize the columns, leave the Value Type as Unmodified to get the expected object output.

COMPATIBILITY

Use the following recommendations for Enhanced JSON and Flatten Results settings for each format in Connect. If you use an unsupported combination, connection failures might occur or incorrect data might get written to the destination.

Table 1:   Connect destination format compatibility
Format Enhanced JSON Support Recommendation
CEF Use Flatten Results
CSV Use Flatten Results
Delimiter separated Use Flatten Results
Elasticsearch Use Enhanced JSON without Flatten Results
HTML Use Flatten Results without Enhanced JSON
JSON Use Enhanced JSON without Flatten Results
LEEF (Optional) Use Flatten Results
SQL Server (Required) Use Flatten Results
Syslog (Optional) Use Flatten Results

Examples

Compare the data that is returned from Asset installed applications. ClosedView JSON examples

Example: Enhanced JSON

Example: Flattened JSON

For more information about creating connections, see Tanium Connect Users Guide.

ServiceNow CMDB

Before you begin

  • You must be using ServiceNow Jakarta release or later.
  • You must have access to both a test and production instance of your ServiceNow Enterprise CMDB.
  • You must have a service account for ServiceNow that has elevated privileges.

Test the data export against a copy of your ServiceNow instance before you configure Tanium Asset to export all data to your production instance of ServiceNow. Because the built in identification rules in Service now assume unique computer names or serial numbers, you might need to add one or more identification rules to achieve consistent and expected results.

Prepare ServiceNow to receive Tanium data

  1. In ServiceNow, add an entry for Tanium as a choice in the discovery_source column of the ci_item table. Use Tanium as the value in both the Label and Value fields.
  2. (Optional) Work with your TAM and ServiceNow administrator to update identification rules in ServiceNow. Adding identification rules is required if any endpoints in your environment have duplicate serial numbers or computer names. For more information about configuring identification rules, see:

Add ServiceNow as a destination

To enable data to be exported to the ServiceNow CMDB from Asset, enter your ServiceNow Host URL and credentials.

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click New Destination > ServiceNow Destination.
  3. Edit the settings, including the ServiceNow Host URL and credentials, log level, and the schedule at which you want the export to occur.
    The log level affects the logging in the job/date_time_job#_servicenow_config#.log files. If you enable Trace level logging on your ServiceNow configuration, numbered subdirectories, for example job/65, are created that contain all of the POST and GET requests for that job.
    For more information about Cron, see Reference: Cron syntax.

 

 

Run export

You can run an export to ServiceNow CMDB outside of the configured schedule. From the Asset Menu, click Inventory Management > Schedules. Under your ServiceNow destination in the Asset Export Destinations section, click Run Now.

 

Check data in ServiceNow

After the Status in the schedule says complete, you can check for the data in ServiceNow CMDB.

  1. Log in to your ServiceNow Enterprise CMDB.
  2. Search for an asset attribute, such as computer.
  3. Check the data that got imported into the table.

Flexera FlexNet Manager Suite

You can use the existing Tanium Client on your endpoints to populate information in Flexera FlexNet Manager Suite (FNMS). Asset includes content with sensors that are specific to Flexera, including MS Exchange server, SQL server, Last Logged In, Number of CPU sockets, Short Domain, and so on. When you create a Flexera destination, you enable this content and a set of custom reports are created that include the results of these sensors. To send the results of these reports to Flexera, a set of connections in Tanium Connect are automatically created that connect to the SQL database. Flexera communicates with this SQL database to populate information.

Before you begin

  • You must have access to Connect with Connect User role.
  • To create scheduled actions for the file evidence content, you must have Tanium Administrator privileges.
  • You must have an SQL database configured that implements the required Flexera database schema. Contact your TAM for more information about how to set up this database.

Add Flexera destination

  1. From the Asset menu, click Inventory Management > Destinations.
  2. Click New Destination > Flexera Destination.
  3. Edit the Flexera settings, including URL and credentials for the SQL server, log level, and the schedule at which you want the export to occur. Click Get Schemas. When you click this button, a connection is established with the SQL server that looks for databases that match the basic required schema to export Asset data. If a database matches these requirements, it is displayed in the Database and Schema fields.
  4. Click Create.

When you add a Flexera destination, the following actions occur: 

  • Additional attributes are added to Asset. These attributes will be pending until the next Tanium import. See View schedule and run import for more information.

  • Flexera reports are created in Asset. View these reports in the Reports section under Custom Reports. Do not delete or modify these reports. Modifying these reports disrupts the Flexera export.
  • For each report, a connection is created in Connect that sends the report data to the SQL server

Use Connect for all troubleshooting of the data transfer to the SQL server. Each Flexera connection contains information about the schedule and success or failure of the data transfer.

Configure Flexera to receive data from Tanium Asset

Check the contents of your custom reports in Asset and the data that is being exported to the configured SQL server. After the data you want is being exported, configure FlexNet Manager Suite to get data from the database. Work with your Flexera administrator to configure this integration.

Enable file evidence content

(Optional) Asset can integrate with Tanium Index to provide file evidence information to Flexera.

  1. Install Tanium Index and verify that endpoint file systems are being indexed. The Distribute Tanium Index Tools , Distribute Tanium Index Config and Start Indexing packages must be deployed to the endpoints and the Index Status sensor should return Running. For more information, see Tanium Incident Response User Guide: Install Index and Tanium Incident Response User Guide: Deploy Index tools.
  2. Deploy the Distribute Tanium Asset Tools package to your endpoints. To ensure that the tools get installed as new endpoints come online, create a saved action that targets endpoints that return Not Installed from the Asset File Evidence Status sensor. Configure the saved action as a scheduled action. For example, you might schedule Distribute Tanium Asset Tools to run every hour.
  3. Deploy the Asset Start File Evidence Scan package to your endpoints. From Interact, target a set of endpoints to gather file evidence from which the Asset File Evidence Status sensor returns Installed. Click Deploy Action and create an action that deploys the Asset Start File Evidence Scan package. To ensure that the scan is restarted when a computer restarts, configure the saved action as a scheduled action.
  4. When everything is configured, the Flexera Report File Evidence custom report begins to get populated with data.

Last updated: 9/18/2018 1:48 PM | Feedback