Configuring sources

Sources define how Asset gets data. By default, the source data in Asset comes from Tanium, populated from saved questions that are scheduled on a configurable basis.By default, the source data in Asset comes from Tanium, populated from sensor data stored in Tanium Data Service. You can augment Asset inventory data with external data from an SQL Server database, custom sources, or data pushed to Asset by API Gateway using an Import API source. By importing data that is typically not available on an endpoint into the Asset data store, you can enable filtering and reporting on information such as department, cost center, building, and location.

The AWS, Azure, Google Chromebook, Google Cloud and Intune sources are currently beta features.

Asset reconciliation

Asset reconciliation compares assets in the source with existing Tanium-managed assets during the import process. If two assets have matching keys, the assets are merged and the asset is deleted from the source. Only custom attributes are reconciled. Attributes associated with Tanium sensors are not overwritten. These keys are matched to identify an asset for reconciliation:

Source Key used to match for reconciliation
AWS cloud_instance_id
Azure cloud_instance_id
Google Cloud cloud_instance_id
Import API Selected when you create the source: computer_id, computer_name, serial_number, cloud_instance_id, system_uuid
Intune computer_name and serial_number

Reconciliation is not supported for Google Chromebook sources because the Tanium Client cannot be installed on Chromebooks.

Configure the Tanium source

The Tanium source is configured by default, and you cannot delete the Tanium source.

  1. From the Asset menu, go to Inventory Management > Sources.
  2. For the Tanium source, click Edit .
  3. Configure the log level settings for the Asset import process.
  4. Configure the schedule. The schedule determines how often asset data is imported from the Tanium live dataTanium Data Service into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  5. Click Update to save your changes.

What to do next

Add attributes from Tanium sensors into Asset. See Configuring attributes.

Enable custom sources

Enable custom sources in the Asset settings.

  1. From the Asset Overview page, click Settings .
  2. On the Advanced tab, select to enable Custom Sources.
  3. Click Save.

On the Sources page, AWS, Azure, Google Chromebooks, Google Cloud, Import API and Intune are now available as options in the Create Source dropdown menu.

On the Sources page, Import API is now available as an option in the Create Source dropdown menu.

Create an AWS source

Create an AWS source to pull data from an AWS EC2 instance into Asset on a schedule. Fields in the AWS source automatically map to the corresponding fields in the Asset database:

Field in the AWS Source Field mapped to in Asset database
InstanceId cloud_instance_id
ImageId image_id
State.Name instance_state
InstanceType instance_type
Placement.AvailabilityZone zone
PrivateDnsName computer_name
PrivateIpAddress ip_address
PlatformDetails os_platform

Before you begin

Enable custom sources

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create an AWS Access Key and IAM role

Create the AWS source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > AWS.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the Access Key ID field, specify the AWS access key ID part of the access key that you created.
  6. In the Secret Access Key field, specify the AWS secret access key part of the access key that you created.
  7. In the Assume IAM Role field, specify the IAM role that you created to use for the connection.
  8. (Optional) Select This account is an AWS Organization if you want this source to span your entire AWS organization, rather than individual accounts. If you select this option, specify the Role to assume on child accounts.
  9. Click Verify Connection to confirm that the connection is valid.
  10. (Optional) Enable reconciliation if you want to merge assets in this source with matching Tanium-managed assets during the import process. For more information, see Asset reconciliation.
  11. Configure the schedule. The schedule determines how often asset data is imported from the AWS data into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  12. Click Create to save your changes.

Create an Azure source

Create an Azure source to pull data into Asset on a schedule. Fields in the Azure source automatically map to the corresponding fields in the Asset database:

Field in the Azure Source Field mapped to in Asset database
properties.vmId cloud_instance_id
location location
properties.osProfile.computerName computer_name
properties.storageProfile.osDisk.osType os_platform
properties.hardwareProfile.vmSize model
extraSku.capabilities.vCPUs number_of_logical_processor
extraSku.capabilities.MemoryGB ram
extraSubscription.subscriptionId subscription_id
extraSubscription.displayName subscription_name

Before you begin

Enable custom sources

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create an Azure client ID and secret

In the Microsoft Azure portal, create an application registration. Note the associated Application (client) ID and add a client secret to use for authentication. Add the Reader role to the service principal object that was created when you registered the application.

For more information, see the following articles:

Create the Azure source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > Azure.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the Client Id field, specify the Azure client ID that you created.
  6. In the Tenant ID field, specify your Entra ID tenant ID.

    For steps to find your tenant ID, see Microsoft Azure documentation: Find your Azure AD tenant.

    Microsoft Entra ID was previously known as Microsoft Azure Active Directory or Microsoft Azure AD.

  7. Provide the Client Secret that you generated in the Microsoft Azure Portal.
  8. Click Verify Connection to confirm that the connection is valid.
  9. (Optional) Enable reconciliation if you want to merge assets in this source with matching Tanium-managed assets during the import process. For more information, see Asset reconciliation.
  10. Configure the schedule. The schedule determines how often to import asset data from the Azure source into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  11. Click Create to save your changes.

Create a database source

Enrich Asset inventory data with information from an external database. For example, you might have a database that has department or location information that you want to associate with the computers you are already tracking in Asset. To import this data, map columns from your SQL database to the Asset database.

When the data import runs, each row of your import table is evaluated against the data that is already in Asset. For example, if you create a mapping for your computer ID in the import table, that ID gets matched to the Computer ID column in Asset. If a match is found, the attributes that you configure to get imported from your source table are inserted into Asset. If you map an import column that has duplicate values in the table, only the last value is stored in Asset after the load has completed.

If you use column types (like nchar) that pad values with spaces, your identity mappings on the database source might not work correctly. For example, a computer name like win1 might come through as win1       (with six spaces after it). These values do not match a value win1 in Asset.

  1. From the Asset menu, go to Inventory Management > Sources.
  2. Click Create Source > External Database.
  3. Configure source settings. Enter a name for the data source and the server name.
  4. (Optional) If your database server has Transport Layer Security (TLS) configured, select Use TLS and click Verify Certificate. To establish trust on first use (TOFU), review the certificate details and click Verify.
    For more information about enabling TLS on SQL Server, see Microsoft SQL Docs: Enable Encrypted Connections to the Database Engine.
  5. Enter the user name and password for the database connection.
  6. Choose the database and schema. Click Get Schemas. Asset connects to the database and gets the database and schema information.
  7. Configure source mappings. Source mappings uniquely identify the assets in your source data and define how the columns in your source table relate to the Asset database. For an attribute to be available as a reference for mapping, it must only return a single row of value. You can add multiple source mappings from your database source. All the mappings must match for the data to be imported into the Asset database.
    1. Click Add Mapping. Choose a source table.
    2. Create identification rules. The columns associated with the selected source table are loaded into the Source Columns field.
    3. Choose a destination attribute. Choose a column in the Asset database. You can create multiple identification rules as necessary.
  8. Configure the import schedule. The schedule determines how often asset data is imported from the external database into the Asset database. You can create a standard interval or a cron schedule.

    For more information about the cron syntax, see Reference: Cron syntax.

  9. Click Create.

If you want to modify the source, go to Inventory Management > Sources. Click Edit . You must enter the credentials for your SQL server again before you can modify the source mappings.

A maximum of 20,000 asset updates are performed for each 100 database source records during the load process. You might need to run an import several times to update all the data.

What to do next

Add the attributes from your import table into Asset. See Configuring attributes.

Create a Google Chromebook source

Create a Google Chromebook source to pull data into Asset on a schedule. Fields in the Google Chromebook source automatically map to the corresponding fields in the Asset database:

Field in the Google Chromebook Source Field mapped to in Asset database
serialNumber serial_number
serialNumber computer_name
deviceId system_uuid
deviceId computer_id
osVersion os_version
orgUnitPath org_unit_path
model manufacturer
model model
systemRamTotal ram
lastKnownNetwork.ipAddress ip_address
recentUsers[0].email user_name
cpuInfo.maxClockSpeedKhz cpu_speed
cpuInfo.logicalCpus number_of_logical_processor
diskVolumeReports[0].volumeInfo[0].storageTotal disk_total_space
activeTimeRanges[-1].date last_usage
lastSync last_sync
autoUpdateExpiration auto_update_expiration

Before you begin

Enable custom sources

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create a Google Cloud service account to use for authentication

Complete these steps to create a Google Cloud service account to use for authentication: Google Cloud documentation: Creating a service account.

For details about Google Cloud service accounts, see Google Cloud documentation: Understanding service accounts.

Create the Google Chromebook source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > Google Chromebooks.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the Client Email field, specify the email address associated with the Google Cloud service account that you created.
  6. In the Subject field, specify the email address for the Google account to impersonate when making the request.

    For more information, see Google Identity documentation: Preparing to make an authorized API call (HTTP/REST tab).

  7. Provide the Private Key that you generated for the Google Cloud service account.
  8. Click Verify Connection to confirm that the connection is valid.

    If the test fails, use the Google API Console to confirm that the credentials that you provided are valid. For more information, see Google Cloud documentation: Creating a service account.

  9. Configure the schedule. The schedule determines how often asset data is imported from the source into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  10. Click Create to save your changes.

Create a Google Cloud source

Create a Google Cloud source to pull data into Asset on a schedule. Fields in the Google Cloud source automatically map to the corresponding fields in the Asset database:

Field in the Google Cloud Source Field mapped to in Asset database
name computer_name
id cloud_instance_id
disks.initializeParams.diskSizeGb disk_total_space
networkInterfaces.networkIP ip_address
zone zone
extraMachineType.guestCpus number_of_logical_processor
extraMachineType.memoryMb ram
extraProject.projectId project_id
extraProject.name project_name

Before you begin

Enable custom sources

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create a Google Cloud service account to use for authentication

Complete these steps to create a Google Cloud service account to use for authentication: Google Cloud documentation: Creating a service account.

For details about Google Cloud service accounts, see Google Cloud documentation: Understanding service accounts.

Create the Google Cloud source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > Google Cloud.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the Client Email field, specify the email address associated with the Google Cloud service account that you created.
  6. In the Subject field, specify the email address for the Google account to impersonate when making the request.

    For more information, see Google Identity documentation: Preparing to make an authorized API call (HTTP/REST tab).

  7. Provide the Private Key that you generated for the Google Cloud service account.
  8. Click Verify Connection to confirm that the connection is valid.

    If the test fails, use the Google API Console to confirm that the credentials that you provided are valid. For more information, see Google Cloud documentation: Creating a service account.

  9. (Optional) Enable reconciliation if you want to merge assets in this source with matching Tanium-managed assets during the import process. For more information, see Asset reconciliation.
  10. Configure the schedule. The schedule determines how often asset data is imported from Google Cloud into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  11. Click Create to save your changes.

Create an Import API source

When you create an Import API source, data is pushed to Asset using the Tanium API Gateway, rather than Asset periodically pulling data from a source. For more information on API Gateway, see API Gateway User Guide: Overview.

Before you begin

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create the Import API source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > Import API.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the code editor in the Field Mappings section, specify how you want to map data in the Import API source to Asset data. In these mappings, the source corresponds to the field that you provided in your JSON data and the destination corresponds to a field in the Asset database.

    A default mapping is provided as an example, but you must update that mapping to correspond to your environment. For more information about customizing the mapping, see Reference: Import API source field mappings.

  6. (Optional) Enable reconciliation if you want to merge assets in this source with matching Tanium-managed assets during the import process. For more information, see Asset reconciliation.
    1. Select the keys to match for reconciliation: computer_id, computer_name, serial_number, cloud_instance_id, system_uuid. The selected keys must be defined in the field mappings for the source.
  7. Configure the schedule. The schedule determines how often asset data is imported from the source into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  8. Click Create to save your changes.

    If you added any attributes in the field mappings that do not currently exist in the Asset database, you are prompted to confirm them before the attributes are automatically created in the database.

Example workflow

The following example represents a typical workflow using an Import API source:

  1. Enable custom sources in Asset. For more information, see Enable custom sources.
  2. Create an Import API source in Asset.
  3. Pass the JSON data with the assets that you want to push to Asset using an API Gateway mutation request. For more information, see Reference: API Gateway examples for Asset.
  4. Verify the results by checking Asset to confirm that the assets are available. For more information, see Building reports.

Create an Intune source

Create an Intune source to pull data into Asset on a schedule. Fields in the Intune source automatically map to the corresponding fields in the Asset database:

Field in the Intune Source Field mapped to in Asset database
serialNumber serial_number
id system_uuid
deviceName computer_name
operatingSystem operating_system
osVersion os_version
totalStorageSpaceInBytes disk_space_total
userPrincipalName user_name
emailAddress email
model model
manufacturer manufacturer
phoneNumber phone_number

Before you begin

Enable custom sources

Enable custom sources in the Asset settings. For detailed steps, see Enable custom sources.

Create an Azure client ID and secret

In the Microsoft Azure portal, create an application registration. Note the associated Application (client) ID and add a client secret to use for authentication. Add the Reader role to the service principal object that was created when you registered the application.

For more information, see the following articles:

Create the Intune source

  1. From the Asset menu, click Inventory Management > Sources.
  2. Click Create Source > Intune.
  3. Specify a Name for the source.
  4. Set the Log Level.
  5. In the Client Id field, specify the Azure client ID that you created.
  6. In the Tenant ID field, specify your Entra ID tenant ID.

    For steps to find your tenant ID, see Microsoft Azure documentation: Find your Azure AD tenant.

  7. Provide the Client Secret that you generated in the Microsoft Azure Portal.
  8. Click Verify Connection to confirm that the connection is valid.
  9. (Optional) Enable reconciliation if you want to merge assets in this source with matching Tanium-managed assets during the import process. For more information, see Asset reconciliation.
  10. Configure the schedule. The schedule determines how often asset data is imported from the Intune data into the Asset database. This database provides data for offline assets. You can create a standard interval or a cron schedule. For example, you might create one of the following intervals based on your environment size:
    • Less than 50,000 devices: every 1-2 hours.
    • Less than 250,000 devices: every 4 hours.
    • Greater than 500,000 devices: contact Tanium Support to configure the import schedule. For more information, see Contact Tanium Support.

    For more information about the cron syntax, see Reference: Cron syntax.

  11. Click Create to save your changes.

Disable sources

Data imports for a source run on a configured schedule by default. You can disable this schedule to resolve issues or to run the import manually.

  1. From the Asset menu, go to Inventory Management > Schedules.
  2. Hover over the import schedule for the source that you want to disable and click Edit .
  3. Clear the Run this connection on a defined schedule setting, and then click Update.
  4. If you want to manually run an import, go to the Inventory Management > Schedules page. Hover over the import schedule and click Run Now.