Reference: API Gateway examples for Benchmark
For additional API Gateway example syntax, see Tanium API Gateway User Guide: Reference: Filter syntax and Tanium API Gateway User Guide: Reference: API Gateway examples.
Benchmark examples
The following queries retrieve endpoints and use Benchmark to also retrieve related risk overview or risk vector information.
Certain risk vector queries require additional Tanium solutions. For more information, see Solution dependencies.
Get endpoints with Benchmark overview information (query.endpoints.edges.node.risk)
Get endpoint Benchmark overview information
The following query retrieves the first endpoint and associated Benchmark overview information.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
query endpointBenchmarkOverview($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
riskLevel
assetCriticality
criticalityScore
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "example-endpoint",
"ipAddress": "198.51.100.10",
"risk": {
"totalScore": 208.06799999999998,
"riskLevel": "Low",
"assetCriticality": "Low",
"criticalityScore": 1
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with Administrative Access risk vector information (query.endpoints.edges.node.risk.vectors.administrativeAccess)
Get endpoint Administrative Access risk vector information
The following query retrieves the first endpoint and associated Administrative Access risk vector information.
This query also requires Impact.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
query endpointBenchmarkAdminAccess($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
administrativeAccess {
direct
impactRating
impactRatingScore
inbound
indirect
outbound
score
sessions
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "example-admin",
"ipAddress": "192.0.2.10",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"administrativeAccess": {
"direct": 0,
"impactRating": "Low",
"impactRatingScore": 4,
"inbound": 0,
"indirect": 0,
"outbound": 1,
"score": 0,
"sessions": 1
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with Expired Certificates risk vector information (query.endpoints.edges.node.risk.vectors.expiredCertificates)
Get endpoint Expired Certificates risk vector information
The following query retrieves the first endpoint and associated Expired Certificates risk vector information.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
query endpointBenchmarkExpiredCerts($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
expiredCertificates {
certificatesCount
ports
score
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "endpoint-expired",
"ipAddress": "192.0.2.20",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"expiredCertificates": {
"certificatesCount": 1,
"ports": "443",
"score": 420
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with Insecure SSL/TLS risk vector information (query.endpoints.edges.node.risk.vectors.insecureTLS)
Get endpoint Insecure SSL/TLS risk vector information
The following query retrieves the first endpoint and associated Insecure SSL/TLS risk vector information.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
query endpointBenchmarkInsecureTLS($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
insecureTLS {
ports
protocols
score
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "endpoint-insecure",
"ipAddress": "192.0.2.30",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"insecureTLS": {
"ports": "3389",
"protocols": "TLS 1.0, TLS 1.1",
"score": 440
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with Password Identification risk vector information (query.endpoints.edges.node.risk.vectors.passwordIdentification)
Get endpoint Password Identification risk vector information
The following query retrieves the first endpoint and associated Password Identification risk vector information.
This query also requires Reveal.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
query endpointBenchmarkPWIdent($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
passwordIdentification {
filesConfirmed
score
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "endpoint-pw",
"ipAddress": "192.0.2.40",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"passwordIdentification": {
"filesConfirmed": "6",
"score": 830
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with System Compliance risk vector information (query.endpoints.edges.node.risk.vectors.compliance)
Get endpoint System Compliance risk vector information
The following query retrieves the first endpoint and associated System Compliance risk vector information.
This query also requires Comply.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
query endpointBenchmarkCompliance($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
compliance {
complianceFailCount
score
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "endpoint-compliance",
"ipAddress": "192.0.2.50",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"compliance": {
"complianceFailCount": 669,
"score": 333.06
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Get endpoints with System Vulnerability risk vector information (query.endpoints.edges.node.risk.vectors.systemVulnerability)
Get endpoint System Vulnerability risk vector information
The following query retrieves the first endpoint and associated System Vulnerability risk vector information.
This query also requires Comply.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
query endpointBenchmarkVulnerability($first: Int) {
endpoints(first: $first) {
edges {
node {
name
ipAddress
risk {
totalScore
vectors {
systemVulnerability {
cveCount
score
}
}
}
}
}
pageInfo {
startCursor
endCursor
hasPreviousPage
hasNextPage
}
}
}
Include a variable for the number of endpoints to return in the QUERY VARIABLES panel or in your variables dictionary:
1
2
3
{
"first": 1
}
Example response:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"data": {
"endpoints": {
"edges": [
{
"node": {
"name": "endpoint-vuln",
"ipAddress": "192.0.2.60",
"risk": {
"totalScore": 208.06799999999998,
"vectors": {
"systemVulnerability": {
"cveCount": 14,
"score": 353.64
}
}
}
}
}
],
"pageInfo": {
"startCursor": "NTc2NTM4MDow",
"endCursor": "NTc2NTM4MDoxOQ==",
"hasPreviousPage": false,
"hasNextPage": true
}
}
}
}
Last updated: 9/21/2023 12:21 PM | Feedback