Tanium™ Asset User Guide

Version 1.5.2

November 06, 2018

The information in this document is subject to change without notice. Further, the information
provided in this document is provided “as is” and is believed to be accurate, but is presented
without any warranty of any kind, express or implied, except as provided in Tanium’s
customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no
liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect,
special, consequential, or incidental damages, including without limitation, lost profits or loss
or damage to data arising out of the use or inability to use this document, even if Tanium Inc.
has been advised of the possibility of such damages. 

Any IP addresses used in this document are not intended to be actual addresses. Any
examples, command display output, network topology diagrams, and other figures included in
this document are shown for illustrative purposes only. Any use of actual IP addresses in
illustrative content is unintentional and coincidental. 

Please visit https://docs.tanium.com for the most current Tanium product documentation. 

Tanium is a trademark of Tanium, Inc. in the U.S. and other countries. Third-party trademarks
mentioned are the property of their respective owners. 

© 2018 Tanium Inc. All rights reserved.

© 2018 Tanium Inc. All Rights Reserved Page 2

Table of contents
Asset overview 8

Sources 8

Online and offline asset data aggregation 8

Predefined reports 8

Report drilldown 9

Custom reports 9

Views 9

Data export 9

ServiceNow CMDB 9

Tanium™ Connect 9

Flexera 9

Getting started 11

Asset requirements 12

Tanium dependencies 12

Tanium™ Module Server 12

Disk space 12

Third-party software 13

Host and network security requirements 13

Ports 13

Internet URLs 13

User role requirements 14

Tanium 7.0 14

Tanium 7.1 or later 14

© 2018 Tanium Inc. All Rights Reserved Page 3

 Installing Asset 17

Before you begin 17

Import Asset 17

Verify installation 17

Configure Asset service account 17

(Windows) Modify Asset service account 18

Configure Asset service account and import process 18

Enable collection of Active Directory (AD) information 19

Upgrade the Asset version 19

What to do next 20

Building reports 21

Work with existing reports 21

View reports 21

Filter report 22

Create a report 23

Specify general report information 23

Select columns 24

Define default filter 25

Finish report 25

Delete report 25

Delete assets 25

Configuring sources 27

Configure Tanium source 27

What to do next 28

Configure database source 28

© 2018 Tanium Inc. All Rights Reserved Page 4

 What to do next 29

Configuring attributes 30

Asset solution content 30

View and edit default asset attributes 30

Configure additional Tanium attributes 31

Configure external attributes 32

Before you begin 32

Add external attributes 32

Schedule and run Asset data imports 34

View schedule and run import 34

View imports 35

Set user permissions on attributes 35

Configuring views 37

Create views 37

Reserved views 38

Export data from views 38

Exporting data to destinations 39

CSV file 39

Tanium Connect 39

Before you begin 39

Create a connection 39

Asset Reports 39

Asset Computers 39

COMPATIBILITY 41

Examples 41

© 2018 Tanium Inc. All Rights Reserved Page 5

 Example: Enhanced JSON 42

Example: Flattened JSON 42

ServiceNow CMDB 42

Before you begin 42

Prepare ServiceNow to receive Tanium data 43

Add ServiceNow as a destination 43

(Optional) Edit views for ServiceNow 44

Exclude Computers from exported ServiceNow Data 44

(Optional) Edit ServiceNow export mappings 45

Run export 45

Check data in ServiceNow 45

Flexera FlexNet Manager Suite 46

Before you begin 46

Add Flexera destination 47

Configure dates in Flexera connections 48

Configure Flexera to receive data from Tanium Asset 48

(Optional) Enable file evidence content 48

Troubleshooting Asset 50

Collect logs 50

Update service account log level 50

Troubleshoot asset data exports and imports 51

View status of imports and exports 51

View import and export logs 51

Remove unneeded data from the Asset database 52

Uninstall Asset 52

© 2018 Tanium Inc. All Rights Reserved Page 6

 Reference: Cron syntax 53

© 2018 Tanium Inc. All Rights Reserved Page 7

Asset overview
With Asset, you can get a complete and up-to-date view of your enterprise inventory by
aggregating live asset data with the most recent data from offline assets.

You can build reports to show an overview of all your assets, or you can drill down into
specific computers or users.

Sources
Asset uses saved questions in Tanium to get information about your endpoints to populate
the Asset database. These saved questions are run on a schedule to regularly update the
database.

In addition to pulling endpoint information from Tanium, you can import data from an
external database by defining a database source, and configuring mappings on where to
add the data in the Asset database.

You can augment Asset inventory data with external data from a SQL Server database. By
importing data that is typically not available on an endpoint into the Asset data store, you
can enable filtering and reporting on information such as department, cost center,
building, and location.

Online and offline asset data aggregation

Asset aggregates data from both online and offline assets into one complete reporting data
set. This data is populated from saved questions that are scheduled on a frequent basis. All
devices that have answered Tanium Asset questions are visible in Asset reports.

Predefined reports
Asset comes with a set of predefined reports to help you prepare for audit and inventory
activities.

l All Assets
l Physical Machine Summary
l Virtual Machine Summary
l Platform Summary
l All Users
l All Software

© 2018 Tanium Inc. All Rights Reserved Page 8

 l All Microsoft Software
l All Adobe Software

Report drilldown
If you create a summary report, you can drill down on the computer count and see a
filtered list of computer details, which includes the software and hardware information
about the asset.

Custom reports
You can build custom reports that are based on any existing report. You can also create
your own reports from existing Tanium sensor data or custom content. You might choose
to create custom reports to show assets by department, location, user group, or other
attributes.

Views
Use views to build an alternative perspective of the Asset data. Views specify available
attributes and can filter the included data. You can export data from a view to Tanium
Connect.

Data export
ServiceNow CMDB
Asset data can enrich the inventory data in ServiceNow CMDB, ensuring that it has up-to-
date information. With Asset, you can define the server, attribute mappings, and schedule
for data to be exported.

Tanium™ Connect
You can use any predefined reports, custom reports, or views as a connection source and
send to destinations such as Email, File, HTTP, Socket Receiver, Splunk, and SQL Server.

Flexera
With the Flexera integration, you can use the existing Tanium Client to populate
information in Flexera FlexNet Manager Suite (FNMS).

This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties
(“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all

© 2018 Tanium Inc. All Rights Reserved Page 9

warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to
or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.

Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither
Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium,
are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party
intellectual property rights.

© 2018 Tanium Inc. All Rights Reserved Page 10

Getting started
1. Install Tanium Asset and configure the service account and import schedule. See
Installing Asset on page 17.
2. Use built-in reports to view information about your assets or create custom reports
to display information. See Building reports on page 21.
3. (Optional) Add Asset attributes, which can include information from other sensors in
Tanium or from external data sources. After an attribute is added, you can include
that attribute in your reports. No configuration is required for the default sensors
that are included in Asset. See Configuring attributes on page 30.
4. Assign user access to asset information based on specific attributes. For example,
you might want to assign a user group access to view data about Windows assets
only. See Set user permissions on attributes on page 35.
5. Import data into Asset. See Configuring sources on page 27.
6. Export Asset data. See Exporting data to destinations on page 39.

© 2018 Tanium Inc. All Rights Reserved Page 11

Asset requirements
Review the requirements before you install and use Asset.

Tanium dependencies
In addition to a license for the Asset product module, make sure that your environment
also meets the following requirements.

Component Requirement

Platform l 7.0.314.6319 or later

l 7.1.314.3071 or later
l 7.2.314.2831 or later
l TanOS 1.2.0 or later

Tanium (Optional) Asset includes all of the content it needs for

Content base functionality. You can import additional content
or sensors into Asset after installation.

Tanium 6.0.314.1540 or later recommended

Client

Tanium (Optional) To create connections with Asset reports as

Connect a data source, use Connect 4.3 or later.

Tanium Index (Optional) To create Flexera reports with File evidence

data enabled.

Tanium™ Module Server

Asset runs as a service on the Tanium Module Server.

Disk space
Asset requires disk storage capacity necessary to support the number of endpoints in your
environment. For planning purposes, use 100 MB per 1000 endpoints, for example: 

l 5,000 endpoints: 500 MB

l 50,000 endpoints: 5 GB
l 100,000 endpoints: 10 GB

© 2018 Tanium Inc. All Rights Reserved Page 12

 l 250,000 endpoints: 25 GB
l 500,000 endpoints: consult your Technical Account Manager

Usage might vary significantly based on the following variables: the number of endpoints,
the number of applications, the number of users, if file evidence data is enabled, and most
importantly the attributes that you add on the Inventory Management > Attributes page.
These suggested sizes are considered a good estimate for most environments.

Third-party software
The following third-party software is optional for exporting data from Asset: 

l For the ServiceNow CMDB connector, the Jakarta release or later is required.
l For Flexera integration, you must have an SQL database that can be configured to
receive data from Asset. Ask your TAM for more information.

Host and network security requirements

Specific ports and processes are needed to run Asset.

Ports
The following ports are required for Asset communication.

Component Port Direction Purpose

Module Server 443 Outbound Access to your ServiceNow instance

Internet URLs
If security software is deployed in the environment to monitor and block unknown URLS,
your security administrator might need to add the following URLs to the whitelist.

l ServiceNow instance (yourcompany.service-now.com)

© 2018 Tanium Inc. All Rights Reserved Page 13

User role requirements
Tanium 7.0
Table 1: Asset user role privileges for Tanium 7.0
Asset Privilege Read Question Content
Only Author or Administrator or
User higher higher

View reports and views

Create, edit, delete custom reports and 1

views

Edit sources, destinations, service settings

Create, edit or delete Flexera destination

1 For owned reports and views only

Tanium 7.1 or later

Table 2: Asset user role privileges for Tanium 7.1.314.3071 or later
Privilege Asset Administrator Asset Asset Report
User Reader

1 1 1
Show Asset

View Asset workbench

1 1
Asset Report Read

View reports and views

2
Asset Report Write

Create, edit, and delete reports and

views

© 2018 Tanium Inc. All Rights Reserved Page 14

Privilege Asset Administrator Asset Asset Report
User Reader

Asset Configuration Item Write

Configure all aspects of Asset (service

settings, schedules, attributes,
destinations)

1 Denotes a provided permission

2 For owned reports and views only

Table 3: Provided Asset Advanced user role permissions for Tanium 7.1.314.3071 or
later
Permission Content Set for Asset Asset Asset Report
Permission Administrator User Reader

Ask Dynamic Questions

Read Sensor Asset

Read Sensor Reserved

Write Action Asset

Write Action for Saved Asset

Question

Read Saved Question Asset

Write Saved Question Asset

Table 4: Optional roles for Asset

Role Enables

Connect Administrator (prior to Create, edit, or delete a Flexera destination

Connect 4.8 only)

Connect User (Connect 4.8 and later) Create, edit, or delete a Flexera destination

© 2018 Tanium Inc. All Rights Reserved Page 15

Role Enables

Tanium Administrator Create scheduled actions for the file evidence content for
Flexera destinations

© 2018 Tanium Inc. All Rights Reserved Page 16

Installing Asset
You can install Asset from the Tanium Solutions page.

Before you begin

l Read the release notes.
l Review the Asset requirements on page 12.

Import Asset
Import Asset from the Tanium Solutions page.

1. From the Main menu, click Tanium Solutions.

2. Under Tanium Asset, click Import.

Note: Tanium Asset is a licensed solution. If Tanium Asset is not on the Tanium
Solutions page, contact your Technical Account Manager.

3. Initiate the import.

l For platform version 7.0, click Proceed with Import.

l For platform version 7.1.314.3071 and later, enable Include content set
overwrite and click Proceed with Import.
For more information, see Tanium Core Platform User Guide: Align content for
modules.
4. After the installation process completes, refresh your browser.
5. From the Main menu, click Asset. The Asset home page is displayed.

Verify installation
To verify that Asset is installed, go to the Tanium Solutions page and check the installed
version. To check the installed version on the Asset home page, click Info .

Configure Asset service account

If you are using Tanium Server 7.0, you can use a Content Administrator user for the
service account.

© 2018 Tanium Inc. All Rights Reserved Page 17

If you are using Tanium Server 7.1 or later, you must use an Administrator user for the
service account.

(Windows) Modify Asset service account

Update the Asset service to use a Windows administrator user. By default, the Asset service
runs as Local System.

1. In your Tanium Module Server machine, open the Services panel. Go to Control
Panel > Administrative Tools > Services.
2. Right click the Tanium Asset service, and select Properties.
3. In the Log On tab, specify the user with Administrator credentials that you want to
use to run the service.
4. Stop and restart the service to complete the update.

Configure Asset service account and import process

Configure the service account and Asset import process in Asset. The service account runs
background processes.

1. From the Asset menu, go to Inventory Management > Sources.

2. For the Tanium source, click Edit .
3. Add the user name and password for the service account. You can also disable and
change the log level settings for the Asset import process.
4. Configure the asset data import schedule. The data import schedule determines how
often asset data is imported from the Tanium live data into the asset database.

This database provides data for offline assets. You can create a standard interval or

© 2018 Tanium Inc. All Rights Reserved Page 18

 a Cron schedule. For example, you might create one of the following intervals based
on your environment size:
l Less than 50,000 devices: every 1-2 hours

l Less than 250,000 devices: every 4 hours

l Greater than 500,00 devices: consult your TAM to configure the import schedule
For more information about the Cron syntax, see Reference: Cron syntax on page 53.

Enable collection of Active Directory (AD) information

(Optional) To gather user data from Windows endpoints, including Full Name, Email,
Phone, Department, and Location, enable the Asset Deploy Collect Active Directory Info
scheduled action.

1. From the Asset home page, click Settings .In the Advanced Settings tab, click
Create Scheduled Actions.
2. From the Main menu, go to Actions > Scheduled Actions.
3. Edit the Tanium Asset action group to include the computer group for which you
want to collect this information. By default, the Computer Group Targets setting is
set to No Computers. After you select a computer group, Asset further targets this
group to include Windows systems only.
4. The Asset Deploy Collect Active Directory Info action is listed in the action group.
You can configure this action to run the collection routine every few hours.

The Asset Deploy Collect Active Directory Info action gets recent sign ins and the primary
user of each system. A primary user has the most interactive sign ins the past 30 days. For
Mac and Linux endpoints, you do not need to deploy any actions to get this information.

Upgrade the Asset version

Upgrade Asset to the latest version from the Solutions page.

1. From the Main menu, click Tanium Solutions.

2. Locate Asset and click Upgrade to X.X.X.XX.
3. Click OK.
The Import Solution window opens with a list of all the changes and import options.
4. Click Proceed with Import and enter your password.
The Tanium Asset installation and configuration process begins.
5. To confirm the upgrade, return to the Tanium Solutions page and check the

© 2018 Tanium Inc. All Rights Reserved Page 19

 Installed: X.X.X.XX version for Asset.

Tip: If the Asset version is not updated, refresh your browser window.

What to do next
See Getting started on page 11 for more information about using Asset.

© 2018 Tanium Inc. All Rights Reserved Page 20

Building reports
You can build reports based on the existing built-in reports, or you can build your own
reports from any sensor information that Tanium provides.

Work with existing reports

View reports
1. From the Asset menu, click Reports. All built-in and custom reports are displayed on
this page. To view a report, click the report name.
2. If you are viewing a summary report, you can drill down into the data in a report by
clicking links in the report data grid.

© 2018 Tanium Inc. All Rights Reserved Page 21

 For example, in the All Users report, you can click the user name to view information
about that user and their associated assets.
3. In the detail report, you can see more information about the selected asset.

Filter report
You can perform live filtering on any report. Any filtering that you modify while you are
viewing a report is not saved in the report. If you want to create persistent filters, edit the
report and modify the filters in the report settings.

© 2018 Tanium Inc. All Rights Reserved Page 22

 1. In a report, expand the Filters section. If the report contains a filter, that filter is
already listed.
2. Add filters. Click Add > Add Row to create a filter rule that is at the same level as
the selected rule. When you create the rule, you can choose whether the filter applies
AND or OR operators with the other filters at that level. To create nested groups of
filters, click Add > Add Row. When you are done editing the filter, click Refresh
Report.

3. View filter details. Click Expand to view a JSON representation of the rule, which
can be helpful to evaluate complex filtering.
4. Update the report data. Click Refresh Report to refresh the report based on the
filters.

Create a report
You can create a report from an existing report, or you can create a new custom report: 

l In an existing report, click Create Copy to create a copy of the report, and then
modify any details as needed.
l From the Reports page, click Create Custom Report.

Specify general report information

1. Give your report a name and description to help you remember the purpose of the
report later. The report name must be unique among all reports in Asset, including
reports created by other users.
2. If you select Summary Report, the data is grouped into rows an associated count
that you can click to view more details.

© 2018 Tanium Inc. All Rights Reserved Page 23

 For example, if you create a report that lists SQL installations, with this option
enabled, you get a result that lists a count of the computers that have each SQL
version. You can then click the count to view the list of computers with that particular
software installed.

Select columns
The columns that are available to include in your reports come from the asset sources that
you define. To define sources, click Inventory Management > Sources in the Asset menu.

1. In the Add Columns section, select the data that you want to include in your report.
You can search for the column that you want to use, or expand and collapse the data
categories to find which columns you want to include.

© 2018 Tanium Inc. All Rights Reserved Page 24

 2. Specify the order that you want your data to display. In the Order and Configure
Columns section, click and drag the column names to arrange them in the order you
want them from left to right in the resulting report. If you do not want the column to
show up in the report but want the data to be available for filtering, change the Show
value to Hide.

Define default filter

You can create a filter that is always applied when the report runs. You can create filters on
any of the columns you have configured in the report.

Click Add > Add Row to create a filter rule that is at the same level as the selected rule.
When you create the rule, you can choose whether the filter applies AND or OR operators
with the other filters at that level. To create nested groups of filters, click Add > Add
Row.

When you are done editing the filter, click Refresh Report.

l To copy a filter rule, click Copy .

l To edit a filter rule, click Edit .
l To delete a filter rule, click Delete .

Finish report
To save the report, click Create Report. After the report is created, you can click Edit
Report to modify the columns and default filters.

Delete report
To delete a report, go to the report page and click Delete .

Delete assets
You can remove assets from your asset database that are outdated or that you no longer
want to track.

© 2018 Tanium Inc. All Rights Reserved Page 25

In a report that shows the assets you want to remove, select a single row, or click and drag
to select multiple rows and click Delete selected .

© 2018 Tanium Inc. All Rights Reserved Page 26

Configuring sources
By default, the source data in Asset comes from Tanium, populated from saved questions
that are scheduled on a frequent basis. You can also configure a database as an asset
source.

Configure Tanium source

The Tanium Asset source is configured by default, and you cannot delete the Tanium Asset
source.

1. From the Asset menu, go to Inventory Management > Sources.

2. For the Tanium source, click Edit .
3. Add the user name and password for the service account. You can also disable and
change the log level settings for the Asset import process.
4. Configure the asset data import schedule. The data import schedule determines how
often asset data is imported from the Tanium live data into the asset database.

This database provides data for offline assets. You can create a standard interval or

© 2018 Tanium Inc. All Rights Reserved Page 27

 a Cron schedule. For example, you might create one of the following intervals based
on your environment size:
l Less than 50,000 devices: every 1-2 hours

l Less than 250,000 devices: every 4 hours

l Greater than 500,00 devices: consult your TAM to configure the import schedule
For more information about the Cron syntax, see Reference: Cron syntax on page 53.

What to do next
Add attributes from Tanium sensors into Asset. See Configuring attributes on page 30.

Configure database source

Enrich Asset inventory data with information from an external database. For example, you
might have a database that has information about computers that you want to bring into
Asset. To import this data, map columns from your SQL database to the Asset database.

IMPORTANT: If you use column types (like nchar) that pad values with spaces, your
identity mappings on the database source might not work correctly. For example, a
computer name like win1 might come through as win1       (with six spaces after
it). These values do not match a value win1 in Asset.

1. From the Asset menu, go to Inventory Management > Sources > New Source.

2. Configure source settings. Enter a name for the data source, and the server name and
credentials. Click Get Schemas. Asset connects to the database and gets the database
and schema information. Choose database and schema.
3. Configure source mappings. Source mappings uniquely identify the assets in your
source data, and define how the columns in your source table relate to the Asset
database. You can add multiple source mappings from your database source. All the
mappings must match for the data to be imported into the Asset database.
a. Click Add Source Mappings. Choose a source table.
b. Create identification rules. The columns associated with the selected source
table are loaded into the Source Columns field.
c. Choose a destination attribute. Choose a column in the Asset database. You can
create multiple identification rules as necessary.
d. If you want to remove a source mapping, click Delete . To remove an
identification rule, click Remove .

© 2018 Tanium Inc. All Rights Reserved Page 28

 4. Configure the import schedule. The schedule determines how often asset data is
imported from the external database into the asset database. You can create a
standard interval or a Cron schedule.
For more information about the Cron syntax, see Reference: Cron syntax on page 53.
5. Click Create.

If you want to modify the source, go to Inventory Management > Sources. Click Edit . You
must enter the credentials for your SQL server again before you can modify the source
mappings.

What to do next
Add the attributes from your import table into Asset. See Configuring attributes on page 30.

When the data import runs, each row of your import table is evaluated data that is already
in Asset. For example, if you created a mapping for your computer ID in the import table,
that ID gets matched to the computer ID column in Asset. If a match is found, the attributes
that you configured to get imported from your source table are inserted into Asset. If you
map an import column that has duplicate values in the table, only the last value is stored in
Asset after the load has completed.

© 2018 Tanium Inc. All Rights Reserved Page 29

Configuring attributes
You can configure what attributes that get populated as asset data. These attributes can
come from Tanium or a configured source. These attributes become the columns that you
can include in your reports.

Asset solution content

When you install Asset, solution content is installed. Some of this solution content is
similar to the content packs that got imported when you installed Tanium. In most cases,
the Asset version of the content adds attributes or improves the information beyond the
existing sensor. For example, the Asset CPU sensor includes columns for speed, cores, and
processors, but the CPU sensor from the Initial Content - Hardware content pack contains
one column. The Asset custom content is hidden on the Authoring > Sensors page.

View and edit default asset attributes

By default, Asset imports about 65 common attributes from Tanium sensors. To view the
list of default attributes, go to the Asset menu and click Inventory Management
> Attributes.

© 2018 Tanium Inc. All Rights Reserved Page 30

 l You can sort by Name or Data type. Select the type of sort from the drop-down menu.
l To toggle the sort order, click Toggle Sort Order .
l To filter the list on the selected sort type, type your search in the search box. For
example, if you have Name selected, the search is on the Name field.
l To edit an individual attribute, hover over the attribute name and click Configure .

Configure additional Tanium attributes

You can import attributes from Tanium sensor data. For example, you might choose to
import other critical configuration information from other Tanium products, solutions, or
custom content.

IMPORTANT: Remember that each attribute you add increases the number of saved
questions that are asked during the data import process. Each new attribute also
adds columns and data to the Asset database.

1. From the Asset menu, click Inventory Management > Attributes. Click New Attribute.
2. In the Source field, select Tanium. You can search for and select the sensor from
which you want to add attributes. To view all of the Asset custom content, you can
search for Asset in this sensor list.

© 2018 Tanium Inc. All Rights Reserved Page 31

 From the list of available attributes that display for the sensor, select the attributes
that you want to import.
3.
Click Save and verify that the changes are correct.

IMPORTANT: This step makes changes to the Asset database. Review and verify
carefully.

4. After the database updates are completed, you can see the new attribute in the main
list of attributes in Pending state. The new attribute stays in pending state until the
next time the Asset Import Data Sources job runs, and data gets populated in the
database. To run this job immediately, see View schedule and run import on page 34.
When populated, the attribute displays in Ready state. You can add attributes that
are in Ready state to custom reports.

Configure external attributes

You can also import attributes from an external data source.

Before you begin

If you are importing data into Tanium from an external data source, configure the import
first. Configuring the source defines which database tables to import and how to correlate
the data with the ci_item table in the Asset database. See Configuring sources on page 27.

Add external attributes

1. From the Asset menu, click Inventory Management > Attributes. Click New Attribute.
2. In the Source field, select the data source that you configured. You can search for
and select the column that you want to add as an attribute.
3. From the list of available attributes that display for the source, select the attributes
that you want to import.

© 2018 Tanium Inc. All Rights Reserved Page 32

 Asset automatically converts values in the database based on the following type
mapping: 
SQL data type Asset data type

BIGINT BIGINT

DATE DATEONLY

DATETIME, TIMESTAMP WITH TIME ZONE DATE

BIT, BOOLEAN, TINYINT BOOLEAN

STRING, CHARACTER VARYING (255), VARCHAR (255) STRING

FLOAT, DOUBLE PRECISION FLOAT

INT, INTEGER, SMALLINT INTEGER

CHAR, NCHAR, NVARCHAR, TEXT, VARCHAR TEXT

© 2018 Tanium Inc. All Rights Reserved Page 33

 4.
Click Save and verify that the changes are correct.

IMPORTANT: This step makes changes to the Asset database. Review and verify
carefully.

5. After the database updates are completed, you can see the new attribute in the main
list of attributes in Pending state. The new attribute stays in pending state until the
next time the External database job runs, and data gets populated in the database.
To run this job immediately, see View schedule and run import on page 34. When
populated, the attribute displays in Ready state. You can add attributes that are in
Ready state to custom reports.

Schedule and run Asset data imports

The import asset data schedule determines how often Asset pulls data from Tanium or an
external data source to save in the Asset database. This database is used to provide
information for offline assets.

View schedule and run import

1. From the Asset menu, click Inventory Management > Schedules. In the Asset Import
Data Sources section, the schedule is displayed.

2. Click Run Now to override the schedule and have Asset immediately pull source data
into the Asset database.

© 2018 Tanium Inc. All Rights Reserved Page 34

 3. If you have any attributes that are in Pending state, you can watch the attributes
change to Ready state on the Inventory Management > Attributes page. You can add
attributes that are in Ready state to custom reports.

If you want to change the import schedule, update the asset source. See Configuring
sources on page 27.

View imports
On the Asset home page, you can view a timeline of the recent imports and exports.

The timeline contains each import, with one of the following statuses: 

l : Scheduled
l : Successful
l : Error
l : Running

Set user permissions on attributes

In addition to the Asset user roles that control access to Asset reports and settings as a
whole, you can define more detailed permissions on individual Asset attributes. For
example, you can create permissions that assign a user group permission to access
information about Windows or Mac platform assets only. If a user belongs to multiple user
groups, the permissions for all the user groups are combined with an OR operator.

Before you begin, you must have a user group to which you want to assign the Asset
permissions. See Tanium Core Platform User Guide: Managing user groups. For the users
in this user group to access Asset, they also must have an Asset user role assigned. See
User role requirements on page 14.

1. From the Asset home page, click Settings . Click the User Group Permissions tab.
2. Click Create User Group Permission.
3. Click Add User Groups. Select the user group from the list that you want to assign.

© 2018 Tanium Inc. All Rights Reserved Page 35

 4. Add a Permission Condition. This list of attributes is from the ci_item table of the
Asset database.
For example, to assign the user group permission to view Windows assets only, set to
OS Platform contains Windows.

5. Click Save.

© 2018 Tanium Inc. All Rights Reserved Page 36

Configuring views
With views, you can create an alternative perspective of the Asset database. Views specify
available attributes and can filter the included data.

Create views
You can include fewer attributes than the default view, depending on the use of your view.

1. From the Asset menu, click Inventory Management > Views. Click New View.
2. Give your view a name and description to help you remember the purpose of the view
later. The view name must be unique among all views in Asset, including views
created by other users.
3. Select the attributes that you want to include in your view.

4. (Optional) Add filters to limit the computers that are included in the view. You can
create filters for Asset Details, Asset Installed Applications, Asset Logical Disk, Asset
Network Adapter, Asset Physical Disk, Asset Windows Installer Applications, or any
custom reference attributes that you have added to Asset.
Click Add

© 2018 Tanium Inc. All Rights Reserved Page 37

 > Add Row to create a filter rule that is at the same level as the selected rule. When
you create the rule, you can choose whether the filter applies AND or OR operators
with the other filters at that level. To create nested groups of filters, click Add
> Add Row. Click Expand to view a JSON representation of the rule, which can be
helpful to evaluate complex filtering.
l To copy a filter rule, click Copy .
l To edit a filter rule, click Edit .
l To delete a filter rule, click Delete .
By default, computers are in the view even if the fields in the filter do not have
associated values. If you want to require that results are returned for the fields in the
filter for a row be included in the view, select Must Have for the filter.
5. Click Create View.

Reserved views
Reserved views are read-only. Click View to see the set of fields that are included in the
reserved view. If you want to customize the fields or filters, click Create Copy. Edit and
rename the view.

When you configure Tanium integration with ServiceNow, a reserved view is created. For
more information, see ServiceNow CMDB on page 42.

Export data from views

You can export data from an Asset view by creating a connection in Connect. See Tanium
Connect on page 39.

© 2018 Tanium Inc. All Rights Reserved Page 38

Exporting data to destinations
You can configure Asset to export data to external destinations, such as ServiceNow CMDB.

CSV file
You can copy data from an asset report table to the clipboard and paste the data in an
application that can interpret a CSV file, such as a database. Select the rows that you want
to copy and click Copy to Clipboard . You can then paste the information about the rows
you selected.

To save the entire report as displayed in a CSV file, click Export .

Tanium Connect
To export data from Asset to Connect destinations such as Email, File, HTTP, Socket
Receiver, Splunk, and SQL Server, create a connection.

Before you begin

l You must have access to Connect with Connect User role.
l You must have an Asset report or view from which you want to export data. See
Building reports on page 21 and Configuring views on page 37.

Create a connection
With Connect 4.3 to 4.7, choose Asset Report as the connection source. You can choose a
predefined or custom Asset report as a connection source.

With Connect 4.8 and later, choose Tanium Asset as the connection source. You can
choose from the following types of Asset source: 
ASSET REPORTS

Select any predefined or custom report as the connection source.

ASSET COMPUTERS

Select any view as a connection source and export structured data using an Asset view.

If you do not enable Flatten Results, the entire data set that is retrieved for one computer
is a single record. For example, if you are exporting Installed Applications, a computer has
a single row with the entire list of installed applications in that same record. Any change

© 2018 Tanium Inc. All Rights Reserved Page 39

that is made to this data set shows up in the destination. By enabling the Flatten Results
setting, each installed application for a computer is processed as a single record.

© 2018 Tanium Inc. All Rights Reserved Page 40

With Enhanced JSON, the results contain an array of objects for each reference table,
instead of an array of strings, numbers, or dates for each reference attribute. The
correlation between attributes and destinations can be easier to implement.

l If you enable Enhanced JSON, you must also choose JSON as the format for your
connection.
l To customize the column names, expand the Columns section and click Add or
Modify Columns. Change the display values in the Destination column as needed.
l If you customize the columns, leave the Value Type as Unmodified to get the
expected object output.
COMPATIBILITY

Use the following recommendations for Enhanced JSON and Flatten Results settings for
each format in Connect. If you use an unsupported combination, connection failures might
occur or incorrect data might get written to the destination.

Table 5: Connect destination format compatibility

Format Enhanced JSON Support Recommendation

CEF Use Flatten Results

CSV Use Flatten Results

Delimiter separated Use Flatten Results

Elasticsearch Use Enhanced JSON without

Flatten Results

HTML Use Flatten Results without

Enhanced JSON

JSON Use Enhanced JSON without

Flatten Results

LEEF (Optional) Use Flatten Results

SQL Server (Required) Use Flatten Results

Syslog (Optional) Use Flatten Results

EXAMPLES

Compare the data that is returned from Asset installed applications. View JSON examples

© 2018 Tanium Inc. All Rights Reserved Page 41

EXAMPLE: ENHANCED JSON

{
"Computer Name": "WIN-2012-R2",
"Asset Installed Applications": [{
"name": "Tanium Server 7.2.314.3019",
"version": "7.2.314.3019",
"vendor": "Tanium Inc."
}, {
"name": "Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026",
"version": "14.0.23026.0",
"vendor": "Microsoft Corporation"
}, {
"name": "Microsoft SQL Server 2012 Native Client",
"version": "11.3.6540.0",
"vendor": "Microsoft Corporation"
}]
}

EXAMPLE: FLATTENED JSON

[{
"computer name": "WIN-2012-R2",
"name": "Tanium Server 7.2.314.3019",
"vendor": "Tanium Inc.",
"version": "7.2.314.3019"
}, {
"computer name": "WIN-2012-R2",
"name": "Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026",
"vendor": "Microsoft Corporation",
"version": "14.0.23026.0"
}, {
"computer name": "WIN-2012-R2",
"name": "Microsoft SQL Server 2012 Native Client",
"vendor": "Microsoft Corporation",
"version": "11.3.6540.0"
}]

For more information about creating connections, see Tanium Connect User Guide.

ServiceNow CMDB
Before you begin
l You must be using ServiceNow Jakarta release or later. ServiceNow Software Asset
Management Pro is also supported.

© 2018 Tanium Inc. All Rights Reserved Page 42

 l You must have access to both a test and production instance of your ServiceNow
Enterprise CMDB.
l You must have a service account for ServiceNow that has elevated privileges.

IMPORTANT: Test the data export against a copy of your ServiceNow instance before
you configure Tanium Asset to export all data to your production instance of
ServiceNow. Because the built in identification rules in Service now assume unique
computer names or serial numbers, you might need to add one or more
identification rules to achieve consistent and expected results.

Prepare ServiceNow to receive Tanium data

1. In ServiceNow, add an entry for Tanium as a choice in the discovery_source column
of the ci_item table. Use Tanium as the value in both the Label and Value fields.
2. (Optional) Work with your TAM and ServiceNow administrator to update
identification rules in ServiceNow. Adding identification rules is required if any
endpoints in your environment have duplicate serial numbers or computer names.
For more information about configuring identification rules, see:
l Tanium Support Knowledge Base: Tanium Asset (login required)

l ServiceNow Kingston Documentation: Create or edit a CI identification rule

l ServiceNow Jakarta Documentation: Create or edit a CI identification rule
l ServiceNow London Documentation: Create or edit a CI identification rule

Add ServiceNow as a destination

To enable data to be exported to the ServiceNow CMDB from Asset, enter your ServiceNow
Host URL and credentials.

1. From the Asset menu, click Inventory Management > Destinations.

2. Click New Destination > ServiceNow Destination.
3. Edit the settings, including the ServiceNow Host URL and credentials, log level, view,
and the schedule at which you want the export to occur.

© 2018 Tanium Inc. All Rights Reserved Page 43

 The log level affects the logging in the job/date_time_job#_servicenow_
config#.log files. If you enable Trace level logging on your ServiceNow
configuration, numbered subdirectories, for example job/65, are created that
contain all of the POST and GET requests for that job.
For more information about Cron, see Reference: Cron syntax on page 53.

(Optional) Edit views for ServiceNow

When you create a ServiceNow destination, a reserved view is created. From the Asset
menu, click Views > ServiceNow (reserved). You cannot edit or delete this view, but you
can open the view to see the attributes that are included and create a copy. To modify the
data that is sent to ServiceNow, open the view and click Create Copy.
EXCLUDE COMPUTERS FROM EXPORTED SERVICENOW DATA

The ServiceNow (reserved) view includes all computers. Create a view with filters enabled if
you want to narrow the scope of the export.

© 2018 Tanium Inc. All Rights Reserved Page 44

 1. From the Asset menu, click Views. Next to the ServiceNow (reserved) view, click View
to see the set of fields that are included in the reserved view. Click Create Copy.
2. Edit and rename the copy of the reserved view. Add a filter to limit the computers that
are exported. In this new view, do not select Must Have on any of the filters.
3. From the Asset menu, click Inventory Management > Destinations > ServiceNow_
Destination. Click Edit .
4. In the View section, select the new view that you created.
5. Click Update to save the changes.

(Optional) Edit ServiceNow export mappings

After you create the ServiceNow destination, you can edit the Asset to ServiceNow
mappings.

From the Asset menu, click Inventory Management > Destinations > ServiceNow. Click Edit
. In the ServiceNow Export Mapping section, you can add and edit individual mappings.

Work with your TAM to properly edit the ServiceNow export mappings.

Run export
You can run an export to ServiceNow CMDB outside of the configured schedule. From the
Asset menu, click Inventory Management > Schedules. Under your ServiceNow destination
in the Asset Export Destinations section, click Run Now.

Check data in ServiceNow

After the Status in the schedule says complete, you can check for the data in ServiceNow
CMDB.

© 2018 Tanium Inc. All Rights Reserved Page 45

 1. Log in to your ServiceNow Enterprise CMDB.
2. Search for an asset attribute, such as computer.

3. Check the data that got imported into the table.

Flexera FlexNet Manager Suite

You can use the existing Tanium Client on your endpoints to populate information in
Flexera FlexNet Manager Suite (FNMS). Asset includes content with sensors that are specific
to Flexera, including MS Exchange server, SQL server, Last Logged In, Number of CPU
sockets, Short Domain, and so on. When you create a Flexera destination, you enable this
content and a set of custom reports and views are created that include the results of these
sensors. To send the results of these reports to Flexera, a set of connections in Tanium
Connect are automatically created that connect to the SQL database. Flexera communicates
with this SQL database to populate information.

Before you begin

l You must have access to Connect with Connect User role.
l You must have Connect 4.3.0 or later. With Connect 4.8.0 and later, you can configure

© 2018 Tanium Inc. All Rights Reserved Page 46

 your Flexera connections to use views, which is better for large environments.
l To create scheduled actions for the file evidence content, you must have Tanium
Administrator privileges.
l You must have an SQL database configured that implements the required Flexera
database schema. Contact your TAM for more information about how to set up this
database.

Add Flexera destination

1. From the Asset menu, click Inventory Management > Destinations.
2. Click New Destination > Flexera Destination.
3. Edit the Flexera settings, including URL and credentials for the SQL server, log level,
and the schedule at which you want the export to occur.

Click Get Schemas. When you click this button, a connection is established with the
SQL server that looks for databases that match the basic required schema to export
Asset data. If a database matches these requirements, it is displayed in the Database
and Schema fields.
4. Click Create.

When you add a Flexera destination, the following actions occur: 

l Additional attributes are added to Asset. These attributes will be pending until the
next Tanium import. See View schedule and run import on page 34 for more
information.
l Flexera reports are created in Asset. View these reports in the Reports section under
Custom Reports. Do not delete or modify these reports. Modifying these reports
disrupts the Flexera export.

© 2018 Tanium Inc. All Rights Reserved Page 47

 l Flexera views are created. Do not edit these views because they can be overwritten. If
necessary, you can look at the fields that are included in the Flexera views to create a
copy of the view that includes different settings.
l For each report, a connection is created in Connect that sends the report data to the
SQL server. With Asset 1.4 and earlier, the Flexera reports are used as the connection
source. With Asset 1.5 and later, the Flexera views are used as the connection source.

Use Connect for all troubleshooting of the data transfer to the SQL server. Each Flexera
connection contains information about the schedule and success or failure of the data
transfer.

Configure dates in Flexera connections

For the Flexera connections that use views, add columns for created and updated times.
These values indicate the last time that the Connect job was run for the exported data.
Repeat these steps to add values for the ci_item_created_at and ci_item_updated_at
columns.

1. From the Connect menu, go to Connections > Flexera_connection_name > Edit.

2. Click Add a Column.
3. For the destination value, choose ci_item_created_at or ci_item_updated_at.
4. For the Value Type, choose DateTime.
5. For the Date Format, indicate YYYY-MM-DDTHH:mm:ss. Do not include milliseconds,
which is included in the default selection.
6. Save the connection.

Configure Flexera to receive data from Tanium Asset

Check the contents of your custom reports in Asset and the data that is being exported to
the configured SQL server. After the data you want is being exported, configure FlexNet
Manager Suite to get data from the database. Work with your Flexera administrator to
configure this integration.

(Optional) Enable file evidence content

 Asset can integrate with Tanium Index to provide file evidence information to Flexera.

1. Install Tanium Index and verify that endpoint file systems are being indexed. The
Distribute Tanium Index Tools , Distribute Tanium Index Config and Start Indexing
packages must be deployed to the endpoints and the Index Status sensor should
return Running. For more information, see Tanium Incident Response User Guide:

© 2018 Tanium Inc. All Rights Reserved Page 48

 Install Index and Tanium Incident Response User Guide: Deploy Index tools.
2. Deploy the Distribute Tanium Asset Tools package to your endpoints. To ensure that
the tools get installed as new endpoints come online, create a saved action that
targets endpoints that return Not Installed from the Asset File Evidence Status
sensor. Configure the saved action as a scheduled action. For example, you might
schedule Distribute Tanium Asset Tools to run every hour.

3. Deploy the Asset Start File Evidence Scan package to your endpoints. From Interact,
target a set of endpoints to gather file evidence from which the Asset File Evidence
Status sensor returns Installed. Click Deploy Action and create an action that
deploys the Asset Start File Evidence Scan package. To ensure that the scan is
restarted when a computer restarts, configure the saved action as a scheduled action.
4. When everything is configured, the Flexera Report File Evidence custom report
begins to get populated with data.

© 2018 Tanium Inc. All Rights Reserved Page 49

Troubleshooting Asset
To collect and send information to Tanium for troubleshooting, collect log and other
relevant information.

Collect logs
The information is saved as a compressed ZIP file that you can download with your
browser.

1. From the Asset home page, click Help , then the Troubleshooting tab.
2. Collect the troubleshooting package. Click Collect. To collect additional information
Postgres table statistics that includes information bad tuples, live, last vacuum, and
so on, click Collect Detailed. When the ZIP file is ready, you can download the
tanium-asset-support-[timestamp].zip file to your local download
directory.
3. Attach the ZIP file to your Tanium Support case form or send it to your TAM.

In the ZIP file, you can view the following information: 

l postgresql-xx.log : Contains Postgres log file.

l info directory: Contains CSV files for Asset configurations, including attribute
configurations, destinations, permissions, and so on. If you click Collect Detailed, a
CSV file for postgres statistics (pg-stats.csv) is also created.
l job directory: Contains logs for the data imports and exports.

Update service account log level

1. From the Asset home page, click Settings , then the Advanced Settings tab.
2. Change the Service Account Log Level.
3. Click Save.

© 2018 Tanium Inc. All Rights Reserved Page 50

Troubleshoot asset data exports and imports
View status of imports and exports
On the Asset home page, you can view a timeline of the recent imports and exports.

The timeline contains each import, with one of the following statuses: 

l : Scheduled
l : Successful
l : Error
l : Running

View import and export logs

In the ZIP file that you download from the Troubleshooting tab, you can view logs for the
data imports and exports. These logs are in the job directory:

ServiceNow exports

ServiceNow export logs are named with the following format: job/date_time_

job#_servicenow_config#.log. If you enable Trace level logging on your
ServiceNow configuration, numbered subdirectories, for example job/65, are
created that contain all of the POST and GET requests for that job. See Add
ServiceNow as a destination on page 43 for more information about configuring
logging.

Asset data imports

You can use these logs to view details about the scheduled runs that are occurring to
import asset data from Tanium into your Asset database.Tanium data import logs are
named with the following format: job/date_time_job#_tanium_1.log. For
data you are importing from a database, import logs are named with the following

© 2018 Tanium Inc. All Rights Reserved Page 51

 format: job/date_time_job#_database_1.log. To change the log level for
imports, see Configuring sources on page 27.

Remove unneeded data from the Asset database

You can configure data retention and automatic vacuuming on the Asset database.

1. From the Asset home page, click Settings , then the Data Settings tab.
l To purge stale assets that have not been seen by Asset from the database,

select Purge Stale Assets. Then, indicate the age of stale data to remove. The
minimum number is seven days.
l To adjust the trigger and amount of work done during automatic vacuuming,
adjust the Cost Limit and Size Factor values. The Postgres VACUUM operation
reclaims storage that is occupied by dead tuples. By default, the database is
vacuumed when 1% of tuples are considered dead, and the cost limit (amount
of work per vacuum cycle) is set to 1000.
2. Click Save.

Uninstall Asset
1. From the Main menu, click Tanium Solutions. Under Asset, click Uninstall. Click
Proceed with Uninstall to complete the process.
2. Delete any remaining Asset-related scheduled actions and action groups.
3. Remove Asset Tools from your endpoints. To see which endpoints have the file
evidence tools installed, ask the question:  Get Asset File Evidence Status from
all machines. If you want to clean the artifacts from your endpoints, contact your
TAM.
4. A backup asset-files folder gets created as part of the uninstall process. You
can keep or delete this folder. If any other Asset artifacts remain on your Module
Server, contact your TAM.

© 2018 Tanium Inc. All Rights Reserved Page 52

Reference: Cron syntax
A quick reference to Cron syntax follows. You can use Crontab to build a Cron expression.
┌────────────── second (optional)
│ ┌──────────── minute
│ │ ┌────────── hour
│ │ │ ┌──────── day of month
│ │ │ │ ┌────── month
│ │ │ │ │ ┌──── day of week
│ │ │ │ │ │
│ │ │ │ │ │
* * * * * *

Each asterisk is a field that must be included in the Cron expression. The field value can
either be an asterisk (any value) or one of the following values:

Table 6: Valid values for Cron fields

Field Value

second 0-59

minute 0-59

hour 0-23

day of month 1-31

month 1-12

day of week (Sunday is 0 and 7) 0-7

© 2018 Tanium Inc. All Rights Reserved Page 53