1 - Tanium Platform
Tanium Platform: Endpoint management and security software that provides organizations with visibility and control across their IT environments.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
When configuring Tanium Platform, make sure to:
- Enable TCP octet framing, and
- Enable RFC5424 output format
For details, see the Tanium Appliance documentation.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| Analytics label | Message field | value |
|---|---|---|
vendor |
meta.vendor |
tanium |
product |
meta.product |
platform |
service |
meta.service.name |
Tanium |
You can use the labels as:
- Filter labels on the Analytics page,
- in the Filter By Label field during log tapping.
You can use the message fields
- in Flow Processing steps, for example, in the Query field of Select Messages steps,
- in AQL expressions in the search bars.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| source | sourcetype | index |
|---|---|---|
Depends on the log message, always begins with tanium:question:, for example, tanium:question:tanium_droid |
tanium, tanium:audit, tanium:inventory, tanium:hardware:cpu, tanium:endpoint:process, tanium:endpoint:services, tanium:deploy:deploymeantime, tanium:change:endpoint, tanium:report:vulnerability, tanium:report:vulnerability, tanium:discover:report, tanium:malware:attack, tanium:updates, tanium:patch:patchmeantime, tanium:ids:netconns, tanium:report:vulnerability, tanium:report:vulnerability, tanium:discover:lost, tanium:discover:managed, tanium:discover:unmanaged, tanium:endpoint:dns:stream, tanium:endpoint:securityevent:stream, tanium:endpoint:library:stream, tanium:endpoint:processes:stream, tanium:endpoint:netconn:stream, tanium:endpoint:netdisco:stream, tanium:endpoint:netaccept:stream, tanium:endpoint:filecreate:stream, tanium:endpoint:filewrite:stream, tanium:endpoint:fileread:stream, tanium:endpoint:fileopen:stream, tanium:endpoint:filemove:stream, tanium:endpoint:filedelete:stream, tanium:endpoint:filepermchange:stream, tanium:endpoint:regcreate:stream, tanium:endpoint:regset:stream, tanium:endpoint:regdelete:stream, tanium:detect:signals, tanium:detect:openioc, tanium:detect:yara, tanium:detect:stix |
tanium |
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: TANIUM_QUESTION.