# Tanium Platform Tanium Platform: Endpoint management and security software that provides organizations with visibility and control across their IT environments. To onboard such a source to Axoflow, complete the [generic appliance onboarding steps](../../../../docs/axoflow/data-sources/appliances/index.md). When configuring Tanium Platform, make sure to: * Enable TCP octet framing, and * Enable RFC5424 output format For details, see the [Tanium Appliance documentation](). ## Labels Axoflow automatically adds the following labels to data collected from this source: Analytics label | Message field | Value ---|---|--- `vendor` | [`meta.vendor`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.vendor) | `tanium` `product` | [`meta.product`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.product) | `platform` `service` | [`meta.service.name`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.service.name) | `Tanium` You can use the labels as: * **Filter labels** on the [Analytics page](../../../../docs/axoflow/metrics/analytics/index.md), * in the **Filter By Label** field during [log tapping](../../../../docs/axoflow/onboard-hosts/log-tapping/index.md). You can use the message fields * in [Flow Processing steps](../../../../docs/axoflow/data-management/processing/index.md), for example, in the **Query** field of **Select Messages** steps, * in AQL expressions in the search bars. ## Sending data to Splunk When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings: source | sourcetype | index ---|---|--- Depends on the log message, always begins with `tanium:question:`, for example, `tanium:question:tanium_droid` | `tanium`, `tanium:audit`, `tanium:inventory`, `tanium:hardware:cpu`, `tanium:endpoint:process`, `tanium:endpoint:services`, `tanium:deploy:deploymeantime`, `tanium:change:endpoint`, `tanium:report:vulnerability`, `tanium:report:vulnerability`, `tanium:discover:report`, `tanium:malware:attack`, `tanium:updates`, `tanium:patch:patchmeantime`, `tanium:ids:netconns`, `tanium:report:vulnerability`, `tanium:report:vulnerability`, `tanium:discover:lost`, `tanium:discover:managed`, `tanium:discover:unmanaged`, `tanium:endpoint:dns:stream`, `tanium:endpoint:securityevent:stream`, `tanium:endpoint:library:stream`, `tanium:endpoint:processes:stream`, `tanium:endpoint:netconn:stream`, `tanium:endpoint:netdisco:stream`, `tanium:endpoint:netaccept:stream`, `tanium:endpoint:filecreate:stream`, `tanium:endpoint:filewrite:stream`, `tanium:endpoint:fileread:stream`, `tanium:endpoint:fileopen:stream`, `tanium:endpoint:filemove:stream`, `tanium:endpoint:filedelete:stream`, `tanium:endpoint:filepermchange:stream`, `tanium:endpoint:regcreate:stream`, `tanium:endpoint:regset:stream`, `tanium:endpoint:regdelete:stream`, `tanium:detect:signals`, `tanium:detect:openioc`, `tanium:detect:yara`, `tanium:detect:stix` | `tanium` ## Sending data to Google SecOps When sending the data collected from this source to a [_dynamic_ Google SecOps destination](../../../../docs/axoflow/destinations/google/secops/index.md), Axoflow sets the following log type: `TANIUM_QUESTION`. ## Sending data to Microsoft Sentinel When sending the data collected from this source to a [Microsoft Sentinel destination](../../../../docs/axoflow/destinations/microsoft/sentinel/index.md), Axoflow normalizes the data and sends it to the following table: `Syslog`.