Device Details
|
Device Name |
Tanium |
|
Vendor |
Tanium |
|
Device Type |
Tanium |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
N/A |
|
Collection Method |
Syslog |
|
Configurable Log Output |
LEEF |
|
Log Source Type |
Syslog - Tanium LEEF |
|
Log Processing Policy |
LogRhythm Default V 2.0 |
|
Exceptions |
N/A |
|
Additional Information |
https://docs.tanium.com/connect/connect/audit_reference.html |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
V 2.0 : Action History Events |
N/A |
<action>, <status>, <login>, <command>, <account> |
|
V 2.0 : Action Mgmt Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Authentication Success Events |
N/A |
<login>, <session>, <sessiontype>, <sip>, <vendorinfo>, <tag1> |
|
V 2.0 : Content Set Role Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Content Set Role Privilege Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Group Events |
N/A |
<object>, <login>, <domainorigin>, <group>, <tag1>, <vendorinfo> |
|
V 2.0 : Package Mgmt Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Plugin Mgmt Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Question History Events |
N/A |
<object>, <login>, <objectname> |
|
V 2.0 : Question Mgmt Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Sensor Mgmt Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : User Group Mgmt Events |
N/A |
<object>, <login>, <group>, <tag1>, <vendorinfo> |
|
V 2.0 : User Logon Failure |
N/A |
<reason>, <login>, <sip>, <vendorinfo> |
|
V 2.0 : User Mgmt Events |
N/A |
<object>, <action>, <group>, <tag1>, <login>, <domainorigin>, <account>, <tag2>, <vendorinfo> |
|
V 2.0 : Content Set Audit Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Package Audit Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Personas Audit Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 : Api Tokens Audit Events |
N/A |
<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo> |
|
V 2.0 :Asset Report Physical Machine Summary Event |
N/A |
<vmid>, <object>, <quantity> |
|
V 2.0 : Client Status Events |
N/A |
<vmid>, <sname>, <sip>, <dip>, <status>, <version> |
|
V 2.0 : ADQuery Windows Events |
N/A |
<vmid>, <status>, <quantity> |
|
V 2.0 : Tanium Discover Events |
N/A |
<vmid>, <smac>, <sip>, <snatip>, <sname>, <object> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.657.0 |
Syslog - Tanium LEEF |
New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 |
Optimized new log processing policy for Syslog - Tanium LEEF. |