Syslog - Tanium LEEF

Device Details

Device Name	Tanium
Vendor	Tanium
Device Type	Tanium
Supported Model Name/Number	N/A
Supported Software Version	N/A
Collection Method	Syslog
Configurable Log Output	LEEF
Log Source Type	Syslog - Tanium LEEF
Log Processing Policy	LogRhythm Default V 2.0
Exceptions	N/A
Additional Information	https://docs.tanium.com/connect/connect/audit_reference.html

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
V 2.0 : Action History Events	N/A	<action>, <status>, <login>, <command>, <account>
V 2.0 : Action Mgmt Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Authentication Success Events	N/A	<login>, <session>, <sessiontype>, <sip>, <vendorinfo>, <tag1>
V 2.0 : Content Set Role Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Content Set Role Privilege Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Group Events	N/A	<object>, <login>, <domainorigin>, <group>, <tag1>, <vendorinfo>
V 2.0 : Package Mgmt Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Plugin Mgmt Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Question History Events	N/A	<object>, <login>, <objectname>
V 2.0 : Question Mgmt Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Sensor Mgmt Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : User Group Mgmt Events	N/A	<object>, <login>, <group>, <tag1>, <vendorinfo>
V 2.0 : User Logon Failure	N/A	<reason>, <login>, <sip>, <vendorinfo>
V 2.0 : User Mgmt Events	N/A	<object>, <action>, <group>, <tag1>, <login>, <domainorigin>, <account>, <tag2>, <vendorinfo>
V 2.0 : Content Set Audit Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Package Audit Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Personas Audit Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 : Api Tokens Audit Events	N/A	<object>, <login>, <domainorigin>, <objectname>, <tag1>, <vendorinfo>
V 2.0 :Asset Report Physical Machine Summary Event	N/A	<vmid>, <object>, <quantity>
V 2.0 : Client Status Events	N/A	<vmid>, <sname>, <sip>, <dip>, <status>, <version>
V 2.0 : ADQuery Windows Events	N/A	<vmid>, <status>, <quantity>
V 2.0 : Tanium Discover Events	N/A	<vmid>, <smac>, <sip>, <snatip>, <sname>, <object>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.657.0	Syslog - Tanium LEEF	New Log Source Optimization (LSO) policy: LogRhythm Default v2.0	Optimized new log processing policy for Syslog - Tanium LEEF.