Document toolboxDocument toolbox

edr.tanium

Introduction

The tags beginning with edr.tanium identify events generated by the Tanium Core Platform.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as edr.tanium. The third level identifies the type of events sent. 

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Tanium

edr.tanium.action_history

edr.tanium.action_history

edr.tanium.all_assets

edr.tanium.all_assets

edr.tanium.applicable_patches

edr.tanium.applicable_patches

edr.tanium.asset_report

edr.tanium.asset_report

  • edr.tanium.audit

  • edr.tanium.json

edr.tanium.audit

edr.tanium.basic_asset

edr.tanium.basic_asset

edr.tanium.client_status

edr.tanium.client_status

edr.tanium.crowdstrike

edr.tanium.crowdstrike

edr.tanium.detect

edr.tanium.detect

edr.tanium.discover

edr.tanium.discover

edr.tanium.discover_lost

edr.tanium.discover_lost

edr.tanium.events

edr.tanium.events

  • edr.tanium.installedapps

  • edr.tanium.installedapps.v2

edr.tanium.installedapps

edr.tanium.patch_list

edr.tanium.patch_list

edr.tanium.question

edr.tanium.question

edr.tanium.threat_response

edr.tanium.threat_response

edr.tanium.threats

edr.tanium.threats

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables: