Introduction
The tags beginning with edr.tanium
identify events generated by the Tanium Core Platform.
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed as edr.tanium
. The third level identifies the type of events sent.
These are the valid tags and corresponding data tables that will receive the parsers' data:
| | |
---|
Tanium | edr.tanium.action_history
| edr.tanium.action_history
|
edr.tanium.all_assets
| edr.tanium.all_assets
|
edr.tanium.applicable_patches
| edr.tanium.applicable_patches
|
edr.tanium.asset_report
| edr.tanium.asset_report
|
edr.tanium.audit
edr.tanium.json
| edr.tanium.audit
|
edr.tanium.basic_asset
| edr.tanium.basic_asset
|
edr.tanium.client_status
| edr.tanium.client_status
|
edr.tanium.crowdstrike
| edr.tanium.crowdstrike
|
edr.tanium.detect
| edr.tanium.detect
|
edr.tanium.discover
| edr.tanium.discover
|
edr.tanium.discover_lost
| edr.tanium.discover_lost
|
edr.tanium.events
| edr.tanium.events
|
| edr.tanium.installedapps
|
edr.tanium.patch_list
| edr.tanium.patch_list
|
edr.tanium.question
| edr.tanium.question
|
edr.tanium.threat_response
| edr.tanium.threat_response
|
edr.tanium.threats
| edr.tanium.threats
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in these tables: