All Apps and Add-ons

Tanium app inputs

ccsfdave
Builder

I have a bunch of inputs that the tanium SME wants pulled into Splunk. I can’t find documentation on the app and whether it is looking for different sourcetypes etc. Is there a best practice on organizing the data coming in?
example:

Tanium App/DB Appliance: (update)
Tanium Module Appliance: (tanmod)
Tanium Deploy Fileserver (tanfile)
Tanium DMZ Appliance (tanzonea)

BTW if anyone comments, the above is coming into a HWF via UDP 514. We also have a HEC 8002 for other Tanium data coming in

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...