Hello, I am in the process of setting up integration with Tanium and I noticed that the payload is always base64 encoded. Is there a way either through Tanium or through Splunk to decode this field on the fly? If I have to parse this through Splunk I would need to extract the fields that are associated with the encoded string. Also, can this be done at index time or before hand if done by Splunk, maybe through a HF? Hoping someone has some experience with Tanium configurations specifically.
Thanks