Currently Supported Versions
Reference: Index sensors and packages
Use the Index sensors to get details about files that have been indexed.
| Sensor | Description |
|---|---|
| Index - File Count | Returns count of index files that match one or more supplied inputs. The Index - File Count sensor supports both wildcards and regular expressions. Supported wildcard syntax includes the * character to match any number of characters and the ? character to match one character. For example, you can use *pad.exe to search for either notepad.exe or wordpad.exe. To use regular expressions in parameter values, select Use Regular Expressions. You can use regular expressions to search for more complex patterns and to further constrain the scope of the search. For example, ^(if|ip)config(.exe)?$ matches ifconfig, ipconfig, ifconfig.exe, and ipconfig.exe. |
| Index - File Details | Returns details of index files that match one or more supplied inputs. The Index -File Details sensor supports both wildcards and regular expressions in parameters with the exception of the Maximum Number of Rows. Supported wildcard syntax includes the * character to match any number of characters and the ? character to match one character. For example, you can use *pad.exe to search for either notepad.exe or wordpad.exe. To use regular expressions in parameter values, select Use Regular Expressions. You can use regular expressions to search for more complex patterns and to further constrain the scope of the search. For example, ^(if|ip)config(.exe)?$ matches ifconfig, ipconfig, ifconfig.exe, and ipconfig.exe. |
| Index - File Exists | Returns Yes or No, using Index to determine whether specified file exists based on the supplied input. The Index - File Exists sensor uses Tanium Index to determine whether the specified file(s) exist on the endpoints and returns "Yes" or "No". The Index - File Exists sensor supports both wildcards and regular expressions. Supported wildcard syntax includes the * character to match any number of characters and the ? character to match one character. For example, you can use *pad.exe to search for either notepad.exe or wordpad.exe. To use regular expressions in parameter values, select Use Regular Expressions. You can use regular expressions to search for more complex patterns and to further constrain the scope of the search. For example, ^(if|ip)config(.exe)?$ matches ifconfig, ipconfig, ifconfig.exe, and ipconfig.exe. |
| Index - File Hash Recently Changed | Returns filename and hash(es) of file created or modified in previous N hours. The Index - File Hash Recently Changed sensor returns filenames and hashes for files that have been created or modified within a given number of hours. For example, you can search for binary files that have been created or modified under C:\WindowsSystem32 in the previous 8 hours. By searching for files with a File Magic Number glob of 4D5A, you can focus your search on Windows PE binary files (EXEs and DLLs). The Index - File Hash Recently Changed sensor supports both wildcards and regular expressions in parameters with the exception of the Maximum Number of Rows and Lookback Hours parameters. Supported wildcard syntax includes the * character to match any number of characters and the ? character to match one character. For example, you can use *pad.exe to search for either notepad.exe or wordpad.exe. To use regular expressions select Use Regular Expressions. You can use regular expressions to search for more complex patterns and to further constrain the scope of the search. For example, ^(if|ip)config(.exe)?$ matches ifconfig, ipconfig, ifconfig.exe, and ipconfig.exe. |
| Index - List Discovered Volumes | Returns the volumes that Index discovers. You can run this sensor without a configuration for Index. It does not indicate Index is actively scanning the paths that this sensor returns. To return a list of the volumes that Index discovers, ask a question such as Get Computer Name and Index - List Discovered Volumes from all machines. |
| Index - Tuning - Get Top Paths | Returns the top ten paths with highest file counts for tuning Index. The paths that are returned are non-recursive. |
There is no longer an Index DB Size Sensor for Index. Use the Sensor "File Size" from default content.
Get File Size["c:\Program Files (x86)\Tanium\Tanium Client\extensions\index\index.db"] from all machines
The following packages are provided with the Client Index Extension. Open a package in the console to edit package parameters and deploy the package to appropriate endpoints.
| Package | Description |
|---|---|
| Index - Disable Extension [Windows] | Disables the CX Extension for Index-CX (Windows only). Use this package to ensure that Index is not running. |
| Index - Disable Extension [Non-Windows] | Disables the CX Extension for Index-CX (Non-Windows only). Use this package to ensure that Index is not running. |
| Index - Enable Extension [Windows] | Enables the CX Extension for Index-CX (Windows only). |
| Index - Enable Extension [Non-Windows] | Enables the CX Extension for Index-CX (Non-Windows only). |
| Index - Reset Database [Windows] | Resets the Index database and clears all file, folder and hash data (Windows only). Use this package to delete all Index-CX file/folder/hash data in the Index database. |
| Index - Reset Database [Non-Windows] | Resets the Index database and clears all file, folder and hash data (Non-Windows only). Use this package to delete all Index-CX file/folder/hash data in the Index database. |
| Index - Remove Legacy Dependent [Windows] | Removes Index Classic with a VBS script (index-remove-legacy-dependent.vbs) - (Windows only). |
| Index - Remove Legacy Dependent [Non-Windows] | Removes Index Classic with a shell script (index-remove-legacy-dependent.sh) - (Non-Windows only). |
The following Index sensors have been deprecated:
- Index Has Latest Tools
- Index Query File Count
- Index Query File Details
- Index Query File Details by Last Modified
- Index Query File Details Using Name
- Index Query File Details Using Name Sort By Largest
- Index Query File Exists
- Index Query File Hash Recently Changed
- Index Query File Path and Hash
- Index Query File Path Using Name
- Index Query File Permissions
- Index Query Find Blacklist Matches
- Index Resolved Config
- Index Status
- Index Version
-
Index Config
The following Index packages have been deprecated:
- Distribute Tanium Endpoint Index Config
- Distribute Tanium Endpoint Index Config For Mac
- Distribute Tanium Endpoint Index Tools
- Distribute Tanium Endpoint Index Tools For Linux
- Distribute Tanium Endpoint Index Tools For Mac
- Remove Tanium Index Tools
- Remove Tanium Index Tools For Linux
- Remove Tanium Index Tools For Mac
- Start Index [Windows]
- Start Index [Linux]
- Start Index [Mac]
- Stop Index [Windows]
- Stop Index [Linux]
- Stop Index [Mac]
- Compact Tanium Index Database
- Compact Tanium Index Database For Linux
- Compact Tanium Index Database For Mac
- Delete Tanium Endpoint Index Database for Mac
- Delete Tanium Endpoint Index Database
- Delete Tanium Endpoint Index Database For Linux
- Distribute Index Query Blacklist
- Distribute Index Query Blacklist For Linux
- Distribute Index Query Blacklist for Mac
Last updated: 3/15/2023 4:34 PM | Feedback