Taniumâ„¢ Core Platform 7.2 User Guide

PDF 7.2
  • All Files
Documentation Home > Tanium Core Platform User Guide

Other versions

Example: Multicolumn sensors

Multicolumn sensors are designed to collect multiple pieces of related data in a single answer.

Create multicolumn sensors when the data is more useful when presented as a single record. For example, when you look into Windows Registry issues, you need to know multiple pieces of information.

Registry Key Value Names with Data is a multicolumn sensor included in the Initial Content pack. It returns: User (if User hive), Keypath, Value, Data, Data Type, and OS architecture type.

Figure  1:  Results from a multicolumn sensor

Script

The script must add a delimiter between each property as it writes to the standard output channel. The delimiter in the script must match the delimiter specified in the settings.

Figure  2:  Multicolumn delimiters in sensor script

Settings

For multicolumn sensors, when you configure sensor settings, select Split into multiple columns using delimiter, specify a string separator (a pipe is common), and use the controls to specify the columns.

Figure  3:  Multicolumn result settings

Last updated: 5/16/2018 1:12 PM | Feedback