Reference: Reveal settings
To access Reveal settings from the Reveal Overview page, go to Settings 
and click Settings.
Reveal service settings
| Setting | Default value | Description |
|---|---|---|
| Enable Rule Sets and Tools Automatic Deployment | selected | Select to automatically deploy Rule Sets and upgrade Reveal tools to the latest available versions when Reveal is installed or upgraded. |
| Rule Publication Interval | 12 hours |
The time interval to automatically deploy rule and rule sets assignments to endpoints. |
| Rule Publication On Modify | 30 minutes | The time to automatically deploy rule and rule sets assignments to endpoints after a rule or rule set has been modified. |
| Validation Publication Interval | 30 minutes | The time interval to automatically deploy pending validations. |
| Rule Results Scan Interval | 600 seconds | The frequency to gather rule results metrics from endpoints. |
| Status Scan Interval | 600 seconds | The frequency to query the reveal status from endpoints. |
| Live Connection Max Files | 1000 files | Any files with a MIME type that are not already contained in another category. |
| Live Connection Max Snippets | 1000 snippets | The maximum number of snippets retrieved from a file from an endpoint. |
| Live Connection Page Expiration | 60 minutes | The security setting to expire URLs after the specific period. |
| Live Connection URL Scope | session | The security setting to share connection urls across users, scope them to the user, or to the users current session. |
| Package File Cache Timeout | 300 seconds | The amount of time to wait for the Tanium Server to cache files for packages. Package and action creation fail if this timeout is exceeded. |
| Package Download Timeout | 1800 seconds | The amount of time to allow for Reveal package to download before timing out. |
| Time Sync Frequency | 10 minutes | How frequently to send out a time sync package. |
| Time Sync Distribute Over Time | 1200 seconds | The time period to distribute the time sync to target endpoints. |
| Vocabulary Sampling Interval | 600 seconds | The time period between when vocabulary sampling questions are sent out. |
| Decimation Schedule Automatic Deployment Interval | 48 hours | How frequently the decimation schedule gets recreated. |
| Decimation Schedule Expiration Period | 7 days | How long a decimation schedule is valid. |
| Global Vocabulary Decimation Threshold | 50 percent | Global completion percentage to reach before decimating the global vocabulary. |
| Decimation Scheduler Horizon | 21 days | How far into the future the decimation scheduler will attempt to predict. |
| Decimation Scheduler Growth Factor Gain | 1 percent | Determines how much effect each sampling status has on the growth factor. |
| Decimation Scheduler Deploy Frequency | 24 hours | The maximum amount of time allowed to pass before a new decimation schedule is deployed. |
| Decimation Scheduler Distribute Over Time | 1200 seconds | The time period to distribute decimation scheduler to endpoints. |
| Decimation Schedule Reissue Interval | 3600 seconds | How frequently the action to deploy the decimation schedule runs. |
Endpoint configuration settings
| Setting | Default value | Description |
|---|---|---|
| Path Filter Exclusions | none |
Paths to exclude from parsing in regular expression format. For example: .*\.docx filters any files that end with the .docx file extension. |
| Path Stem Exclusions | none | Paths to exclude from parsing. For example: C:\Program Files (x86)\Tanium\Tanium Client\ filters all content under Tanium Client. |
| Exclusions by Regular Expression | .*\\Tanium\\Tanium Client.* | Paths to exclude from parsing in regular expression format. For example: .*\.docx filters any files that end with the .docx file extension. |
| Exclusions by File Path | /opt/Tanium/TaniumClient /Library/Tanium/TaniumClient | Paths to exclude from parsing. For example: C:\Program Files (x86)\Tanium\Tanium Client\ filters all content under Tanium Client. |
| Maximum File Batch Size | 100000 files | The maximum files to process per index operation. |
| Maximum Text Content | 1024 KB | The maximum amount of text content to extract per file. |
| Maximum Document Per DB Shard | 10000 files | The maximum number of documents per database shard. |
| Maximum Database Size | 1024 MB | The maximum size of the Reveal database. |
| Maximum Size Non-Streamable File Formats | 32768 KB | The maximum size of non-streamable file formats to index. |
| Minimum Available Disk Space | 2048 MB | The minimum amount of available disk space required to start an indexing operation. |
| Context Characters | 150 characters | The number of characters to include on either side of a pattern hit. |
| Tanium Index Max Query Files | 1000 files | The maximum number of files to request from Tanium Index at a time. |
| Max Files on Prune | 10000 files | The maximum number of files to process per prune operation. |
| Minimum Document Frequency | 5 documents | The minimum number of documents required to include a term in the global vocabulary. |
| Enable Global Vocabulary Sampling | Deselected | Turns on global vocabulary sampling on endpoints. |
| (Internal) Vocabulary Sampling Exponent | -10 | The vocabulary sampling rate. |
| (Internal) Vocabulary Builder Decimation Coefficient | .9 | The decimation coefficient used by the vocabulary builder. |
Index configuration settings
| Setting | Default value | Description |
|---|---|---|
| Maximum CPU | 3% | The maximum percentage of CPU that Tanium Index can use. |
| Rescan Interval | 3600 seconds | The frequency that Tanium Index scans. |
| Exclude from Hashing | none | Regex paths to exclude from hashing. |
Last updated: 7/28/2021 1:47 PM | Feedback