Reference: Supported file types for rule evaluation
For rules to evaluate on a file, the file must match the following criteria:
- The file must be hashed by Tanium Index using hash type MIME.
- The file must be in a format that Tanium Reveal can read.
- Binary files must be less than 32 MB. To increase the default size limit, create and deploy a custom profile to update the Maximum Size Non-Streamable File Formats setting. Note that text files do not have a size limit. For more information, see Creating profiles.
- The file must not be filtered by the Reveal Parse Exclusions by Regular Expression or Reveal Parse Exclusions by File Path settings, which you can configure using a profile. For more information, see Creating profiles.
When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:
CFG, CONF, INI, YAML
|Microsoft Excel||Binary||ODS, XLAM, XLSM, XLSX, XLTM, XLTX|
ODP, POTM, POTX,
|Microsoft Word||Binary||DOCM, DOCX, DOTM, DOTX, ODT|
CSV, TSV, JSON, XML, DB (SQLite Databases)
EAR, JAR, WAR, ZIP
|Everything Else||Binary / Text||Any files with a MIME type that are not already contained in another category.|
1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored.
Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Client Index Extension. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.
Reveal supports the following MIME types:
text/plain (also must match a file extension for “tabular” in definitions.json)
Last updated: 1/20/2023 2:38 PM | Feedback