Reference: Supported file types for rule evaluation
For rules to evaluate on a file, the file must match the following criteria:
- The file must be hashed by Tanium Index using hash type MIME.
- The file must be in a format that Tanium Reveal can read.
- Binary files must be less than 32 MB. To increase the default size limit, update the Maximum Size Non-Streamable File Formats setting (from the Reveal Overview page, go to Settings
and click Endpoint Configuration). Note that text files do not have a size limit. - The file must not be filtered by the Path Stem Exclusions or Path Filter Exclusions settings (from the Reveal Overview page, click Settings > Endpoint Configuration).
When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:
| Category | Format | File types |
|---|---|---|
| Configuration | Text |
CFG, CONF, INI, YAML |
| Microsoft Excel | Binary | ODS, XLAM, XLSM, XLSX, XLTM, XLTX |
| Microsoft PowerPoint | Binary |
ODP, POTM, POTX, PPA, PPSM, PPSX, PPTM, PPTX |
| Microsoft Word | Binary | DOCM, DOCX, DOTM, DOTX, ODT |
| Binary | FDF, PDF | |
| Structured text | Text |
CSV, TSV, JSON, PRN, XML, DB (SQLite Databases) |
| Text | Text | TXT |
| Zip1 | Binary |
EAR, JAR, WAR, ZIP |
| Everything Else | Binary / Text | Any files with a MIME type that are not already contained in another category. |
|
1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored. |
||
Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Index. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.
Last updated: 11/18/2020 11:21 AM | Feedback