Reference: Supported file types for rule evaluation
For rules to evaluate on a file, the file must match the following criteria:
- The file must be hashed by Tanium Index using hash type MIME.
- The file must be in a format that Tanium Reveal can read.
- Binary files must be less than 32 MB. To increase the default size limit, update the Maximum Size Non-Streamable File Formats setting (from the Reveal Overview page, go to Settings and click Endpoint Configuration). Note that text files do not have a size limit.
- The file must not be filtered by the Path Stem Exclusions or Path Filter Exclusions settings (from the Reveal Overview page, click Settings > Endpoint Configuration).
When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:
CFG, CONF, INI, YAML
|Microsoft Excel||Binary||ODS, XLAM, XLSM, XLSX, XLTM, XLTX|
ODP, POTM, POTX, PPA, PPSM, PPSX, PPTM, PPTX
|Microsoft Word||Binary||DOCM, DOCX, DOTM, DOTX, ODT|
CSV, TSV, JSON, PRN, XML, DB (SQLite Databases)
EAR, JAR, WAR, ZIP
|Everything Else||Binary / Text||Any files with a MIME type that are not already contained in another category.|
1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored.
Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Index. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.
Reveal supports the following MIME types:
text/plain (also must match a file extension for “tabular” in definitions.json)
Last updated: 5/4/2021 2:43 PM | Feedback