Reference: Supported file types for rule evaluation

For rules to evaluate on a file, the file must match the following criteria:

  • The file must be hashed by Tanium Index using hash type MIME.
  • The file must be in a format that Tanium Reveal can read.
  • Binary files must be less than 32 MB. To increase the default size limit, update the Maximum Size Non-Streamable File Formats setting (from the Reveal Home page, go to Settings and click Endpoint Settings). Note that text files do not have a size limit.
  • The file must not be filtered by the Path Stem Exclusions or Path Filter Exclusions settings (from the Reveal Home page, click Settings > Endpoint Settings).

When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:

Category Format File types
Configuration Text

CFG, CONF, INI, YAML

Microsoft Excel Binary ODS, XLAM, XLSM, XLSX, XLTM, XLTX
Microsoft PowerPoint Binary

ODP, POTM, POTX, PPA, PPSM, PPSX, PPTM, PPTX

Microsoft Word Binary DOCM, DOCX, DOTM, DOTX, ODT
PDF Binary FDF, PDF
Structured text Text

CSV, JSON, PRN, XML

Text Text TXT
Zip1 Binary

EAR, JAR, WAR, ZIP

Everything Else Binary / Text Any files with a MIME type that are not already contained in another category.

1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored.

Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Index. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.

Last updated: 9/24/2019 6:48 PM | Feedback