Reference: Supported file types for rule evaluation

For rules to evaluate on a file, the file must match the following criteria:

When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:

Category	Format	File types
Configuration	Text	CFG, CONF, INI, YAML
Microsoft Excel	Binary	ODS, XLAM, XLSM, XLSX, XLTM, XLTX
Microsoft PowerPoint	Binary	ODP, POTM, POTX, PPA, PPSM, PPSX, PPTM, PPTX
Microsoft Word	Binary	DOCM, DOCX, DOTM, DOTX, ODT
PDF	Binary	FDF, PDF
Structured text	Text	CSV, TSV, JSON, PRN, XML, DB (SQLite Databases)
Text	Text	TXT
Zip1	Binary	EAR, JAR, WAR, ZIP
Everything Else	Binary / Text	Any files with a MIME type that are not already contained in another category.
1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored.

Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Index. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.

Supported MIME types

Reveal supports the following MIME types:

zip:

• application/zip

• application/vnd.openxmlformats-officedocument

• application/vnd.oasis.opendocument

• application/java-archive

xml:

• text/xml

• text/html

• application/vnd.oasis.opendocument

text:

• text*

sqlite:

• application/x-sqlite3

pdf:

• application/pdf

• application/x-pdf

csv:

• text/plain (also must match a file extension for “tabular” in definitions.json)