tanium core platform
April 24, 2024 · View on GitHub
Expression
product = "tanium core platform"
Fields
There are no fields for this extension.
Activity Types
| Activity Type | Field | Status | Core | Detection | Informational |
|---|---|---|---|---|---|
| dns-response | process_name | ||||
| process_dir | |||||
| src_host | Legacy | ✓ | |||
| process_path | |||||
| endpoint-authentication | src_ip | Default | ✓ | ||
| auth_method | Default | ✓ | |||
| process_name | Default | ✓ | |||
| process_dir | Default | ✓ | |||
| process_path | Default | ✓ | |||
| process-create | domain | Default | ✓ | ||
| hash_md5 | Default | ✓ | |||
| domain_user_name | |||||
| user | Default | ✓ |