├── .gitignore ├── LICENSE ├── README.md └── app └── tanium ├── default ├── addon_builder.conf ├── app.conf ├── commands.conf └── data │ └── ui │ ├── nav │ └── default.xml │ └── views │ ├── data_leakage.xml │ ├── security_data_leakage.xml │ ├── security_operations.xml │ ├── security_vulnerabilities.xml │ ├── server_setup.xml │ ├── tanium.xml │ ├── tanium_application_visibility.xml │ ├── tanium_asset_management.xml │ ├── tanium_machine_user_log.xml │ ├── tanium_patch_vulnerability.xml │ └── tanium_unmanaged_assets.xml ├── metadata ├── default.meta └── local.meta └── static ├── appIcon.png ├── appIconAlt.png ├── appIconAlt_2x.png └── appIcon_2x.png /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled source # 2 | ################### 3 | *.com 4 | *.class 5 | *.dll 6 | *.exe 7 | *.o 8 | *.so 9 | *.pyc 10 | # Packages # 11 | ############ 12 | # it's better to unpack these files and commit the raw source 13 | # git has its own built in compression methods 14 | *.7z 15 | *.dmg 16 | *.gz 17 | *.iso 18 | *.jar 19 | *.rar 20 | *.tar 21 | *.zip 22 | # Logs and databases # 23 | ###################### 24 | *.log 25 | *.sql 26 | *.sqlite 27 | # OS generated files # 28 | ###################### 29 | .DS_Store 30 | .DS_Store? 31 | ._* 32 | .Spotlight-V100 33 | .Trashes 34 | ehthumbs.db 35 | Thumbs.db 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Tanium 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Splunk For Tanium 2 | Use this repo is use at your own risk. There is no support. Please Talk to your local TAM before using this code. 3 | -------------------------------------------------------------------------------- /app/tanium/default/addon_builder.conf: -------------------------------------------------------------------------------- 1 | # this file is generated by add-on builder automatically 2 | # please do not edit it 3 | [base] 4 | builder_version = 1.1.0 5 | builder_build = 1 -------------------------------------------------------------------------------- /app/tanium/default/app.conf: -------------------------------------------------------------------------------- 1 | # Version 6.3.0 2 | # 3 | # Tanium app configuration file 4 | # 5 | 6 | [install] 7 | state = enabled 8 | build = 1 9 | version = 1.0.0 10 | 11 | [ui] 12 | is_visible = true 13 | label = Tanium 14 | 15 | [launcher] 16 | author=Tanium 17 | description=The Search app is Tanium's default interface for searching and analyzing IT data. It allows you to index data into Splunk, add knowledge, build reports, and create alerts. The Search app can be used across many areas of IT including application management, operations management, security, and compliance. 18 | version=6.3.0 19 | 20 | [package] 21 | id = tanium 22 | 23 | 24 | -------------------------------------------------------------------------------- /app/tanium/default/commands.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/default/commands.conf -------------------------------------------------------------------------------- /app/tanium/default/data/ui/nav/default.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/data_leakage.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Non Approved Established Connections by Computer 7 | sourcetype=tanium splunk-non-approved-Established-connections-by-computer | table Computer_Name,Process, Name, Target_IP 8 | rt-1h 9 | rt 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | Non Approved Established Connections 20 | sourcetype=tanium splunk-non-approved-established-connections | table Process, Name, Target_IP, Count 21 | rt-1h 22 | rt 23 | 24 | 25 | 26 | 27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | Recently Closed Connections 35 | sourcetype=tanium splunk-Recently-Closed-Connections| table Name,Target_IP,Count 36 | rt-1h 37 | rt 38 | 39 | 40 | 41 | 42 | 43 |
44 |
45 |
46 | 47 | 48 | 49 | Listen Ports with MD5 Hash 50 | sourcetype=tanium splunk-Listening-Ports-with-MD5-Hash | table Process, MD5_Hash, Name, IP_Address, Port, Count 51 | rt-1h 52 | rt 53 | 54 | 55 | 56 | 57 | 58 |
59 |
60 |
61 | 62 | 63 | 64 | Open Ports 65 | sourcetype=tanium splunk-Open-Ports | table Open_Port,Count 66 | rt-1h 67 | rt 68 | 69 | 70 | 71 | 72 | 73 |
74 |
75 |
76 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/security_data_leakage.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Non Approved Established Connections by Computer 7 | sourcetype=tanium splunk-non-approved-Established-connections-by-computer | table Computer_Name,Process, Name, Target_IP 8 | rt-1h 9 | rt 10 | 11 | 12 | 13 | 14 | 15 |
16 |
17 | 18 | 19 | Non Approved Established Connections 20 | sourcetype=tanium splunk-non-approved-established-connections | table Process, Name, Target_IP, Count 21 | rt-1h 22 | rt 23 | 24 | 25 | 26 | 27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | Recently Closed Connections 35 | sourcetype=tanium splunk-Recently-Closed-Connections| table Name,Target_IP,Count 36 | rt-1h 37 | rt 38 | 39 | 40 | 41 | 42 | 43 |
44 |
45 |
46 | 47 | 48 | 49 | Listen Ports with MD5 Hash 50 | sourcetype=tanium splunk-Listening-Ports-with-MD5-Hash | table Process, MD5_Hash, Name, IP_Address, Port, Count 51 | rt-1h 52 | rt 53 | 54 | 55 | 56 | 57 | 58 |
59 |
60 |
61 | 62 | 63 | 64 | Open Ports 65 | sourcetype=tanium splunk-Open-Ports | table Open_Port,Count 66 | rt-1h 67 | rt 68 | 69 | 70 | 71 | 72 | 73 |
74 |
75 |
76 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/security_operations.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Operations Analysis 4 | 5 | 6 | 7 | CPU Utilization Over 75% 8 | 9 | sourcetype=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | dedup Computer_Name | table Computer_Name CPU_Percent | sort - CPU_Percent 10 | -24h@h 11 | now 12 | 1 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | $click.value$ 23 | 24 | 25 | 26 | 27 | 28 | Highest CPU Usage by Process 29 | 30 | sourcetype=Tanium Question="Highest-CPU-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count | rename High_Memory_Process as Highest_CPU_by_Process 31 | -24h@h 32 | now 33 | 1 34 | 35 | 36 | 37 | 38 | $click.value$ 39 | 40 | 41 | 42 | 43 | 44 | Memory util over 75 45 | 46 | sourcetype=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent | sort - Memory_Percent 47 | -24h@h 48 | now 49 | 1 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | $click.value$ 58 | 59 | 60 | 61 | 62 | 63 | Computers Flagged 64 | 65 | sourcetype=Tanium Question="Low-Disk-Space" | dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | join Computer_Name type=left [search index=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent ] | table * | join Computer_Name type=left [search index=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent] | search Disk_Free_Space_Below_Threshold="*" | search Memory_Percent="*" | table Computer_Name Memory_Percent Disk_Free_Space_Below_Threshold CPU_Percent 66 | -24h@h 67 | now 68 | 1 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 |
78 |
79 |
80 | 81 | 82 | 83 | Low Disk Space 84 | 85 | sourcetype=Tanium Question="Low-Disk-Space" | rex field=Disk_Free_Space_Below_Threshold C:-(?<Free_Space>.*)-| dedup Computer_Name | table Computer_Name Free_Space | sort Free_Space 86 | -24h@h 87 | now 88 | 1 89 | 90 | 91 | 92 | 93 | 94 | $click.value$ 95 | 96 | 97 | 98 | 99 | 100 | Computer Reboot Required 101 | 102 | sourcetype=Tanium Question="Computer-Reboot-Required" | table Computer_Name Operating_System | chart count by Operating_System 103 | -24h@h 104 | now 105 | 1 106 | 107 | 108 | 109 | 110 | $click.value$ 111 | 112 | 113 | 114 | 115 | 116 | High Uptime Over 30 Days 117 | 118 | sourcetype=Tanium Question="High-Uptime-Over-30-Days" | dedup Computer_Name | table Computer_Name Operating_System High_Uptime 119 | -24h@h 120 | now 121 | 1 122 | 123 |
124 |
125 | 126 | 127 | Highest Memory Usage by Process 128 | 129 | sourcetype=Tanium Question="Highest-Memory-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count 130 | -24h@h 131 | now 132 | 1 133 | 134 | 135 | 136 | 137 | $click.value$ 138 | 139 | 140 | 141 |
142 | 143 | 144 | 145 | CPU Utilization Over 75% 146 | 147 | sourcetype=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent | sort - CPU_Percent 148 | -24h@h 149 | now 150 | 151 | 152 | 153 | 154 | 155 | 156 |
157 |
158 | 159 | 160 | Highest CPU Usage by Process 161 | 162 | sourcetype=Tanium Question="Highest-CPU-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count | rename High_Memory_Process as Highest_CPU_by_Process 163 | -24h@h 164 | now 165 | 166 | 167 | 168 | 169 | 170 | 171 |
172 |
173 | 174 | 175 | Memory util over 75 176 | 177 | sourcetype=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Operating_System Memory_Consumption 178 | -24h@h 179 | now 180 | 181 | 182 | 183 | 184 | 185 | 186 |
187 |
188 | 189 | 190 | Computers Flagged 191 | 192 | sourcetype=Tanium Question="Low-Disk-Space" | dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | join Computer_Name type=left [search index=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent ] | table * | join Computer_Name type=left [search index=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent] | search Disk_Free_Space_Below_Threshold="*" | search Memory_Percent="*" | table Computer_Name Memory_Percent Disk_Free_Space_Below_Threshold CPU_Percent 193 | -24h@h 194 | now 195 | 196 | 197 | 198 | 199 | 200 | 201 |
202 |
203 |
204 | 205 | 206 | 207 | Low Disk Space 208 | 209 | sourcetype=Tanium Question="Low-Disk-Space" | rex field=Disk_Free_Space_Below_Threshold C:-(?<Free_Space>.*)-| dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | sort Disk_Free_Space_Below_Threshold 210 | -24h@h 211 | now 212 | 213 | 214 | 215 | 216 | 217 | 218 |
219 |
220 | 221 | 222 | Computer Reboot Required 223 | 224 | sourcetype=Tanium Question="Computer-Reboot-Required" | table Computer_Name Operating_System 225 | -24h@h 226 | now 227 | 228 | 229 | 230 | 231 | 232 | 233 |
234 |
235 | 236 | 237 | High Uptime Over 30 Days 238 | 239 | sourcetype=Tanium Question="High-Uptime-Over-30-Days" | dedup Computer_Name | table Computer_Name Operating_System High_Uptime 240 | -24h@h 241 | now 242 | 243 | 244 | 245 | 246 | 247 | 248 |
249 |
250 | 251 | 252 | Highest Memory Usage by Process 253 | 254 | sourcetype=Tanium Question="Highest-Memory-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count 255 | -24h@h 256 | now 257 | 258 | 259 | 260 | 261 | 262 | 263 |
264 |
265 |
266 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/security_vulnerabilities.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Patch and Vulnerabilities Analysis 4 | 5 | 6 | 7 | Flash Versions 8 | 9 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Flash NOT Installed_Version="0.0.0.0" | dedup Computer_Name | chart count by Installed_Version 10 | -7d@h 11 | now 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | $click.value$ 37 | 38 | 39 | 40 | 41 | 42 | Java Versions 43 | 44 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" *Java* NOT Installed_Version="0.0.0.0" | chart count by Installed_Version 45 | -7d@h 46 | now 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | $click.value$ 72 | 73 | 74 | 75 | 76 | 77 | Chrome Versions 78 | 79 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Chrome NOT Installed_Version="0.0.0.0" | chart count by Installed_Version 80 | -7d@h 81 | now 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | $click.value$ 107 | 108 | 109 | 110 | 111 | 112 | Internet Explorer Versions 113 | 114 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" NOT Internet_Explorer_Version="N*" | dedup Computer_Name | chart count by Internet_Explorer_Version 115 | -7d@h 116 | now 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | $click.value$ 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | Server Patches 150 | 151 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" Operating_System="*Server*"| dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | chart count by Severity 152 | -7d@h 153 | now 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | $click.value$ 179 | 180 | 181 | 182 | 183 | 184 | Windows Patches 185 | 186 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | chart count by Severity 187 | -7d@h 188 | now 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | $click.value$ 214 | 215 | 216 | 217 | 218 | 219 | Linux Patches 220 | 221 | index=Tanium Question Question="Get-Computer-Name-and-Linux-Patches-Available-from-all-machines" Available_Version="[no*" | eval Severity=if(like(_raw, "%security%"), 0, 1) | replace 0 with "Critical" in Severity | replace 1 with "Important" in Severity | chart count by Severity 222 | -7d@h 223 | now 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | $click.value$ 249 | 250 | 251 | 252 | 253 | 254 | Patches Required over Time 255 | 256 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | bucket span=1d _time | dedup Computer_Name, Title, _time | timechart span=1d count by Severity | fields _time Important Critical Low Moderate 257 | -7d@h 258 | now 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | $click.value$ 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | Flash Versions 292 | 293 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Flash NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version 294 | -24h@h 295 | now 296 | 297 | 298 | 299 | 300 | 301 | 302 |
303 |
304 | 305 | 306 | Java Versions 307 | 308 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Java NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version 309 | -24h@h 310 | now 311 | 312 | 313 | 314 | 315 | 316 | 317 |
318 |
319 | 320 | 321 | Chrome Versions 322 | 323 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Chrome NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version 324 | -24h@h 325 | now 326 | 327 | 328 | 329 | 330 | 331 | 332 |
333 |
334 | 335 | 336 | Internet Explorer Versions 337 | 338 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" NOT Internet_Explorer_Version="N*" | dedup Computer_Name | table Computer_Name Internet_Explorer_Version 339 | -24h@h 340 | now 341 | 342 | 343 | 344 | 345 | 346 | 347 |
348 |
349 |
350 | 351 | 352 | 353 | Server Patches 354 | 355 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" Operating_System="*Server*"| dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | table Computer_Name Title CVE_ID KB_Article Severity Bulletins Package_Size 356 | -24h@h 357 | now 358 | 359 | 360 | 361 | 362 | 363 | 364 |
365 |
366 | 367 | 368 | Windows Patches 369 | 370 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | table Computer_Name Title CVE_ID KB_Article Severity Bulletins Package_Size 371 | -24h@h 372 | now 373 | 374 | 375 | 376 | 377 | 378 | 379 |
380 |
381 | 382 | 383 | Linux Patches 384 | 385 | index=Tanium Question Question="Get-Computer-Name-and-Linux-Patches-Available-from-all-machines" NOT Available_Version="[no*" 386 | | eval Severity=if(like(_raw, "%security%"), 0, 1) | replace 0 with "Critical" in Severity | replace 1 with "Important" in Severity | table Computer_Name Available_Version Installed_Version Package Severity Category 387 | -24h@h 388 | now 389 | 390 | 391 | 392 | 393 | 394 | 395 |
396 |
397 | 398 | 399 | Patches Over Time 400 | 401 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | bucket span=1h _time | dedup Computer_Name, Title, _time | timechart span=1h count by Severity | fields _time Important Critical Low Moderate 402 | -24h@h 403 | now 404 | 405 | 406 | 407 | 408 | 409 | 410 |
411 |
412 |
413 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/server_setup.xml: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 | 6 | 7 | Result Of Setup Script 8 | 9 | | setupscript __EXECUTE__ 10 | -15m 11 | now 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | ["host","source","sourcetype"] 25 | 26 | 27 | 28 | 29 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 | 6 | Machine User Map by Computer Name 7 |
8 | 9 | 10 | TANIUM62 11 | * 12 | 13 | 14 | 15 |
16 |
17 |
18 | 19 | 20 | 21 | Browser History Top 20 sites 22 | sourcetype="tanium" "splunk-browser-history*" url| top limit=20 URL_Domain 23 | 0 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | Browser History Rare Site Visits 48 | sourcetype="tanium" "splunk-browser-history*" url| rare limit=20 URL_Domain 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | DNS Cache Resolver Misses Top 20 over Last 7 days 76 | sourcetype=tanium Splunk-DNS-Cache-Misses| top limit=20 DNS_Resolver_Misses 77 | -7d@h 78 | now 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | DNS Cache 104 | sourcetype="tanium" "splunk-dns-cache" | dedup Hostname| table Hostname,IP_Address,Count 105 | rt-1h 106 | rt 107 | 108 | 109 | 110 | 111 | 112 |
113 |
114 | 115 | 116 | ARP 117 | sourcetype="tanium" splunk-arp* | dedup IP_Address | table IP_Address,Mac_Address,Type,Count 118 | rt-1h 119 | rt 120 | 121 | 122 | 123 | 124 | 125 |
126 |
127 |
128 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium_application_visibility.xml: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 | 6 | 37 | 38 | 39 | 40 | 41 | Running Applications 42 | sourcetype="tanium" splunk-running-applications | dedup Name| table Name,Version,Process_Name,Count 43 | rt-1h 44 | rt 45 | 46 | 47 | 48 | 49 | 50 |
51 |
52 | 53 | 54 | Running Processes 55 | sourcetype="tanium" splunk-running-processes |dedup Running_Processes |table Running_Processes,Count 56 | rt-1h 57 | rt 58 | 59 | 60 | 61 | 62 | 63 |
64 |
65 |
66 | 67 | 68 | 69 | Running Services 70 | sourcetype=tanium splunk-Running-Services| dedup Running_Service | table Running_Service,Count 71 | rt-1h 72 | rt 73 | 74 | 75 | 76 | 77 | 78 |
79 |
80 | 81 | 82 | Stopped Services 83 | sourcetype=tanium splunk-stopped-services | dedup Stopped_Service | table Stopped_Service,Count 84 | rt-1h 85 | rt 86 | 87 | 88 | 89 | 90 | 91 |
92 |
93 |
94 | 95 | 96 | 97 | Installed Applications 98 | sourcetype=tanium splunk-installed-applications | dedup Name |table Name,Version,Count 99 | @d 100 | now 101 | 102 | 103 | 104 | 105 | 106 |
107 |
108 | 109 | 110 | Uninstallable Applications 111 | sourcetype=tanium splunk-uninstallable-applications | dedup Name| table Name,Version,Count 112 | @d 113 | now 114 | 115 | 116 | 117 | 118 | 119 |
120 |
121 |
122 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium_asset_management.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Asset Management 4 | 5 | 6 | 7 | Assets 8 | sourcetype=tanium splunk-Asset-MGMT-Common-data | dedup Computer_Serial_Number | table Computer_Name,Computer_Serial_Number,Operating_System,MAC_Address,IP_Address Domain_Name,Last_Logged_In_User,CPU,CPU_Manufacturer, Disk_Total_Space,System_Disk_Free_Space,Free_Memory,Total_Memory, 9 | 10 | 11 |
12 |
13 |
14 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium_machine_user_log.xml: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 | 6 | 24 | 25 | 26 | 27 | 28 | 29 | * 30 | 31 | 32 | 50 | 51 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium_patch_vulnerability.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Required Windows Patches - Critical 8 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Critical" |dedup Title|table Title,Date,Bulletins,CVE_ID,Severity,Count, Reboot_Required 9 | rt-1h 10 | rt 11 | 12 | 13 | 14 | 15 | 16 |
17 |
18 |
19 | 20 | 21 | 22 | Required Windows Patches - Important 23 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Important" | dedup Title | table Title,Date,Bulletins,CVE_ID,Severity,Count, Reboot_Required 24 | rt-1h 25 | rt 26 | 27 | 28 | 29 | 30 | 31 |
32 |
33 |
34 | 35 | 36 | 37 | Required Windows Patches - Moderate 38 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Moderate" | dedup Title| table Title,Date,Bulletins,CVE_ID,Severity,Count,Reboot_Required 39 | rt-1h 40 | rt 41 | 42 | 43 | 44 | 45 | 46 |
47 |
48 |
49 | 50 | 51 | 52 | Vulnerable Managed Applications 53 | sourcetype="tanium" "splunk-machines-running-vulnerable-applications*" | dedup Name| table Name,Publisher,Current_Version,Latest_Version,Status,Count 54 | rt-1h 55 | rt 56 | 57 | 58 | 59 | 60 | 61 |
62 |
63 |
64 | 65 | 66 | 67 | Machines Actively Running Vulnerable Java Versions 68 | sourcetype=tanium splunk-machines-actively-running-vulnerable-java-applications | dedup Application| table Application,Application-Version,Java-Product,Count 69 | rt-1h 70 | rt 71 | 72 | 73 | 74 | 75 | 76 |
77 |
78 |
79 | 80 | 81 | 82 | Installed Java Runtimes 83 | sourcetype=tanium Splunk-Installed-Java-Runtimes | dedup JRE| table JRE,Version,Count 84 | rt-1h 85 | rt 86 | 87 | 88 | 89 | 90 | 91 |
92 |
93 |
94 |
-------------------------------------------------------------------------------- /app/tanium/default/data/ui/views/tanium_unmanaged_assets.xml: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 | 5 | 6 | 24 | 25 |
-------------------------------------------------------------------------------- /app/tanium/metadata/default.meta: -------------------------------------------------------------------------------- 1 | # Version 6.3.3 2 | # 3 | # This file contains example patterns for the metadata files default.meta and 4 | # local.meta 5 | # 6 | 7 | # This example would make all of the objects in an app globally accessible to 8 | # all apps 9 | [] 10 | export=system 11 | -------------------------------------------------------------------------------- /app/tanium/metadata/local.meta: -------------------------------------------------------------------------------- 1 | [tanium/taniumserver] 2 | version = 6.4.0 3 | modtime = 1468873838.410375000 4 | 5 | [tanium/global_settings] 6 | owner = admin 7 | version = 6.4.0 8 | modtime = 1469127161.485061000 9 | 10 | [tanium_credential/taniumadmin] 11 | owner = admin 12 | version = 6.4.0 13 | modtime = 1469129834.781298000 14 | 15 | [tanium_credential/TaniumAdmin] 16 | owner = admin 17 | version = 6.4.0 18 | modtime = 1469129834.760508000 19 | -------------------------------------------------------------------------------- /app/tanium/static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIcon.png -------------------------------------------------------------------------------- /app/tanium/static/appIconAlt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIconAlt.png -------------------------------------------------------------------------------- /app/tanium/static/appIconAlt_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIconAlt_2x.png -------------------------------------------------------------------------------- /app/tanium/static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIcon_2x.png --------------------------------------------------------------------------------