├── .gitignore
├── LICENSE
├── README.md
└── app
└── tanium
├── default
├── addon_builder.conf
├── app.conf
├── commands.conf
└── data
│ └── ui
│ ├── nav
│ └── default.xml
│ └── views
│ ├── data_leakage.xml
│ ├── security_data_leakage.xml
│ ├── security_operations.xml
│ ├── security_vulnerabilities.xml
│ ├── server_setup.xml
│ ├── tanium.xml
│ ├── tanium_application_visibility.xml
│ ├── tanium_asset_management.xml
│ ├── tanium_machine_user_log.xml
│ ├── tanium_patch_vulnerability.xml
│ └── tanium_unmanaged_assets.xml
├── metadata
├── default.meta
└── local.meta
└── static
├── appIcon.png
├── appIconAlt.png
├── appIconAlt_2x.png
└── appIcon_2x.png
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled source #
2 | ###################
3 | *.com
4 | *.class
5 | *.dll
6 | *.exe
7 | *.o
8 | *.so
9 | *.pyc
10 | # Packages #
11 | ############
12 | # it's better to unpack these files and commit the raw source
13 | # git has its own built in compression methods
14 | *.7z
15 | *.dmg
16 | *.gz
17 | *.iso
18 | *.jar
19 | *.rar
20 | *.tar
21 | *.zip
22 | # Logs and databases #
23 | ######################
24 | *.log
25 | *.sql
26 | *.sqlite
27 | # OS generated files #
28 | ######################
29 | .DS_Store
30 | .DS_Store?
31 | ._*
32 | .Spotlight-V100
33 | .Trashes
34 | ehthumbs.db
35 | Thumbs.db
36 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2015 Tanium
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
23 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Splunk For Tanium
2 | Use this repo is use at your own risk. There is no support. Please Talk to your local TAM before using this code.
3 |
--------------------------------------------------------------------------------
/app/tanium/default/addon_builder.conf:
--------------------------------------------------------------------------------
1 | # this file is generated by add-on builder automatically
2 | # please do not edit it
3 | [base]
4 | builder_version = 1.1.0
5 | builder_build = 1
--------------------------------------------------------------------------------
/app/tanium/default/app.conf:
--------------------------------------------------------------------------------
1 | # Version 6.3.0
2 | #
3 | # Tanium app configuration file
4 | #
5 |
6 | [install]
7 | state = enabled
8 | build = 1
9 | version = 1.0.0
10 |
11 | [ui]
12 | is_visible = true
13 | label = Tanium
14 |
15 | [launcher]
16 | author=Tanium
17 | description=The Search app is Tanium's default interface for searching and analyzing IT data. It allows you to index data into Splunk, add knowledge, build reports, and create alerts. The Search app can be used across many areas of IT including application management, operations management, security, and compliance.
18 | version=6.3.0
19 |
20 | [package]
21 | id = tanium
22 |
23 |
24 |
--------------------------------------------------------------------------------
/app/tanium/default/commands.conf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/default/commands.conf
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/nav/default.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 |
15 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/data_leakage.xml:
--------------------------------------------------------------------------------
1 |
2 | Tanium Connections and Ports
3 |
4 |
5 |
6 | Non Approved Established Connections by Computer
7 | sourcetype=tanium splunk-non-approved-Established-connections-by-computer | table Computer_Name,Process, Name, Target_IP
8 | rt-1h
9 | rt
10 | true
11 | false
12 | none
13 | cell
14 | 10
15 |
16 |
17 |
18 |
19 | Non Approved Established Connections
20 | sourcetype=tanium splunk-non-approved-established-connections | table Process, Name, Target_IP, Count
21 | rt-1h
22 | rt
23 | true
24 | false
25 | none
26 | cell
27 | 10
28 |
29 |
30 |
31 |
32 |
33 |
34 | Recently Closed Connections
35 | sourcetype=tanium splunk-Recently-Closed-Connections| table Name,Target_IP,Count
36 | rt-1h
37 | rt
38 | true
39 | false
40 | none
41 | cell
42 | 10
43 |
44 |
45 |
46 |
47 |
48 |
49 | Listen Ports with MD5 Hash
50 | sourcetype=tanium splunk-Listening-Ports-with-MD5-Hash | table Process, MD5_Hash, Name, IP_Address, Port, Count
51 | rt-1h
52 | rt
53 | true
54 | false
55 | none
56 | cell
57 | 10
58 |
59 |
60 |
61 |
62 |
63 |
64 | Open Ports
65 | sourcetype=tanium splunk-Open-Ports | table Open_Port,Count
66 | rt-1h
67 | rt
68 | true
69 | false
70 | none
71 | cell
72 | 10
73 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/security_data_leakage.xml:
--------------------------------------------------------------------------------
1 |
2 | Tanium Connections and Ports
3 |
4 |
5 |
6 | Non Approved Established Connections by Computer
7 | sourcetype=tanium splunk-non-approved-Established-connections-by-computer | table Computer_Name,Process, Name, Target_IP
8 | rt-1h
9 | rt
10 | true
11 | false
12 | none
13 | cell
14 | 10
15 |
16 |
17 |
18 |
19 | Non Approved Established Connections
20 | sourcetype=tanium splunk-non-approved-established-connections | table Process, Name, Target_IP, Count
21 | rt-1h
22 | rt
23 | true
24 | false
25 | none
26 | cell
27 | 10
28 |
29 |
30 |
31 |
32 |
33 |
34 | Recently Closed Connections
35 | sourcetype=tanium splunk-Recently-Closed-Connections| table Name,Target_IP,Count
36 | rt-1h
37 | rt
38 | true
39 | false
40 | none
41 | cell
42 | 10
43 |
44 |
45 |
46 |
47 |
48 |
49 | Listen Ports with MD5 Hash
50 | sourcetype=tanium splunk-Listening-Ports-with-MD5-Hash | table Process, MD5_Hash, Name, IP_Address, Port, Count
51 | rt-1h
52 | rt
53 | true
54 | false
55 | none
56 | cell
57 | 10
58 |
59 |
60 |
61 |
62 |
63 |
64 | Open Ports
65 | sourcetype=tanium splunk-Open-Ports | table Open_Port,Count
66 | rt-1h
67 | rt
68 | true
69 | false
70 | none
71 | cell
72 | 10
73 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/security_operations.xml:
--------------------------------------------------------------------------------
1 |
2 | Operations
3 | Operations Analysis
4 |
5 |
6 |
7 | CPU Utilization Over 75%
8 |
9 | sourcetype=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | dedup Computer_Name | table Computer_Name CPU_Percent | sort - CPU_Percent
10 | -24h@h
11 | now
12 | 1
13 |
14 | 45
15 | 100
16 | 75
17 | column
18 | column
19 | stacked
20 | [0x71bcd4,0x44a7c6,0x3591ae]
21 |
22 | $click.value$
23 |
24 |
25 |
26 |
27 |
28 | Highest CPU Usage by Process
29 |
30 | sourcetype=Tanium Question="Highest-CPU-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count | rename High_Memory_Process as Highest_CPU_by_Process
31 | -24h@h
32 | now
33 | 1
34 |
35 | pie
36 | [0x003100,0x007f00,0x009300,0x00ba00,0x00ce00]
37 |
38 | $click.value$
39 |
40 |
41 |
42 |
43 |
44 | Memory util over 75
45 |
46 | sourcetype=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent | sort - Memory_Percent
47 | -24h@h
48 | now
49 | 1
50 |
51 | 45
52 | 100
53 | 75
54 | column
55 | [0xe8f4f8,0x80c3d9,0x71bcd4,0x44a7c6,0x3591ae,0x235f72,0x1e5263]
56 |
57 | $click.value$
58 |
59 |
60 |
61 |
62 |
63 | Computers Flagged
64 |
65 | sourcetype=Tanium Question="Low-Disk-Space" | dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | join Computer_Name type=left [search index=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent ] | table * | join Computer_Name type=left [search index=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent] | search Disk_Free_Space_Below_Threshold="*" | search Memory_Percent="*" | table Computer_Name Memory_Percent Disk_Free_Space_Below_Threshold CPU_Percent
66 | -24h@h
67 | now
68 | 1
69 |
70 | 100
71 | none
72 | cell
73 | false
74 | false
75 | false
76 | true
77 |
78 |
79 |
80 |
81 |
82 |
83 | Low Disk Space
84 |
85 | sourcetype=Tanium Question="Low-Disk-Space" | rex field=Disk_Free_Space_Below_Threshold C:-(?<Free_Space>.*)-| dedup Computer_Name | table Computer_Name Free_Space | sort Free_Space
86 | -24h@h
87 | now
88 | 1
89 |
90 | 45
91 | column
92 | [0x410941,0x630e63,0x971597,0xa817a8,0xcb1ccb,0xeb71eb,0xf2a5f2]
93 |
94 | $click.value$
95 |
96 |
97 |
98 |
99 |
100 | Computer Reboot Required
101 |
102 | sourcetype=Tanium Question="Computer-Reboot-Required" | table Computer_Name Operating_System | chart count by Operating_System
103 | -24h@h
104 | now
105 | 1
106 |
107 | pie
108 | [0xe8f4f8,0x80c3d9,0x71bcd4,0x44a7c6,0x3591ae,0x235f72,0x1e5263]
109 |
110 | $click.value$
111 |
112 |
113 |
114 |
115 |
116 | High Uptime Over 30 Days
117 |
118 | sourcetype=Tanium Question="High-Uptime-Over-30-Days" | dedup Computer_Name | table Computer_Name Operating_System High_Uptime
119 | -24h@h
120 | now
121 | 1
122 |
123 |
124 |
125 |
126 |
127 | Highest Memory Usage by Process
128 |
129 | sourcetype=Tanium Question="Highest-Memory-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count
130 | -24h@h
131 | now
132 | 1
133 |
134 | pie
135 | [0x003100,0x007f00,0x009300,0x00ba00,0x00ce00]
136 |
137 | $click.value$
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 | CPU Utilization Over 75%
146 |
147 | sourcetype=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent | sort - CPU_Percent
148 | -24h@h
149 | now
150 |
151 | 10
152 | none
153 | cell
154 | false
155 | true
156 |
157 |
158 |
159 |
160 | Highest CPU Usage by Process
161 |
162 | sourcetype=Tanium Question="Highest-CPU-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count | rename High_Memory_Process as Highest_CPU_by_Process
163 | -24h@h
164 | now
165 |
166 | 10
167 | none
168 | cell
169 | false
170 | true
171 |
172 |
173 |
174 |
175 | Memory util over 75
176 |
177 | sourcetype=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Operating_System Memory_Consumption
178 | -24h@h
179 | now
180 |
181 | 10
182 | none
183 | cell
184 | false
185 | true
186 |
187 |
188 |
189 |
190 | Computers Flagged
191 |
192 | sourcetype=Tanium Question="Low-Disk-Space" | dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | join Computer_Name type=left [search index=Tanium Question="CPU-Utilization-Over-75%" CPU_Consumption="*" | eval length=len(CPU_Consumption)| search length < 6 | rex field=CPU_Consumption (?<CPU_Percent>.*)- | table Computer_Name CPU_Percent ] | table * | join Computer_Name type=left [search index=Tanium Memory Question="Memory-Utilization-Over-75%" | dedup Computer_Name | rex field=Memory_Consumption (?<Memory_Percent>.*)- | table Computer_Name Memory_Percent] | search Disk_Free_Space_Below_Threshold="*" | search Memory_Percent="*" | table Computer_Name Memory_Percent Disk_Free_Space_Below_Threshold CPU_Percent
193 | -24h@h
194 | now
195 |
196 | 10
197 | none
198 | cell
199 | false
200 | true
201 |
202 |
203 |
204 |
205 |
206 |
207 | Low Disk Space
208 |
209 | sourcetype=Tanium Question="Low-Disk-Space" | rex field=Disk_Free_Space_Below_Threshold C:-(?<Free_Space>.*)-| dedup Computer_Name | table Computer_Name Operating_System Disk_Free_Space_Below_Threshold | sort Disk_Free_Space_Below_Threshold
210 | -24h@h
211 | now
212 |
213 | 10
214 | none
215 | cell
216 | false
217 | true
218 |
219 |
220 |
221 |
222 | Computer Reboot Required
223 |
224 | sourcetype=Tanium Question="Computer-Reboot-Required" | table Computer_Name Operating_System
225 | -24h@h
226 | now
227 |
228 | 10
229 | none
230 | cell
231 | false
232 | true
233 |
234 |
235 |
236 |
237 | High Uptime Over 30 Days
238 |
239 | sourcetype=Tanium Question="High-Uptime-Over-30-Days" | dedup Computer_Name | table Computer_Name Operating_System High_Uptime
240 | -24h@h
241 | now
242 |
243 | 10
244 | none
245 | cell
246 | false
247 | true
248 |
249 |
250 |
251 |
252 | Highest Memory Usage by Process
253 |
254 | sourcetype=Tanium Question="Highest-Memory-Usage-by-Process" High_Memory_Process="*" NOT High_Memory_Process="TaniumClient" | dedup High_Memory_Process | table High_Memory_Process Count | sort - Count
255 | -24h@h
256 | now
257 |
258 | 10
259 | none
260 | cell
261 | false
262 | true
263 |
264 |
265 |
266 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/security_vulnerabilities.xml:
--------------------------------------------------------------------------------
1 |
2 | Vulnerabilities
3 | Patch and Vulnerabilities Analysis
4 |
5 |
6 |
7 | Flash Versions
8 |
9 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Flash NOT Installed_Version="0.0.0.0" | dedup Computer_Name | chart count by Installed_Version
10 | -7d@h
11 | now
12 |
13 | ellipsisNone
14 | 0
15 | visible
16 | visible
17 | visible
18 | linear
19 | linear
20 | 0
21 | inherit
22 | pie
23 | 50
24 | 10
25 | area
26 | gaps
27 | 0.01
28 | default
29 | shiny
30 | all
31 | 0
32 | ellipsisMiddle
33 | right
34 | [0xe8f4f8,0x80c3d9,0x71bcd4,0x44a7c6,0x3591ae,0x235f72,0x1e5263]
35 |
36 | $click.value$
37 |
38 |
39 |
40 |
41 |
42 | Java Versions
43 |
44 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" *Java* NOT Installed_Version="0.0.0.0" | chart count by Installed_Version
45 | -7d@h
46 | now
47 |
48 | ellipsisNone
49 | 0
50 | visible
51 | visible
52 | visible
53 | linear
54 | linear
55 | 0
56 | inherit
57 | pie
58 | 50
59 | 10
60 | area
61 | gaps
62 | 0.01
63 | default
64 | shiny
65 | all
66 | 0
67 | ellipsisMiddle
68 | right
69 | [0x003100,0x007f00,0x009300,0x00ba00,0x00ce00]
70 |
71 | $click.value$
72 |
73 |
74 |
75 |
76 |
77 | Chrome Versions
78 |
79 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Chrome NOT Installed_Version="0.0.0.0" | chart count by Installed_Version
80 | -7d@h
81 | now
82 |
83 | ellipsisNone
84 | 0
85 | visible
86 | visible
87 | visible
88 | linear
89 | linear
90 | 0
91 | inherit
92 | pie
93 | 50
94 | 10
95 | area
96 | gaps
97 | 0.01
98 | default
99 | shiny
100 | all
101 | 0
102 | ellipsisMiddle
103 | right
104 | [0xe8f4f8,0x80c3d9,0x71bcd4,0x44a7c6,0x3591ae,0x235f72,0x1e5263]
105 |
106 | $click.value$
107 |
108 |
109 |
110 |
111 |
112 | Internet Explorer Versions
113 |
114 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" NOT Internet_Explorer_Version="N*" | dedup Computer_Name | chart count by Internet_Explorer_Version
115 | -7d@h
116 | now
117 |
118 | ellipsisNone
119 | 0
120 | visible
121 | visible
122 | visible
123 | linear
124 | linear
125 | 0
126 | inherit
127 | pie
128 | 50
129 | 10
130 | area
131 | gaps
132 | 0.01
133 | default
134 | shiny
135 | all
136 | 0
137 | ellipsisMiddle
138 | right
139 | [0x410941,0x630e63,0x971597,0xa817a8,0xcb1ccb,0xeb71eb,0xf2a5f2]
140 |
141 | $click.value$
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 | Server Patches
150 |
151 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" Operating_System="*Server*"| dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | chart count by Severity
152 | -7d@h
153 | now
154 |
155 | ellipsisNone
156 | 0
157 | visible
158 | visible
159 | visible
160 | linear
161 | linear
162 | 0
163 | inherit
164 | pie
165 | 50
166 | 10
167 | area
168 | gaps
169 | 0.01
170 | default
171 | shiny
172 | all
173 | {"Moderate":0xffc04c, "Critical": 0xFF0000, "Informational":0xC0C0C0, "Medium":FFFF00, "Low":0xFFFF00, "Important":0xf58f39}
174 | 0
175 | ellipsisMiddle
176 | right
177 |
178 | $click.value$
179 |
180 |
181 |
182 |
183 |
184 | Windows Patches
185 |
186 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | chart count by Severity
187 | -7d@h
188 | now
189 |
190 | ellipsisNone
191 | 0
192 | visible
193 | visible
194 | visible
195 | linear
196 | linear
197 | 0
198 | inherit
199 | pie
200 | 50
201 | 10
202 | area
203 | gaps
204 | 0.01
205 | default
206 | shiny
207 | all
208 | {"Moderate":0xffc04c, "Critical": 0xFF0000, "Informational":0xC0C0C0, "Medium":FFFF00, "Low":0xFFFF00, "Important":0xf58f39}
209 | 0
210 | ellipsisMiddle
211 | right
212 |
213 | $click.value$
214 |
215 |
216 |
217 |
218 |
219 | Linux Patches
220 |
221 | index=Tanium Question Question="Get-Computer-Name-and-Linux-Patches-Available-from-all-machines" Available_Version="[no*" | eval Severity=if(like(_raw, "%security%"), 0, 1) | replace 0 with "Critical" in Severity | replace 1 with "Important" in Severity | chart count by Severity
222 | -7d@h
223 | now
224 |
225 | ellipsisNone
226 | 0
227 | visible
228 | visible
229 | visible
230 | linear
231 | linear
232 | 0
233 | inherit
234 | pie
235 | 50
236 | 10
237 | area
238 | gaps
239 | 0.01
240 | default
241 | shiny
242 | all
243 | {"Moderate":0xffc04c, "Critical": 0xFF0000, "Informational":0xC0C0C0, "Medium":FFFF00, "Low":0xFFFF00, "Important":0xf58f39}
244 | 0
245 | ellipsisMiddle
246 | right
247 |
248 | $click.value$
249 |
250 |
251 |
252 |
253 |
254 | Patches Required over Time
255 |
256 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | bucket span=1d _time | dedup Computer_Name, Title, _time | timechart span=1d count by Severity | fields _time Important Critical Low Moderate
257 | -7d@h
258 | now
259 |
260 | ellipsisNone
261 | 0
262 | visible
263 | visible
264 | visible
265 | linear
266 | linear
267 | false
268 | inherit
269 | area
270 | 50
271 | 10
272 | area
273 | gaps
274 | 0.01
275 | default
276 | shiny
277 | all
278 | 0
279 | ellipsisMiddle
280 | right
281 | {"Moderate":0xffc04c, "Critical": 0xFF0000, "Informational":0xC0C0C0, "Medium":FFFF00, "Low":0xFFFF00, "Important":0xf58f39}
282 |
283 | $click.value$
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 | Flash Versions
292 |
293 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Flash NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version
294 | -24h@h
295 | now
296 |
297 | 10
298 | none
299 | cell
300 | false
301 | true
302 |
303 |
304 |
305 |
306 | Java Versions
307 |
308 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Java NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version
309 | -24h@h
310 | now
311 |
312 | 10
313 | none
314 | cell
315 | false
316 | true
317 |
318 |
319 |
320 |
321 | Chrome Versions
322 |
323 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" Chrome NOT Installed_Version="0.0.0.0" | dedup Computer_Name | table _time Computer_Name Installed_Version Latest_Version
324 | -24h@h
325 | now
326 |
327 | 10
328 | none
329 | cell
330 | false
331 | true
332 |
333 |
334 |
335 |
336 | Internet Explorer Versions
337 |
338 | index=Tanium Question=* Question="Get-Computer-Name-and-Managed-Applications-Audit-from-all-machines" NOT Internet_Explorer_Version="N*" | dedup Computer_Name | table Computer_Name Internet_Explorer_Version
339 | -24h@h
340 | now
341 |
342 | 10
343 | none
344 | cell
345 | false
346 | true
347 |
348 |
349 |
350 |
351 |
352 |
353 | Server Patches
354 |
355 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" Operating_System="*Server*"| dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | table Computer_Name Title CVE_ID KB_Article Severity Bulletins Package_Size
356 | -24h@h
357 | now
358 |
359 | 10
360 | none
361 | cell
362 | false
363 | true
364 |
365 |
366 |
367 |
368 | Windows Patches
369 |
370 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | dedup Computer_Name, KB_Article, CVE_ID, Title | replace "None" with "Low" in Severity | table Computer_Name Title CVE_ID KB_Article Severity Bulletins Package_Size
371 | -24h@h
372 | now
373 |
374 | 10
375 | none
376 | cell
377 | false
378 | true
379 |
380 |
381 |
382 |
383 | Linux Patches
384 |
385 | index=Tanium Question Question="Get-Computer-Name-and-Linux-Patches-Available-from-all-machines" NOT Available_Version="[no*"
386 | | eval Severity=if(like(_raw, "%security%"), 0, 1) | replace 0 with "Critical" in Severity | replace 1 with "Important" in Severity | table Computer_Name Available_Version Installed_Version Package Severity Category
387 | -24h@h
388 | now
389 |
390 | 10
391 | none
392 | cell
393 | false
394 | true
395 |
396 |
397 |
398 |
399 | Patches Over Time
400 |
401 | index=Tanium Question="get-computer-name-and-operating-system-and-available-patches-from-all-machines" NOT CVE_ID="[no-results]" | bucket span=1h _time | dedup Computer_Name, Title, _time | timechart span=1h count by Severity | fields _time Important Critical Low Moderate
402 | -24h@h
403 | now
404 |
405 | 10
406 | none
407 | cell
408 | false
409 | true
410 |
411 |
412 |
413 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/server_setup.xml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium.xml:
--------------------------------------------------------------------------------
1 |
2 | Tanium Web & Network
3 |
19 |
20 |
21 | Browser History Top 20 sites
22 | sourcetype="tanium" "splunk-browser-history*" url| top limit=20 URL_Domain
23 | 0
24 | ellipsisNone
26 | 0
27 | visible
28 | visible
29 | visible
30 | linear
31 | linear
32 | false
33 | inherit
34 | pie
35 | gaps
36 | 0.01
37 | default
38 | shiny
39 | all
40 | 0
41 | ellipsisMiddle
42 | right
43 |
44 |
45 |
46 |
47 | Browser History Rare Site Visits
48 | sourcetype="tanium" "splunk-browser-history*" url| rare limit=20 URL_Domain
49 | ellipsisNone
52 | 0
53 | visible
54 | visible
55 | visible
56 | linear
57 | linear
58 | 0
59 | inherit
60 | pie
61 | gaps
62 | 0.01
63 | default
64 | shiny
65 | all
66 | 0
67 | ellipsisMiddle
68 | right
69 |
70 |
71 |
72 |
73 |
74 |
75 | DNS Cache Resolver Misses Top 20 over Last 7 days
76 | sourcetype=tanium Splunk-DNS-Cache-Misses| top limit=20 DNS_Resolver_Misses
77 | -7d@h
78 | now
79 | ellipsisNone
80 | 0
81 | visible
82 | visible
83 | visible
84 | linear
85 | linear
86 | 0
87 | inherit
88 | bar
89 | gaps
90 | 0.01
91 | default
92 | shiny
93 | all
94 | 0
95 | ellipsisMiddle
96 | right
97 |
98 |
99 |
100 |
101 |
102 |
103 | DNS Cache
104 | sourcetype="tanium" "splunk-dns-cache" | dedup Hostname| table Hostname,IP_Address,Count
105 | rt-1h
106 | rt
107 | true
108 | false
109 | none
110 | cell
111 | 10
112 |
113 |
114 |
115 |
116 | ARP
117 | sourcetype="tanium" splunk-arp* | dedup IP_Address | table IP_Address,Mac_Address,Type,Count
118 | rt-1h
119 | rt
120 | true
121 | false
122 | none
123 | cell
124 | 10
125 |
126 |
127 |
128 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium_application_visibility.xml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium_asset_management.xml:
--------------------------------------------------------------------------------
1 |
2 | Tanium Asset Management
3 | Asset Management
4 |
5 |
6 |
7 | Assets
8 | sourcetype=tanium splunk-Asset-MGMT-Common-data | dedup Computer_Serial_Number | table Computer_Name,Computer_Serial_Number,Operating_System,MAC_Address,IP_Address Domain_Name,Last_Logged_In_User,CPU,CPU_Manufacturer, Disk_Total_Space,System_Disk_Free_Space,Free_Memory,Total_Memory,
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium_machine_user_log.xml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium_patch_vulnerability.xml:
--------------------------------------------------------------------------------
1 |
2 | Tanium OS & Software Vulnerability
3 |
5 |
6 |
7 | Required Windows Patches - Critical
8 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Critical" |dedup Title|table Title,Date,Bulletins,CVE_ID,Severity,Count, Reboot_Required
9 | rt-1h
10 | rt
11 | true
12 | false
13 | none
14 | cell
15 | 10
16 |
17 |
18 |
19 |
20 |
21 |
22 | Required Windows Patches - Important
23 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Important" | dedup Title | table Title,Date,Bulletins,CVE_ID,Severity,Count, Reboot_Required
24 | rt-1h
25 | rt
26 | true
27 | false
28 | none
29 | cell
30 | 10
31 |
32 |
33 |
34 |
35 |
36 |
37 | Required Windows Patches - Moderate
38 | sourcetype="tanium" "Splunk-Required-Windows-Patches" "Severity=Moderate" | dedup Title| table Title,Date,Bulletins,CVE_ID,Severity,Count,Reboot_Required
39 | rt-1h
40 | rt
41 | true
42 | false
43 | none
44 | cell
45 | 10
46 |
47 |
48 |
49 |
50 |
51 |
52 | Vulnerable Managed Applications
53 | sourcetype="tanium" "splunk-machines-running-vulnerable-applications*" | dedup Name| table Name,Publisher,Current_Version,Latest_Version,Status,Count
54 | rt-1h
55 | rt
56 | true
57 | false
58 | none
59 | cell
60 | 10
61 |
62 |
63 |
64 |
65 |
66 |
67 | Machines Actively Running Vulnerable Java Versions
68 | sourcetype=tanium splunk-machines-actively-running-vulnerable-java-applications | dedup Application| table Application,Application-Version,Java-Product,Count
69 | rt-1h
70 | rt
71 | true
72 | false
73 | none
74 | cell
75 | 10
76 |
77 |
78 |
79 |
80 |
81 |
82 | Installed Java Runtimes
83 | sourcetype=tanium Splunk-Installed-Java-Runtimes | dedup JRE| table JRE,Version,Count
84 | rt-1h
85 | rt
86 | true
87 | false
88 | none
89 | cell
90 | 10
91 |
92 |
93 |
94 |
--------------------------------------------------------------------------------
/app/tanium/default/data/ui/views/tanium_unmanaged_assets.xml:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/app/tanium/metadata/default.meta:
--------------------------------------------------------------------------------
1 | # Version 6.3.3
2 | #
3 | # This file contains example patterns for the metadata files default.meta and
4 | # local.meta
5 | #
6 |
7 | # This example would make all of the objects in an app globally accessible to
8 | # all apps
9 | []
10 | export=system
11 |
--------------------------------------------------------------------------------
/app/tanium/metadata/local.meta:
--------------------------------------------------------------------------------
1 | [tanium/taniumserver]
2 | version = 6.4.0
3 | modtime = 1468873838.410375000
4 |
5 | [tanium/global_settings]
6 | owner = admin
7 | version = 6.4.0
8 | modtime = 1469127161.485061000
9 |
10 | [tanium_credential/taniumadmin]
11 | owner = admin
12 | version = 6.4.0
13 | modtime = 1469129834.781298000
14 |
15 | [tanium_credential/TaniumAdmin]
16 | owner = admin
17 | version = 6.4.0
18 | modtime = 1469129834.760508000
19 |
--------------------------------------------------------------------------------
/app/tanium/static/appIcon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIcon.png
--------------------------------------------------------------------------------
/app/tanium/static/appIconAlt.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIconAlt.png
--------------------------------------------------------------------------------
/app/tanium/static/appIconAlt_2x.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIconAlt_2x.png
--------------------------------------------------------------------------------
/app/tanium/static/appIcon_2x.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tanium/SplunkforTanium/1f98ab16acc569800557d4075a7d02f068203feb/app/tanium/static/appIcon_2x.png
--------------------------------------------------------------------------------