Mappings: Tanium Reputation Event
| Input | Value |
|---|---|
| Vendor | tanium |
| Product | tanium |
| Log Format | JSON |
| Event ID Regex Pattern | reputation |
| Output | Value |
|---|---|
| Vendor | Tanium |
| Product | Tanium Core |
| Record Type | Endpoint |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| description | Intel Name | |
| device_hostname | Computer Name | |
| device_ip | Computer IP | |
| file_hash_md5 | Match Details.match.properties.md5 | |
| file_hash_sha1 | Match Details.match.properties.sha1 | |
| file_hash_sha256 | Match Details.match.properties.sha256 | |
| file_path | Match Details.match.properties.fullpath | |
| threat_name | Intel Labels | |
| timestamp | Timestamp | We expect the orginal record value of Timestamp is in the format yyyy-MM-dd'T'HH:mm:ss.SSSZ |