Tanium Logs
Overview
Section titled “Overview”Evidence: Tanium Logs
Description: Collect Tanium Logs
Category: Applications
Platform: windows
Short Name: tnml
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Tanium is an enterprise endpoint management and security platform that provides real-time visibility and control. The monitor.db database contains endpoint monitoring data, system state information, and client activity logs.
Data Collected
Section titled “Data Collected”This collector gathers structured data about tanium logs.
Collection Method
Section titled “Collection Method”This collector gathers the Tanium Client monitor database from Program Files, which contains comprehensive endpoint monitoring and management data.
Forensic Value
Section titled “Forensic Value”Tanium’s monitor database provides critical endpoint visibility including system inventory, deployed software, running processes, and security posture. It’s valuable for investigating endpoint activities and understanding enterprise security state.