Tanium: Build Get File Details Request activity

To aid in an investigation, this activity can be used to build a request to query Tanium for files that satisfy defined input criteria. The criteria are all evaluated together, so only files satisfying all the criteria are returned.

This activity relies on information in the Tanium integration configuration to determine the maximum number of files returned per machine.

Input variables

Input variables determine the initial behavior of the activity.

Table 1. Input variables
Variable Description
md5hash [string] A string containing the (possibly partial) md5 hash of files to be located. The (*) glob wildcard character is allowed. For example, an input of 4dc0* locates all files with a hash starting with 4cd0.
filename [string] A string containing the name (possibly including a wildcard) of files to be located. For example, a filename entry of *tanium* returns all files containing the word tanium anywhere in the file name.
sensor_source_id [string] The sensor source ID associated with the index file detail sensor. It is used to perform a parametrized query. This input field is mandatory.
Note: If an input variable is not specified, that criteria is not used.

Output variables

The output variables contain data that can be used in subsequent activities.

Table 2. Output variables
Variable Description
endpoint [string] The encrypted endpoint from the database.
request_body [Encrypted] The SOAP request body.
http_timeout [Integer] The HTTP timeout value, in seconds.
use_mid [Boolean] A boolean flag indicating whether to use the MID Server.