|Protocol||Information Discovered||Used For|
|Sophos Central API||Endpoint security logs||Security and Compliance|
Currently, 4 events are parsed. See event types in RESOURCES > Event Types and search for "TaniumConnect-" in the main content panel Search... field. The user can extend the parser to add other events.
Follow Tanium Connect documentation to send syslog to FortiSIEM.
FortiSIEM automatically recognizes Tanium Connect syslog as long it follows the following format as shown in the sample syslog:
<134>1 2018-09-06T02:50:02.762000+00:00 tanium-server-1 Tanium 7020 - [Comply-Deployment-Status---Deployment-5@017472 Installed=true Version=3.0.45 Type=full Installed1=true Version1=8u131-e1 Comply---Has-Latest-Tools=true Count=2