Reveal overview

With Reveal, you can detect sensitive unstructured data at rest on endpoints across an entire IT environment. Use Reveal to continuously monitor for artifacts that match patterns. When sensitive content that matches a pattern is discovered, you can label the files where the content exists and further analyze or take action on them to address regulatory compliance, information security, or data privacy issues.

Rule sets

Rule sets group related rules that are collectively used for a specific purpose, such as evaluating compliance with a particular standard, and target rules to specific groups of endpoints.

Create and apply rule sets to provide the most relevant Reveal capabilities to specific groups of endpoints. For example, you can create rule sets that apply rules that discover sensitive data specific to financial information or health records.

Reveal features the following rule sets:


PCI standards help companies that accept, process, store, and transmit credit card information to maintain a secure environment.


HIPAA standards help protect sensitive patient health data.


GDPR standards help protect personal data and ensure European Union compliance.


CCPA standards help protect personal data and ensure State of California compliance.


With rules, you can specify patterns to match in specific types of files and perform an action on either the file or the endpoint when Reveal discovers a match. For example, you could add a 'confidential' label to all of the text documents where a social security number pattern matches.

You can create multiple rules to evaluate content on the same files on each endpoint. For example, you can create a rule that detects credit card numbers, a rule that detects social security numbers, and a rule that detects email addresses, and evaluate each rule on specific types of files. The results of each rule indicate which files contain matches for which pattern. Results are categorized by each rule so that you can quickly locate pattern matches.


In Reveal, a pattern is an expression that matches entities that can otherwise be hidden in the context of other information.

For example, a pattern could match an entity such as a credit card number or email address. Such a pattern could be assigned to a rule to match entities in unstructured data such as a word processing document, text file, PDF document, or spreadsheet. Reveal provides patterns for several types of sensitive information, such as credit card numbers, social security numbers, and email addresses. For information regarding extending the list, see Creating patterns.

Interoperability with other Tanium products

Reveal works with Tanium™ Trends for additional reporting of related data.


Reveal features Trends boards that provide data visualization of Reveal concepts.

The Reveal board features visualizations that show the status of Reveal components on endpoints in an environment and provides visibility into any areas of Reveal that require remediation. Additionally, the Reveal status board shows real time and historical statistics concerning rule matches on endpoints. The following panels are in the Reveal board:

  • Reveal Coverage
  • Endpoints with Unconfirmed Sensitive Data
  • Endpoints with Confirmed Sensitive Data
  • Unverified Matches
  • Label Results
  • Endpoint Status
  • Scan Failure
  • Data Size
  • Undersized Reveal Databases
  • Reveal Tools Installations
  • Tools Version
  • Applied Rule Sets

For more information about how to import the Trends boards that are provided by Reveal, see Tanium Trends User Guide: Importing the initial gallery.