Reference: Supported file types for rule evaluation

For rules to evaluate on a file, the file must match the following criteria:

  • The file must be hashed by Tanium Index using hash type MIME.
  • The file must be in a format that Tanium Reveal can read.
  • Binary files must be less than 32 MB. To increase the default size limit, create and deploy a custom profile to update the Maximum Size Non-Streamable File Formats setting. Note that text files do not have a size limit. For more information, see Creating profiles.
  • The file must not be filtered by the Reveal Parse Exclusions by Regular Expression or Reveal Parse Exclusions by File Path settings, which you can configure using a profile. For more information, see Creating profiles.

When you create or edit a rule, you can add a filter to target file types in one or more categories. The following options are available:

Category Format File types
Configuration Text

CFG, CONF, INI, YAML

Microsoft Excel Binary ODS, XLAM, XLSM, XLSX, XLTM, XLTX
Microsoft PowerPoint Binary

ODP, POTM, POTX, PPAMPPA, PPSM, PPSX, PPTM, PPTX

Microsoft Word Binary DOCM, DOCX, DOTM, DOTX, ODT
PDF Binary FDF, PDF
Structured text Text

CSV, TSV, JSON, XML, DB (SQLite Databases)

Text Text TXT
Zip1 Binary

EAR, JAR, WAR, ZIP

Everything Else Binary / Text Any files with a MIME type that are not already contained in another category.

1 If a rule only targets files in the Zip category, the rule matches all supported file types inside the supported archived files. If a rule does not target files in the Zip category, all files in archives are ignored.

Reveal can read files in any of the supported file types, regardless of the file extension. If you do not specify a file type filter for a rule, the rule attempts to read all files that are hashed by Tanium Client Index Extension. When you assign a file type to a rule, the rule only attempts to read files with the listed file extensions.

Supported MIME types

Reveal supports the following MIME types:

zip:

  • application/zip

  • application/vnd.openxmlformats-officedocument

  • application/vnd.oasis.opendocument

  • application/java-archive

xml:

  • text/xml

  • text/html

  • application/vnd.oasis.opendocument

text:

  • text*

sqlite:

  • application/x-sqlite3

pdf:

  • application/pdf

  • application/x-pdf

csv:

  • text/plain (also must match a file extension for “tabular” in definitions.json)