Here’s the Splunk search for Tanium clients reporting to the Tanium server.
"data.jsonPayload.rule_details.direction"=EGRESS "data.jsonPayload.connection.src_ip"="10.0.0.1" "data.jsonPayload.connection.dest_port"=17472 |
Splunk Search for Tanium Clients
