Contents
-
Introducing Tachyon
-
Quick Start
-
Implementing Tachyon
-
Using Settings
-
Using Explorer
-
Introducing Explorer
-
Explorer Features
-
Explorer Home page, questions and responses
-
Instructions
-
The action approval workflow
-
Tagging client devices
-
Using Device Criticality
-
Using Location
-
Exporting data from Tachyon Explorer
-
Checking device details and connectivity
-
Tachyon Activity Record
-
Tachyon Quarantine
-
Introducing Explorer
-
Using Guaranteed State
-
Using Inventory
-
Using Experience
-
Using Patch Success
-
Troubleshooting
-
Extending Tachyon
-
Training
-
Reference
What are the capture sources?
The table below lists the capture sources supported by the Tachyon Activity Record feature, and on which OS they are supported.
Source Name | Description | Windows | macOS | Linux | Solaris |
---|---|---|---|---|---|
ARP | ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions | 3.2 | n/a | n/a | n/a |
DevicePerformance | Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance. This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
DNS | DNS resolution queries - the Inventory module captures whenever a DNS address is resolved | 2.1 | 2.1 | n/a | n/a |
OperatingSystemPerformance | Performance metrics for OS - the metrics executable runs every 4 hours by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
Process | Process execution - the Inventory module captures whenever a process starts on the device | 2.1 | 2.1 | 2.1 | 2.1 |
ProcessStabilization | The time taken for a process execution to be considered stable whenever a monitored process starts on the device | 3.2 | n/a | n/a | n/a |
ProcessUsage | A daily summary of the launches and terminations of processes. The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector). Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time. | 3.2 | n/a | n/a | n/a |
SensitiveProcess | Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
Software | Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device | 2.1 | 2.1 | 2.1 | 2.1 |
SoftwarePerformance | Performance metrics for software - Software performance polling is every 10 seconds by default This capture source is required by the 1E Experience application. | 5.0 | n/a | n/a | n/a |
TCP | Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made | 2.1 | 2.1 | 2.1 | n/a |
UserUsage | A daily summary of all the logons and logoffs of users. This capture source is required by the Tachyon Powered Inventory feature (Tachyon connector). | 3.2 | n/a | n/a | n/a |
How is the data managed?
The data is captured and stored to a local, encrypted persistent store and then periodically aggregated according to an ongoing daily, weekly, monthly window. This means that the data is held securely and the amount of data is minimized while still maintaining its usefulness.
How do I retrieve the data from the Tachyon client devices?
Tachyon provides a number of product pack instructions that will let you interrogate your Tachyon client devices for the data they hold.