Contents

Tachyon Activity Record

Summary

A description of the benefits of Tachyon Activity Record feature and how the data can be retrieved.

 Also known as Tachyon Inventory, it was previously known as Historical Data Capture.

What is Tachyon Activity Record?

Tachyon clients capture certain types of event data in a local database (Persistent Storage) so that Tachyon instructions can query later. Data is compressed and encrypted in a way that ensures a very low impact on device performance and security.

Tachyon Activity Record is similar to Windows Task Manager and Perfmon. On Windows client devices Tachyon continuously captures events, which enables all significant events to be captured as they happen. Other OS use polling, which requires the polling frequency to be regular enough to ensure brief events to be captured.

The type of data captured and is described below and the configuration options for each capture source are described in Tachyon client settings: Inventory module settings. There are product pack instructions for getting and setting these configuration options.


On this page:

What are the capture sources?

The table below lists the capture sources supported by the Tachyon Activity Record feature, and on which OS they are supported.

Source NameDescriptionWindowsmacOSLinuxSolaris
ARP
ARP cache entries - the Inventory module captures the results of cached IP address to physical address resolutions3.2n/an/an/a
DevicePerformance

Device performance metrics for device performance by interrogating Windows Performance Counters. These metrics cover disk, memory, network and processor performance.

This capture source is required by the 1E Experience application.

5.0n/an/an/a
DNS
DNS resolution queries - the Inventory module captures whenever a DNS address is resolved2.12.1n/an/a
OperatingSystemPerformance

Performance metrics for OS - the metrics executable runs every 4 hours by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
Process
Process execution - the Inventory module captures whenever a process starts on the device2.12.12.12.1
ProcessStabilization
The time taken for a process execution to be considered stable whenever a monitored process starts on the device3.2n/an/an/a
ProcessUsage

A daily summary of the launches and terminations of processes.

The Process Usage capture source is required by the Tachyon Powered Inventory feature (Tachyon connector).

Process Usage capture can generate high disk I/O while capturing process usage on virtual machine hosts with guests starting at the same time.

3.2n/an/an/a
SensitiveProcess

Performance metrics for sensitive processes - the metrics executable runs every 4 hours by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
Software

Software installs/uninstalls/presence - the Inventory module captures whenever software is installed/uninstalled, and also captures which software is present on a device

2.12.12.12.1
SoftwarePerformance

Performance metrics for software - Software performance polling is every 10 seconds by default

This capture source is required by the 1E Experience application.

5.0n/an/an/a
TCP
Outbound TCP connections - the Inventory module captures whenever an outbound TCP connection is made2.12.12.1n/a
UserUsage

A daily summary of all the logons and logoffs of users.

This capture source is required by the Tachyon Powered Inventory feature (Tachyon connector).

3.2n/an/an/a

How is the data managed?

The data is captured and stored to a local, encrypted persistent store and then periodically aggregated according to an ongoing daily, weekly, monthly window. This means that the data is held securely and the amount of data is minimized while still maintaining its usefulness.

How do I retrieve the data from the Tachyon client devices?

Tachyon provides a number of product pack instructions that will let you interrogate your Tachyon client devices for the data they hold.