Posted
ThreatConnect and Tanium’s partnership just got stronger. Recently, we released 3 Apps for Tanium Threat Response as well as developed a brand new Playbook App for Tanium Platform. With these Playbook Apps, you can take immediate action to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.
Let’s dive in!
Tanium Threat Response
With this integration, you can send indicators and signatures to Tanium Threat Response as intel packages. This allows you to easily hunt for malware across endpoints using malware files hashes or by deploying YARA rules to Tanium Threat Response. Additionally, other IOC types such as Domains, URLs, and IP Addresses along with a customizable set of context can be sent to Tanium Threat Response for monitoring. This deployment of intelligence can be done in the background, transparent to the end user, or as part of a fully or semi-automated workflow via ThreatConnect’s Playbooks capability. All of this leads to a more informed Incident Response process initiation.
- Tanium Threat Response – Indicators (Runtime App)
- Enables you to send address, host, and file indicators from ThreatConnect to your Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows users to operationalize intelligence from ThreatConnect in the form of searching and monitoring for malicious indicators in your endpoint environment.
- Tanium Threat Response – Signatures (Runtime App)
- Enables you to send signatures from ThreatConnect to your Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows you to operationalize intelligence from ThreatConnect in the form of signature-based searching and monitoring for malicious activity in your endpoint environment.
- Tanium Threat Response Playbook App
- The following actions are available:
- Deploy Indicator Intel Package
- Deploy Signature Intel Package
- Delete Intel Package
- The following actions are available:
Tanium Platform
With the Tanium Platform integration, you can ask relevant questions of Tanium in regard to Indicators and Groups within ThreatConnect to better develop relevant intelligence reports during the analysis phase. This will lead to greater efficiency and a more informed Incident Response process initiation. Due to the high flexibility of this Playbook, you are also able to perform Vulnerability Identification tasks by finding endpoints in your enterprise running certain vulnerable versions of third party applications. Coupling this with ThreatConnect’s plethora of potential data via native intelligence products produced by our ThreatConnect Research Team, or via other rich third party intelligence feed integrations allows teams to operationalize Vulnerability intelligence data in real-time.
- Tanium Platform Playbook App
- The following actions are available:
- Create Question
- Get Question Results By ID
- Get Saved Question Results By ID
- The following actions are available:
Together, ThreatConnect and Tanium provide a complete solution for your security teams that enables them to respond to threats and ask relevant questions of their systems. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Tanium Apps. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at sales@threatconnect.com