Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect and Tanium: Improved Incident Response with Intel Packages

ThreatConnect and Tanium’s partnership just got stronger. Recently, we released 3 Apps for Tanium Threat Response as well as developed a brand new Playbook App for Tanium Platform. With these Playbook Apps, you can take immediate action to investigate, stop, and remediate potential threats at the endpoint based on external threat intelligence.

Let’s dive in!

Tanium Threat Response

With this integration, you can send indicators and signatures to Tanium Threat Response as intel packages. This allows you to easily hunt for malware across endpoints using malware files hashes or by deploying YARA rules to Tanium Threat Response. Additionally, other IOC types such as Domains, URLs, and IP Addresses along with a customizable set of context can be sent to Tanium Threat Response for monitoring. This deployment of intelligence can be done in the background, transparent to the end user, or as part of a fully or semi-automated workflow via ThreatConnect’s Playbooks capability. All of this leads to a more informed Incident Response process initiation.

  • Tanium Threat Response – Indicators (Runtime App)
    • Enables you to send address, host, and file indicators from ThreatConnect to your Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows users to operationalize intelligence from ThreatConnect in the form of searching and monitoring for malicious indicators in your endpoint environment.
  • Tanium Threat Response – Signatures (Runtime App)
    • Enables you to send signatures from ThreatConnect to your Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows you to operationalize intelligence from ThreatConnect in the form of signature-based searching and monitoring for malicious activity in your endpoint environment.
  • Tanium Threat Response Playbook App
    • The following actions are available:
      • Deploy Indicator Intel Package
      • Deploy Signature Intel Package
      • Delete Intel Package

Tanium Platform

With the Tanium Platform integration, you can ask relevant questions of Tanium in regard to Indicators and Groups within ThreatConnect to better develop relevant intelligence reports during the analysis phase. This will lead to greater efficiency and a more informed Incident Response process initiation. Due to the high flexibility of this Playbook, you are also able to perform Vulnerability Identification tasks by finding endpoints in your enterprise running certain vulnerable versions of third party applications. Coupling this with ThreatConnect’s plethora of potential data via native intelligence products produced by our ThreatConnect Research Team, or via other rich third party intelligence feed integrations allows teams to operationalize Vulnerability intelligence data in real-time.

  • Tanium Platform Playbook App
    • The following actions are available:
      • Create Question
      • Get Question Results By ID
      • Get Saved Question Results By ID

Together, ThreatConnect and Tanium provide a complete solution for your security teams that enables them to respond to threats and ask relevant questions of their systems. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Tanium Apps. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at sales@threatconnect.com

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.