Tanium
Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current state and execute change as necessary, all within seconds. With the unprecedented speed, scale and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of cost efficiency in IT operations.
Specialties
Integrations
Tanium Platform
The Tanium Platform app for ThreatConnect Playbooks allows users to ask questions and retrieve results in Tanium as part of an automated threat intelligence or incident response process in ThreatConnect Playbooks. A Playbook template exists “Get Hostnames Communicating To Specified IP Address with Tanium,” which allows users to query the Tanium Platform for endpoints that have communicated to a specific Address IOC. The following actions are available in the app:
- Create Question (with option to Save Question)
- Get Question Results By ID
- Get Saved Question Results By ID
- Get Saved Question Results By Name
This app creates and save questions in the Tanium Platform and retrieves results for questions.
This listing can be found in the ThreatConnect App Catalog under the name Tanium Platform.
Tanium Threat Response
The Tanium Threat Response integration for ThreatConnect enables users to send indicators and signatures to Tanium Threat Response as intel packages. The following Playbooks apps are available for this integration:
- Tanium Threat Response - Indicators
- This app enables users to send address, host, and file indicators from ThreatConnect to their Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows users to operationalize intelligence from ThreatConnect in the form of searching and monitoring for malicious indicators in their endpoint environment
- Tanium Threat Response - Signatures
- This app enables ThreatConnect customers to send signatures from ThreatConnect to their Tanium Threat Response instance as intel packages based on specified criteria. This functionality allows users to operationalize intelligence from ThreatConnect in the form of signature-based searching and monitoring for malicious activity in their endpoint environment.
- Tanium Threat Response
- Deploy Indicator Intel Package
- Deploy Signature Intel Package
- Delete Intel Package
These apps can be found in the ThreatConnect App Catalog under the names: Tanium Threat Response - Indicators, Tanium Threat Response - Signatures, and Tanium Threat Response
Related Resources
Built By ThreatConnect
Playbooks
Tanium Playbook
The Get Hostnames Communicating To Specified IP Address Playbook allows a user to query Tanium Platform for endpoints that have been communicated to a specific Address IOC. The Playbook is represented as a User Action button on the details page of an Address IOC.
This Playbook template can be found in the ThreatConnect App Catalog under the name: Get Hostnames Communicating To Specified IP Address With Tanium
Built By ThreatConnect