Getting started
- Install Taniumâ„¢ Incident Response solutions.
More information: Installing Incident Response solutions
- Deploy IR tools to the endpoints that are running Tanium Client.
More information: Deploying IR tools
- Use IR sensors to scope and hunt incidents, examine forensic artifacts, collect real time data, and monitor endpoints for malicious activity.
More information: Using IR sensors and packages
- Index operating systems.
Use the Tanium Index solution to index the local file systems on Tanium Client endpoints that are running Windows or Mac OS X operating systems. After the file systems are indexed, you can use sensors to query specific file attributes, such as path, hash, and modified dates.
More information: Indexing file systems
-
Collect files from endpoints.
- Move a set of arbitrary files. You can define this list of files with a comma-separated list.
More information: Copying IR data to a central location - With IR Gatherer, you can also copy files to a destination of your choice, but the files that are copied are based on some predefined selections.
More information: Collecting data with IR Gatherer - With Live Response, you can configure what files and what destinations you want to use to collect data from Windows endpoints.
More information: Collecting data with Live Response
- Move a set of arbitrary files. You can define this list of files with a comma-separated list.
- Isolate endpoints.
You can apply a quarantine on endpoints that show evidence of compromise or other suspicious activity. When applied, the endpoint cannot communicate with any resource other than the Tanium Server.
More information: Isolating endpoints
Last updated: 1/11/2019 11:44 AM | Feedback