To view a list of the malicious hashes that Reputation has pulled from the reputation services, click Malicious Reputations from the Reputation menu.
Only hashes with a malicious or pending status are listed.
In Trace, you can view the ratings on hashes for Live Endpoints or Snapshots. For more information, see Tanium Trace User Guide: How reputation data works with Trace.
You can use Connect
The first run of a connection that uses Tanium Reputation as a source retrieves all available reputation items. Subsequent runs of that connection retrieve only the reputation changes since the last time the connection ran.
For more information, see Tanium Connect User Guide: Managing connections.
If you want to pre-populate reputation data with hashes from your environment, you can send data to the reputation service as a connection destination. When this content is pre-populated, the reputation service can start querying about the status of the items from the reputation sources.
- From the Connect Home page, click Create Connection > Create.
- For the source, choose a saved question that returns a hash, such as Running Processes with MD5 Hash.
- For the destination, choose Tanium Reputation and select the appropriate hash type for the Hash Field.
Each reputation service connection destination is configured for a specific hash column name. You must use a separate destination for each hash type that you are populating. For example, if you are populating both MD5 and SHA1 hashes from different saved questions, create two connection destinations with different values for the Hash Field field.
You can use Trends
For more information, see Tanium Trends User Guide: Importing the initial gallery.
Last updated: 9/18/2020 1:27 PM | Feedback