Threat Response overview
Tanium Threat Response is a combination of Tanium™ Trace, Tanium™ Detect, and Tanium™ Incident Response. Threat Response provides critical features that support the core incident response lifecycle:
Use Threat Response to expediate incident response actions from hours or days to minutes. With Threat Response, you can detect, react and recover quickly from attacks and the consequential business disruptions that they cause. Threat Response has built in integration with Tanium™ Connect, Tanium™ Protect, Tanium™ Integrity Monitor, and Tanium™ Trends for additional alerting, remediation, and trending of incident related data.
Detect provides real-time monitoring of activity as it is recorded by Trace and alerts you when it detects potential malicious behavior. Detect ingests threat intelligence from a variety of reputable source and uses this information to search endpoints for known indicators of compromise and provide reputation analysis. The reputation data that Detect uses constantly compares activity such as all processes run, autorun related files, and loaded modules against known malicious hashes defined by user black lists or other services such as Palo Alto’s Wildfire, VirusTotal, and ReversingLabs.
Trace continuously records key system activity for forensic and historical analysis. Use Trace to look for specific activity across every endpoint in an enterprise and drill down into process and user activity on individual systems.
Tanium Incident Response
Incident Response features sensors and packages that provide endpoint visibility and remediation. The questions featured in Incident Response provide a means to search endpoint data quickly, collect live data for offline analysis, and quarantine endpoints. Use Incident Response to contain incidents and prevent additional compromise, data leakage, and lateral movement.
This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties (“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.
Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights.
Last updated: 11/5/2018 11:27 AM | Feedback