Threat Response overview
Use Threat Response to expedite incident response actions from hours or days to minutes. Detect, react, and recover quickly from attacks and the resulting business disruptions.
Threat Response monitors activity in real time and generates alerts when potential malicious behavior is detected. You can configure threat intelligence from a variety of reputable sources. Use this information to search endpoints for known indicators of compromise and perform reputation analysis. The reputation data that Threat Response uses constantly compares activity such as all processes run, autorun related files, and loaded modules against known malicious hashes defined by user black lists or other services such as Palo Alto Wildfire, VirusTotal, and ReversingLabs.
Threat Response continuously records key system activity for forensic and historical analysis. You can look for specific activity across every endpoint in an enterprise and drill down into process and user activity on individual systems in both real-time and historical views.
Threat Response includes sensors and packages that provide endpoint visibility and remediation. With the sensors, you can search endpoint data quickly for evidence of compromise. When you have discovered compromised endpoints, you can use Threat Response packages to isolate incidents and prevent additional compromise, data leakage, and lateral movement.
Integration with other Tanium products
Threat Response has built in integration with Tanium™ Connect, Tanium™ Protect, and Tanium™ Trends for additional alerting, remediation, and trending of incident related data.
Configure a Connect destination to export Threat Response data outside of Tanium. Threat Response sends hash information from saved questions to Connect and reputation service providers to elaborate on process hashes for an at-a-glance reputation status. You can also configure incoming connections from sources such as Palo Alto Wildfire to create threat data.
Use Threat Response findings to create process and network rule policies for Windows endpoints in Protect to prevent future incidents across the network. Failing to identify and address more fundamental vulnerabilities exploited during an incident leaves the organization with no net improvement to their security posture.
Use any of the Threat Response saved questions in Trends boards and panels to provide graphical representation of Threat Response data overall. Trends can pivot from the overall view to Tanium Interact for specific responses by endpoint.
This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties (“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.
Further, this documentation does not require or contemplate the use of or combination with Tanium products with any particular Third Party Items and neither Tanium nor its affiliates shall have any responsibility for any infringement of intellectual property rights caused by any such combination. You, and not Tanium, are responsible for determining that any combination of Third Party Items with Tanium products is appropriate and will not cause infringement of any third party intellectual property rights.
Last updated: 1/10/2020 11:34 AM | Feedback