Skip to content

Aug 08, 2019

Tanium Use Case: Threat Alerting & Analysis and SIEM Integration

By Louise Larsen

Heartbleed, Shellshock and, more recently, Intel AMT and Spectre/Meltdown are all examples of high-profile vulnerabilities affecting computing devices and network protocols at a level that makes them quite dangerous. No tool is designed to prevent them, let alone look for them, and most organizations don’t have a plan for them.

This is where the Tanium platform can help with its speed and flexibility.

In our Security Workflows video, we cover ways a Security Operations professional would use Tanium Threat Response to execute various aspects of a security incident investigation.

The video provides a walkthrough of creating intelligence in the Tanium platform around Indicators of Compromise and Tanium Signals. You will gain insights into:

  • Indicator of Compromise alerting: Uploading indicators of compromise, creating a piece of intel, running a scan and labeling your profiles
  • Creating behavior based alerting, creating signals and suppressing rules
  • Tasking your intel to your endpoints and sources you can bring in (including creating a source, reputation sources and hash lists)
  • Sending alerts into another device (SIEM), discovering and alerting on unmanaged assets and creating a connection off a saved question

Curious to learn more?

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.