Aug 08, 2019
Tanium Use Case: Threat Alerting & Analysis and SIEM IntegrationBy Louise Larsen
Heartbleed, Shellshock and, more recently, Intel AMT and Spectre/Meltdown are all examples of high-profile vulnerabilities affecting computing devices and network protocols at a level that makes them quite dangerous. No tool is designed to prevent them, let alone look for them, and most organizations don’t have a plan for them.
This is where the Tanium platform can help with its speed and flexibility.
In our Security Workflows video, we cover ways a Security Operations professional would use Tanium Threat Response to execute various aspects of a security incident investigation.
The video provides a walkthrough of creating intelligence in the Tanium platform around Indicators of Compromise and Tanium Signals. You will gain insights into:
- Indicator of Compromise alerting: Uploading indicators of compromise, creating a piece of intel, running a scan and labeling your profiles
- Creating behavior based alerting, creating signals and suppressing rules
- Tasking your intel to your endpoints and sources you can bring in (including creating a source, reputation sources and hash lists)
- Sending alerts into another device (SIEM), discovering and alerting on unmanaged assets and creating a connection off a saved question
Curious to learn more?
- Book a demo, view the User Guide and download the Threat Response Data Sheet.
- Ask your questions in our Tanium Community.