Skip to content

Tanium Use Case: Threat Alerting & Analysis and SIEM Integration

Tanium Use Case: Threat Alerting & Analysis and SIEM Integration

Heartbleed, Shellshock and, more recently, Intel AMT and Spectre/Meltdown are all examples of high-profile vulnerabilities affecting computing devices and network protocols at a level that makes them quite dangerous. No tool is designed to prevent them, let alone look for them, and most organizations don’t have a plan for them.

This is where the Tanium platform can help with its speed and flexibility.

In our Security Workflows video, we cover ways a Security Operations professional would use Tanium Threat Response to execute various aspects of a security incident investigation.

The video provides a walkthrough of creating intelligence in the Tanium platform around Indicators of Compromise and Tanium Signals. You will gain insights into:

  • Indicator of Compromise alerting: Uploading indicators of compromise, creating a piece of intel, running a scan and labeling your profiles
  • Creating behavior based alerting, creating signals and suppressing rules
  • Tasking your intel to your endpoints and sources you can bring in (including creating a source, reputation sources and hash lists)
  • Sending alerts into another device (SIEM), discovering and alerting on unmanaged assets and creating a connection off a saved question

Curious to learn more?

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.