Tech Blog

Tanium Use Case: Threat Alerting & Analysis, and SIEM Integration

Heartbleed, Shellshock, and more recently, Intel AMT and Spectre/Meltdown are all examples of high-profile vulnerabilities affecting computing devices and network protocols at a level that makes them quite dangerous. No tool is designed to prevent them, let alone look for them, and most organizations don’t have a plan for them.

This is where the Tanium platform can help with its speed and flexibility.

In our Security Workflows video, we cover ways a Security Operations professional would use Tanium Threat Response to execute various aspects of a security incident investigation.

The video provides a walkthrough of creating intelligence in the Tanium platform around Indicators of Compromise and Tanium Signals. You will gain insights into:

  • Indicator of Compromise alerting: Uploading indicators of compromise, creating a piece of intel, running a scan and labeling your profiles
  • Creating behavior based alerting, creating signals and suppressing rules
  • Tasking your intel to your endpoints and sources you can bring in (including creating a source, reputation sources and hash lists)
  • Sending alerts into another device (SIEM), discovering and alerting on unmanaged assets, and creating a connection off a saved question

Curious to learn more?

Featured Webinars

Upcoming Events

Contact Sales

Press Inquiries

Contact Us

Thank you for contacting us

Back to the Tanium Home Page