In a recent Tanium blog, “Modernizing Security Operations Centers with Integrated Threat Detection and Response”, we discussed the importance of your SOC teams being able to prioritize actions, and deliver speedy recovery from incidents to minimize business disruptions.
As a structured way to approach troubleshooting and ensure optimal performance, the Tanium Community offers a three-part series showing best practice workflows to help you quickly see the status of Tanium Threat Response on your endpoints, and find the information you need to begin detection and response to incidents right away.
Part One: A Troubleshooting Flow To Ensure Your Threat Response Deployment is Working Optimally The Threat Response - Status sensor is a key maintenance tool for organizations leveraging Tanium for security use cases. In this part, we show you a best practice workflow to help explain useful actions you can take, such as filter and drill down on the more general information that the Threat Response - Status sensor returns. See Part One here.
Part Two: Summarize Results from the Threat Response - Status Sensor, using the Overall Status Filter In order to make the Threat Response - Status sensor data more manageable, we recommend using question filters to scope your search. In part two, we share how to scope out to a higher level of data, and narrow it down to a high-level summary of the state of Threat Response on all endpoints. See Part Two here.
Part Three: Drilling Down on Results from the Threat Response - Status Sensor The Threat Response - Status sensor is extremely useful for understanding the current state of your Threat Response deployment. In part three, we share how to make the sensor data actionable and use it to identify incidents to remediate. See Part Three here.