What if your endpoints could automatically disrupt an attack as soon as it is detected? Tanium's Threat Response module has released this capability called Endpoint Reactions. See the demo on today's Tanium Tech Talk.

Benefits

• Attack disruption
• Immediate response by avoiding the SIEM/SOAR loop

Three reactions at release time

• Kill process
• Delete file
• Quarantine

Features

• Audit mode for safety
• Reaction alert details
• Target specific process instances
• Stack remediation actions in the same reaction
• Flexible targeting criteria by path, hash, command line, etc.
• Cross-platform! Windows/Mac/Linux

#informationsecurity #informationtechnology #dfir #incidentresponse #windows #macos #linux #attackdisruption

RESOURCES
Release Announcement
https://help.tanium.com/bundle/EndpointReactions/page/ANN/EndpointReactions/EndpointReactions.htm
Docs
https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/reactions.html
Release Notes
https://help.tanium.com/bundle/z-kb-articles-mediawiki/page/5327.html#release_date_22_april_2024edit

CHAPTERS

00:00 Intro

00:57 Meet Thomas

03:01 What is Tanium Threat Response?

06:26 What are Endpoint Reactions?

09:07 Attack disruption

10:41 What are customers saying?

12:04 DEMO Kill a process on-demand

14:47 DEMO Kill a process by policy

16:16 On-demand vs deployed policies

17:08 DEMO Reaction alerts details include path

17:50 DEMO Tanium Signal Intel capabilities

19:28 DEMO PowerShell example

23:17 DEMO Three initial Reactions

24:23 What is coming next?

26:40 How do I set it up?

27:55 Summary overview

29:13 Wrap up & resources