|Automating Workflows with the Tanium REST API |
This session will begin with an overview of the Tanium API and then do a deeper dive into automating security and operational workflows using PowerShell script.
Pre-Reqs: Working knowledge of PowerShell scripts is recommended, but not required
|Intermediate-Advanced||Core, Threat Response, Reputation|
|Get Started Leveraging the Tanium Platform and Module REST APIs Quickly with the TanREST PowerShell Module|
In this lab you will learn how to set up the TanREST module, find the API docs and create some example workflows to familiarize yourself with the tools available.
|Intermediate||Core, Deploy, Interact|
|Integrate Tanium with ServiceNow to Make Your CMDB Actual and Complete|
Companies are changing every day and there is great need to have valuable IT workflows. The reality is often that there is a lack of decision making data in the CMDB. This will block the automation part of the workflows. The foundation to solve this issue is to get the CMDB data accurate and actual.
In this lab, we will cover Tanium Asset and Discover as the source for an automated ServiceNow CMDB. First, to see the capabilities in Tanium and second, how to setup the integration with the market leading ServiceNow IT workflow platform. The last part of this lab will cover the standard available integrations with Security Operations and Vulnerability Management to show the art of possibility between both platforms. Dreams become reality!
Pre-Reqs: Administrative knowledge of Tanium; basic administrative knowledge of ServiceNow. Attendees will need to have access to a ServiceNow developer instance, which can be requested at developer.servicenow.com prior to PKO.
|Intermediate||API Gateway, Asset, Comply, Connect, Discover|
|It's Coming from Inside the House: On the Hunt for Insider Threats with Tanium|
The sequel to a much-loved story of a young hunter looking to find and destroy the malodorous and malicious threat within the network -- this year, our hunter is seeking insider threats!
We will review hunting techniques and walk through a Malicious Insider Kill Chain, as well as signs of accidental or negligent behaviors that compromise security. Hands on labs will leverage Threat Response and Reveal to detect malicious and negligent behavior as well as utilize Impact and Enforce to mitigate future risk from an insider threat.
Pre-Reqs: Intermediate Security experience; Familiarity with Tanium Core; Prior Tanium Threat Response experience recommended, but not required
|Advanced||Impact, Reveal, Threat Response, Integrity Monitor|
|Learning How to Defend Against Threats with Tanium Before a Real Attack|
This lab will focus on using Tanium to respond to attacks, and reduce attack surface, by combining Tanium and Threat Emulation. Students will understand a given attack scenario at a high level and identify/implement remediations accordingly. Remediations will focus on reducing the attack surface by applying appropriate security controls and mitigations.
Pre-Reqs: Basic Tanium experience; Cybersecurity background helpful, but not required
|Intermediate-Advanced||Enforce, Impact, Threat Response|
|Setting the Curve: How to Improve Your Marks and Reduce Enterprise Risk with Tanium Benchmarks|
In this lab, students will observe how Tanium Benchmark provides unique insights into security program effectiveness, enterprise security hygiene, vulnerability and patch management programs, and endpoint risk via organizational metrics and industry comparisons. Students will be able to examine new ways to compare their organization's metrics and real-time risk posture against other customers in their industry to see how they stack up. Additionally, this lab also introduces new capabilities to dynamically define asset criticality levels on Tanium endpoints to focus on the most important endpoints first in critical enterprise workflows such as investigation and remediation.
Pre-Reqs: This course is intended for new and experienced Tanium users who are ready to expand their knowledge of Tanium Benchmarks module and its metrics and risk scoring capabilities.
|Beginner-Intermediate||Comply, Impact, Patch, Reveal, Risk|
|Tanium Basics: Leveraging the Power of Certainty|
Intended for both new users and those looking to increase their Tanium knowledge, this lab introduces learners to the Tanium Platform and core functions including questions, sensors, packages, saved questions, dashboards, categories, analyzing trends, actions, action groups and more.
|Beginner||Connect, Core, Interact, Trends|
|Tanium: Better Together with Microsoft on a Security Level|
In this session, students will be afforded the opportunity to leverage Microsoft Defender to generate alerts in Tanium Threat Response. From there, we will dig deeper, integrating with Microsoft Sentinel to further investigate, remediate and take action on the endpoint.
Pre-Reqs: A security mindset would be helpful, but all practitioners are welcome
|Intermediate||Asset, Comply, Core, Deploy, Enforce, Patch, Threat Response|
|Vulnerability Identification, Remediation, and Reporting with Tanium|
In this lab, attendees will be given an overview into the entire life cycle of vulnerability management.
In part 1, we will review best practices for configuring Vulnerability scans in Tanium Comply, including scan frequency and low resource configurations. In part 2, we will look at an automated patching strategy that allows for a W0-W4 monthly patching cadence and makes handling patching exceptions exceptionally easy. Lastly, in part 3, we will walk through configuring KPI reports to show vulnerability posture and patching efficacy using Tanium Data.
|Intermediate||Comply, Patch, Tanium Reporting Service|
|Weaving Endpoint Data Into Reporting Gold with API Gateway|
Tanium Data Service and Tanium Reporting are two powerful tools in Tanium, but users and developers need the right tool to weave that raw data into reporting gold.
Using API Gateway as the needle, you can pull from TDS data spools and spin the thread into meaningful patterns in Reporting. Tanium's API Gateway can cover the whole end-to-end tasks for automating data operations.
In this session, attendees will learn how to use a number of tools to create a customized report and then get that data out of Tanium and into your other tools (in multiple ways).
Pre-Reqs: Basic knowledge of Tanium and its capabilities; Python or scripting knowledge will be helpful, but not required
|Intermediate||API Gateway, Connect, Tanium Reporting Service|