Tanium Security Incident Response enhances the efficiency of the incident lifecycle by reducing manual investigation steps and integrating ServiceNow processes with Tanium's speed and scalability. This creates a unified interface that presents related incident data in a meaningful and actionable manner.
Automatically enriches data for the associated CI on a Security Incident:
- Logged On Users
- Network Statistics
- Running Processes
- Running Services
Enables ability to leverage Tanium Trace to execute Sightings Searches for IP’s and Hashes
Release notes for this application can be found at: https://help.tanium.com/bundle/servicenow_releasenotes/
Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install, and activate one application at a time in the order listed below to ensure a smooth installation.
- Security Incident Response
- Security Integration Framework
- Security Support Common
- Security Support Orchestration
- Security Operations
Tanium version support and product requirements
This integration has been tested with Build versions 7.5.4.x and Console version 3.1.x of Tanium.
Verify the following Sensors are active:
- Logged In Users
- Service Status with Hash
- Service Process Details
- Process Details
- Network Details
To leverage Tanium Trace for Sightings Search, ensure that Tanium Threat Response +3.5.x is deployed, and verify the following Sensors are active:
- Trace Executed Process Hashes
- Trace Network Connections
To verify these solutions are installed, navigate to the Tanium Content section on the Tanium Solutions page, and note the imported version listed for the required solution.