If you wish to view the code for the wu4tanium utility, it is available on github. Feel free to fork that project to add functionality or compatibility with other versions of Windows. Hi—just downloaded your countdown timer—really cool! But I do not see any way to configure it, set the timer, the colors, etc…Am I missing something?
You are commenting using your WordPress. You are commenting using your Google account. You are commenting using your Twitter account. You are commenting using your Facebook account. Notify me of new comments via email. Notify me of new posts via email. Standard Posted by DanielHeth. Posted on February 4, Posted under Configuration , Configuration , Security , Tanium.
Comments 1 Comment. Like this: Like Loading The file contents are in an encrypted ZIP format that is downloaded to the machine that is hosting the browser. The Files view displays the host and path by default; however, you might need more information about a particular file.
When you save an event as evidence, it also includes additional details about the event and its sources. For live connections: From the Trace home page, go to Live Endpoints. For an active connection, click the computer name. Click the caret to expand the list of available snapshots. Click the snapshot name or date. You can pivot from evidence on a single endpoint to create Protect policies for multiple computer groups containing Windows endpoints.
You can add them to existing process rule policies or create new ones from Trace, where you seamlessly complete the policy configuration in Protect.
For more information, see the Tanium Protect User Guide. You can export some or all of the events from an endpoint as a zipped CSV file. If you are exporting a large event database, take a snapshot and export the events from the snapshot to reduce the load on the endpoint. Also I have only tested this on Windows 7 systems. If you wish to view the code for the wu4tanium utility, it is available on github.
Feel free to fork that project to add functionality or compatibility with other versions of Windows. As you are building content, specifically packages, for Tanium, you may find you need to add one or more files related to the package.
As such you must give Tanium your CA certificate in order to validate the any of your webservers signed with this custom CA. This is extremely easy to do…. Tanium reserves the right to change this file as they see fit… thus we must copy this file to a new location and add the text version of our companies CA into this file and save it to a new location. Now we need to tell Tanium where our newly modified CA chain file is.
Now we just need to restart the Tanium Server and Apache services to have our new certificate authority chain load. If you are using any packages that download files from files. One last thing as well, you will likely need to add files. In any security environment, the first thing that I am asked for is a way to protect the Tanium client from end-user tampering.
This is a very common request when it comes to security related software. This solution pack contains a collection of sensors, packages and saved questions related to locking down the Tanium Client service and the file system on Windows endpoints. I would like to explore that solution below. Once you have the ClientServiceHardening. This group wraps a few dashboards together that pertain to hardening the Tanium Client service on your endpoints.
Particularly the following three areas:. You should implement all three of these in order to fully lock down the Tanium Client Service. This is extremely easy to do.
This action group gives me assurances that this action will only run my windows systems and not my Linux or Mac systems. Now as this action runs within my environment, the Tanium Client will disappear from the Add-Remove Programs list. Implementing this is also an easy thing to do… Open the Control Service State Permissions dashboard…. Please note that if an end-user has administrative privileges on an endpoint, it is entirely possible they also have advanced knowledge of ACLs and will be able to reset these permissions in order to stop the service.
Lastly we need to lock down the folder permissions of the Tanium Client. Just like with the previous two actions, I will configure this to run every 6 hours and only on my windows systems. The client hardening techniques covered in this article are very close if not exactly the same security measures that Antivirus and other Vendors take to secure their agents on enterprise endpoints. This solution pack also includes packages for resetting the defaults for each of these security configuration settings… so if you want to un-harden the client, it is certainly possible.
Let me know if you have any questions about this article… If you have questions about the content, I encourage you to reach out to support tanium. I have more than a dozen Ubuntu servers that perform various jobs. For this article I want to discuss how I am upgrading the installed packages on these systems using the Apt-Get utility and the Tanium platform. I have built a collection of content that was published on the Tanium Community website.
This solution includes multiple sensors, packages and other types of content called Ubuntu Package Management. It is safe to overwrite any existing sensors as the only one I am using that is not original content is the Operating System sensor.
Now we move onto actually using this content and keeping the packages on your Ubuntu systems updated. A few saved questions will appear… the left pane shows all packages within your environment that have available updates. The right pane will list all of the Ubuntu computers you have within your environment. The first is accessible by right clicking on one or more of your Ubuntu systems in the right pane and the default action is Reboot Ubuntu Machine.
The second action is closely tied to the Ubuntu Available Patches sensor as it takes the selected result of that sensor to launch the action. Thus in the left pane, right click on one of the packages and Upgrade Available Ubuntu Package. There are other handy actions you can take. Right clicking on one of the computers, you can drill down into the Ubuntu Available Patches and a list of packages for that one system will appear…Then you can deploy or upgrade a single package from there.
Further right clicking on the computer provides you with the ability to Upgrade All Ubuntu Packages , if that is preferable. The Tanium Community site does not allow for the sharing of Saved Actions on purpose. Thus these must be setup manually. To accomplish this, ask the following Tanium question:. It uses the Is Ubuntu sensor which returns one of two answers for your entire infrastructure… True or False.
I would like this action to occur daily on all of my Ubuntu computers… thus I will be setting up a scheduled action. I have decided to have the action run between 4am and 5am daily so when I start working and want to check my package status, I have the latest data. Using the Tanium platform to manage your enterprise is extremely easy. With a little bit of work and understanding you can put together a solution to accomplish nearly anything you want.
0コメント