Release Notes Core Content (Version 1.6)
Thank you for choosing Tanium. This article documents changes between releases of Core Content.
Core Content replaces the deprecated Initial Content Tanium Solutions.
Important
Any Scheduled Actions associated with these packages will need to have targeting updated after each update to the Core Content package. The default action group targeting will change to No Computers.
A new Antivirus content set has been introduced for sensors and packages that are related to antivirus technologies including Sophos and McAfee.
A new Microsoft Defender content set has been introduced for sensors and packages that are related to Microsoft’s endpoint protection. The older Core Content - Forefront solution is now deprecated.
Core Content 1.6.39
Release Date: October 11, 2022
Improvements
- Improved documentation for all Microsoft Defender sensors
- Rounded date inputs for Microsoft Defender sensors
- Visibility for Microsoft ATP / Defender status. Added Sensors: Microsoft Defender AntiMalware Details, Microsoft Defender AntiSpyware Details, Microsoft Defender AntiVirus Details, Microsoft Defender Attack Surface Reduction Rule ID Status, Microsoft Defender Computer ID, Microsoft Defender Extension Exclusions, Microsoft Defender FullScan Details, Microsoft Defender Health Details, Microsoft Defender Installed, Microsoft Defender IP Address Exclusions, Microsoft Defender Network Inspection Service Details, Microsoft Defender On Access Protection Status, Microsoft Defender Org ID, Microsoft Defender Path Exclusions, Microsoft Defender Process Exclusions, Microsoft Defender QuickScan Details, Microsoft Defender Real-Time Protection Status, Microsoft Defender Tamper Protection Status, Microsoft Defender Threat Details, and Microsoft Defender UI Lockdown Status
- Control for Microsoft Defender state. Packages: Microsoft Defender - Add Attack Surface Reduction Rule, Microsoft Defender - Add Exclusion [Windows], Microsoft Defender - Add Exclusion [Linux], Microsoft Defender - Add Exclusion [Mac], Microsoft Defender - Remove Extension Exclusion [Windows], Microsoft Defender - Remove Extension Exclusion [Linux], Microsoft Defender - Remove Extension Exclusion [Mac], Microsoft Defender - Remove IP Address Exclusion [Windows], Microsoft Defender - Remove IP Address Exclusion [Linux], Microsoft Defender - Remove IP Address Exclusion [Mac], Microsoft Defender - Remove Path Exclusion [Windows], Microsoft Defender - Remove Path Exclusion [Linux], Microsoft Defender - Remove Path Exclusion [Mac], Microsoft Defender - Remove Process Exclusion [Windows], Microsoft Defender - Remove Process Exclusion [Linux], Microsoft Defender - Remove Process Exclusion [Mac]
- Visibility for McAfee EPP status. Sensors: McAfee Agent Health, McAfee Agent Last ASC Days, McAfee Agent Last Policy Update Days, McAfee Agent Version, McAfee Status, McAfee Status Details, McAfee VSE DAT Version
- Visibility for Sophos EPP status. Sensors: Sophos Client Health, Sophos Client Version, Sophos Engine Version, Sophos Last Scan Time, Sophos Last Update Time
- Linux, Solaris, and AIX support added to File Creation Date sensor
- Service Details [Non-Windows] sensor now supports AIX and Solaris
Fixes
- Corrected output for case with no exclusions Affected sensors: Microsoft Defender Extension Exclusions, Microsoft Defender IP Address Exclusions, Microsoft Defender Path Exclusions, Microsoft Defender Process Exclusions
- Corrected variable typing for REG_MULTI_SZ value reporting, so that multiple binary result values will return on a single line. Affected sensors: Registry Value Data and Registry Key Value Names with Data
- Registry Value Data and Registry Key Value Names with Data now return data accurately when encountering a null value
- Registry Key Value Names with Data sensor will now return the names of empty values as well as populated values.
- Browser Extension sensors now work on Tanium Client 7.2. Affected sensors: Chrome Extensions, Chrome Extensions Summary, Edge Extensions, Edge Extensions Summary, Firefox Extensions, Firefox Extensions Summary
- The Network Adapter Details sensor now includes PCI slot-numbered, firmware-numbered, and SolarFlare interface identifiers on Linux endpoints
- Corrected white space handling in Hosts File Entries sensors.
- Corrected username and home folder expansion issues in the Mac code for the Folder Contents sensor.
Installation Notes:
Customers who use Tanium Core Platform 7.4 should ensure that the Tanium Console is at least version 1.4.2.0038 before importing Core Content. Importing Core Content on a Tanium Console version that is earlier than 1.4.2.0038 may result in the content set assigned to each sensor being overwritten on import, regardless of your preference at import time.
Installing Core Content updates all sensors, packages, saved questions, scheduled actions, and potentially dashboards that were previously included in the deprecated Initial Content Tanium Solutions. If you install Core Content when one or more of the deprecated IC solutions are installed, consider leaving the "Include Content Set Overwrite" checkbox on the import screen unchecked to preserve RBAC content set and role associations. Checking the box creates a new content set named Core Content for all items in the solution, and all of the items in the Core Content solution will be assigned to the Core Content content set.
If you install Core Content on a server without any of the deprecated Initial Content Tanium Solutions, the installation creates a Core Content content set, and all items in the Core Content solution are assigned to the Core Content content set by default.
Supported Tanium Platforms
Tanium Core Platform 7.3 or later
Product Documentation and Resources
- Please work with your Tanium TAM to most effectively use this content.
- Core Content Documentation
- Tanium Product Documentation
- Tanium User Research
- Software Updates and Announcements Signup