IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Incident Response (Version 4.3)
Thank you for choosing Tanium. These notes are intended to document changes between releases of the Tanium Incident Response module.
Tanium Incident Response 4.3.1
Release Date February 13, 2018
Incident Response Official Version 4.3.1.0011
Resolved Issues
- The Run Command History sensor correctly handles profiles with missing RunMRU key.
- Sensors that return SHA1 and SHA256 hashes work on Red Hat Linux and its derivatives.
- The Command Line of Process sensor parameter has broader regex support.
- The Injected Threads sensor filters out false positives CSRSS.exe processes on Windows XP.
- Linux sensors that return hashes were made more efficient.
New Features
- Added Shell History sensor for Mac and Linux.
- Searches through .bash_history for a given command with optional user parameter.
- Added SSH Known Hosts sensor for Mac and Linux.
- Returns aggregated SSH Known Host entries with an optional hostname parameter.
New Binaries
- No new binaries in this release.
Deprecated Content
- No deprecated content in this release.
Notes for future releases
- The Search for/in Files (Mac/Linux) package will be removed in a future release. Customers should use Index sensors for the Search for functionality and Threat Response Detect's yara capability for hex and string searches for Search in files functionality.
- The Historical RDP sensor depends on an Windows Security Event Log event ID, which does not appear to be triggered on modern versions of Windows. This sensor will be deprecated in a future release.
- Semaphore-related content will be removed in a future release.
- Customers with workflows or saved questions that use the "stand-alone" MD5 or SHA1 hashing sensors, such as
Running Processes with MD5 Hash, should replace them with the new parameterized sensors that support multiple hash types. Tanium will remove the older sensors in a future release, with advance notice to be provided in release notes for preceding releases.