IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Incident Response (Version 5.0)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. These notes are intended to document changes between releases of the Tanium Incident Response module.

Important Note

With the release of Incident Response 5.0, significant changes have been implemented, mainly stemming from the inclusion of Python content. This content requires Tanium Client version 6.0.314.1396 or later.

Tanium Incident Response 5.0.3.0005

Release Date Dec 26, 2019

Improvements

  • Allows environment variables to be used in Live Response collections. File patterns and file paths in Live Response collections support the use of regular expression syntax. File paths in Live Response collections support the use of supported environment variables. For an overview of supported environment variables and examples of regular expressions, see the Threat Response User guide at: http://docs.tanium.com/ir/ir/liveresponse.html#Regular
  • Updated the Live Response file collector behavior to apply the file pattern to the filename only for Mac and Linux

Fixes

  • Fixed an issue preventing Live Response from working correctly on Linux
  • Fixed the Live Response default file collector regex patterns for Windows, Mac, and Linux

Additional Information

  • SMB destinations are not included in Live Response packages for macOS and Linux. SMB destinations are exclusive to Windows environments.

Tanium Incident Response 5.0.2.0001

Release Date Dec 3, 2019

Fixes

  • Fixed an error with some windows sensors and the version of TanFileInfo

Tanium Incident Response 5.0.1.0005

Release Date Nov 19, 2019

Fixes

  • Fixed an error on Linux with Live Response memory collection
  • Fixed an issue with Live Response where stdout/stderr were not included in the action log

Tanium Incident Response 5.0.0

Release Date May 21, 2019

Incident Response Official Version 5.0.0.0398

Resolved Issues and Improvements

  • Fixes issue in Live Response where file collections could fail
  • Fixes bug in Linux Certificate Search Sensor where no results would return when provided with no parameters, in contrast with the Windows and Mac variants of the sensor
  • Live Response support for Mac and Linux
  • Autoruns replacement

Enhancements

  • IR Tools Updates
  • Process listing sensors, on Windows, can see and retrieve the paths of protected processes
  • Mac Autoruns implementation

Python Sensor Rewrites

  • Command Line of Process
  • MD5 Hash Match Files Executing
  • SHA1 Hash Match Files Executing
  • Running Process with Hash
  • Running Process with MD5 Hash
  • Running Process with SHA1 Hash
  • Established Connections with Hash
  • Established Connections with MD5 Hash
  • Established Connections with SHA1 Hash
  • Non-Approved Established Connections with Hash
  • Non-Approved Established Connections with MD5 Hash
  • Non-Approved Established Connections with SHA1 Hash

New Binaries

Operating System Binary Name Binary Version SHA256 Hash
Windows x64
TaniumPersistenceAnalyzer.exe 1.0.302 bd067da3a0da4946db6ce5ee417e6ce700f857900285ce639f73696e52e3c184

Deprecated Content

  • Has Incident Response Tools
  • Historical RDP Sessions
  • Incident Response Job Results
  • Distribute Incident Response Tools Package
  • Distribute IR Tools (Linux) Package
  • Distribute IR Tools (Mac) Package
  • Incident Response - Remove Old Incident Response ID Files Scheduled Action
  • Distribute Incident Response Tools Scheduled Action
  • Distribute IR Tools (Linux) Scheduled Action
  • Distribute IR Tools (Mac) Scheduled Action

Additional Information

Supported Tanium Platforms

  • Tanium Server 7.2, 7.3
  • Tanium Client 6.0.314.1396+

Additional Information