IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Incident Response (Version 5.0)
Thank you for choosing Tanium. These notes are intended to document changes between releases of the Tanium Incident Response module.
Important Note
With the release of Incident Response 5.0, significant changes have been implemented, mainly stemming from the inclusion of Python content. This content requires Tanium Client version 6.0.314.1396 or later.
Tanium Incident Response 5.0.3.0005
Release Date Dec 26, 2019
Improvements
- Allows environment variables to be used in Live Response collections. File patterns and file paths in Live Response collections support the use of regular expression syntax. File paths in Live Response collections support the use of supported environment variables. For an overview of supported environment variables and examples of regular expressions, see the Threat Response User guide at: http://docs.tanium.com/ir/ir/liveresponse.html#Regular
- Updated the Live Response file collector behavior to apply the file pattern to the filename only for Mac and Linux
Fixes
- Fixed an issue preventing Live Response from working correctly on Linux
- Fixed the Live Response default file collector regex patterns for Windows, Mac, and Linux
Additional Information
- SMB destinations are not included in Live Response packages for macOS and Linux. SMB destinations are exclusive to Windows environments.
Tanium Incident Response 5.0.2.0001
Release Date Dec 3, 2019
Fixes
- Fixed an error with some windows sensors and the version of TanFileInfo
Tanium Incident Response 5.0.1.0005
Release Date Nov 19, 2019
Fixes
- Fixed an error on Linux with Live Response memory collection
- Fixed an issue with Live Response where stdout/stderr were not included in the action log
Tanium Incident Response 5.0.0
Release Date May 21, 2019
Incident Response Official Version 5.0.0.0398
Resolved Issues and Improvements
- Fixes issue in Live Response where file collections could fail
- Fixes bug in Linux Certificate Search Sensor where no results would return when provided with no parameters, in contrast with the Windows and Mac variants of the sensor
- Live Response support for Mac and Linux
- Autoruns replacement
Enhancements
- IR Tools Updates
- Process listing sensors, on Windows, can see and retrieve the paths of protected processes
- Mac Autoruns implementation
Python Sensor Rewrites
- Command Line of Process
- MD5 Hash Match Files Executing
- SHA1 Hash Match Files Executing
- Running Process with Hash
- Running Process with MD5 Hash
- Running Process with SHA1 Hash
- Established Connections with Hash
- Established Connections with MD5 Hash
- Established Connections with SHA1 Hash
- Non-Approved Established Connections with Hash
- Non-Approved Established Connections with MD5 Hash
- Non-Approved Established Connections with SHA1 Hash
New Binaries
| Operating System | Binary Name | Binary Version | SHA256 Hash |
|---|---|---|---|
| Windows x64 | |||
| TaniumPersistenceAnalyzer.exe | 1.0.302 | bd067da3a0da4946db6ce5ee417e6ce700f857900285ce639f73696e52e3c184 |
Deprecated Content
- Has Incident Response Tools
- Historical RDP Sessions
- Incident Response Job Results
- Distribute Incident Response Tools Package
- Distribute IR Tools (Linux) Package
- Distribute IR Tools (Mac) Package
- Incident Response - Remove Old Incident Response ID Files Scheduled Action
- Distribute Incident Response Tools Scheduled Action
- Distribute IR Tools (Linux) Scheduled Action
- Distribute IR Tools (Mac) Scheduled Action
Additional Information
Supported Tanium Platforms
- Tanium Server 7.2, 7.3
- Tanium Client 6.0.314.1396+