IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Integrity Monitor (Version 2.6)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. This document is intended to document the release of Tanium Integrity Monitor.

Important Notes

If you are also using Threat Response, Integrity Monitor should be upgraded to at least 2.5.2.0003 before Threat Response is upgraded to 2.4.0.0161 in order to reduce chances of missing events.

Tanium Integrity Monitor 2.6.5.0006

Release Date: June 2, 2020

Feature Improvements

  • Best Practices has been moved from the home page to the top rail, under the help tab.
  • The homepage content has been reordered to show more valuable information higher on the page.

Known Issues

  • You will not receive RegistrySet events for binary values with a value of 0.
    • You will receive RegistrySet events for binary values with a non-zero value.
    • Other event types like RegistryDelete are unaffected by this issue.
    • Setting any other value type should reliably generate events.

Resolved Issues

  • Resolves an issue where changing a watchlist and deploying monitors while Tanium Client Recorder Extension is not active on an endpoint can cause the subscription to the recorder to be out of date, if a previous subscription already existed.
  • Resolves an issue where slow start up times for the Integrity Monitor service can cause inconsistent experiences across upgrades.

Dependencies

  • Index: 2.5.5.0006
  • Tanium Client Recorder Extension: 2.2.3.1001
  • Tanium Python
    • Version (2.7): Upgraded from 1.4.0.34 to 1.4.0.45
    • Version (3.8): Upgraded from 1.4.0.34 to 1.4.0.45
  • Tanium Client Extensions: 2.2.0.1121

Tanium Integrity Monitor 2.6.2.0005

Release Date: May 19, 2020

Feature Improvements

  • Windows Registry change events can now be monitored for monitors that have event mode enabled.
    • Tanium Recorder Driver v1.1.0.52, which ships with this version of Integrity Monitor, is required to be installed on endpoints with Registry monitoring enabled for monitoring to work properly.
      • Failing to install the Tanium Recorder Driver on an endpoint where registry events are being monitored will still yield results, but they may be incomplete.
      • A new option has been added to monitors which allows you to install the Tanium Recorder Driver onto all Windows endpoints that monitor applies to and for which the Tanium Recorder Driver is supported.
    • If registry paths are added to a watchlist, registry events will appear in the results for existing file events sensors.
    • Rules allow for registry events to be labeled.
      • Current rules will apply to registry events as they come in. If this is not desirable, you can constrain the rule to be used only on certain change types.
    • Several watchlist templates for Windows Registry paths have been added:
  • Automatic install and configuration now adds enhanced monitors, which have endpoint labeling enabled.
  • When applying labeling rules to events on an endpoint, CPU usage throttling has been improved
  • Adds an option under General Settings to enable automatic endpoint configuration deployments when Integrity Monitor is upgraded on the TMS.
    • This option is enabled by default for new Integrity Monitor installs. Upgrades will have it disabled by default.

Known Issues

  • You will not receive RegistrySet events for binary values with a value of 0.
    • You will receive RegistrySet events for binary values with a non-zero value.
    • Other event types like RegistryDelete are unaffected by this issue.
    • Setting any other value type should reliably generate events.

Resolved Issues

  • Resolves an issue that affects Solaris where the Integrity Monitor Legacy File Events Details sensor was not returning results if the lookback time was set to over 167 hours.
  • An optimization was added to reduce recorder activity when watching noisy paths not being monitored for write changes.
  • Resolves an issue with ServiceNow integration where Change Task labels were being repeated in results for some events.
  • Resolves an issue where File Events Details sensor was reporting “no events matched the filters” in cases where “no integrity violations found” is expected.
  • Resolves a bug where rules ingestion on an endpoint was being stopped due to an error, halting rules ingestion until the Integrity Monitor client process is restarted.
  • Resolves a bug where starting Index while deploying configuration to endpoints was causing long delays in other actions being deployed.
  • Resolves a bug that prevented endpoint rules from being deleted.

Dependencies

  • Index: 2.5.5.0006
  • Tanium Client Recorder Extension: Upgraded from 2.2.0.1528 to 2.2.3.1001
    • No longer starts when a database is corrupted.
    • Improves performance by no longer logging per event.
    • Tanium Recorder Driver v1.1.0.52 included:
      • Improves reliability of registry events and is required for monitoring registry events with Integrity Monitor.
      • Adds a new event type for registry key path renames, which are used by Integrity Monitor
  • Tanium Python
    • Version (2.7): 1.4.0.34
    • Version (3.8): 1.4.0.34
  • Tanium Client Extensions: Upgraded from 2.2.0.1117 to 2.2.0.1121
    • Contains a performance improvement.

Additional Information

Requirements

  • Tanium Connect 4.0 and above.
  • Monitoring permission change events.
    • Windows NT 6.1 (Windows 7 / Windows Server 2008 R2) or above requires enabling System Audit Policies.

Supported Tanium Platforms

Tanium Server 7.2, 7.3, 7.4

Product Documentation and Resources

Integrity Monitor Documentation