Release Notes SBOM (Version 1.1)
Product Documentation and Resources
- SBOM Documentation
- Tanium Product Documentation
- Tanium User Research
- Software Updates and Announcements Signup
Supported OS's and Binaries
Supported OS’s
- MacOS x86_64 and arm64
- Linux x86_64 and aarch64
- Windows x86_64
Supported Binaries
- Java (JAR,PAR,SAR,WAR,EAR,JHI,JPI,LPKG)
- JavaScript (Node, NPM)
- Python
- PHP (Compose)
- Ruby (GEM)
- Go Binaries
- OpenSSL Shared Libraries
Tanium SBOM 1.1.100
Release Date: November 1, 2022
Improvements
- Added the ability to search for information about OpenSSL libs.
- New Saved Questions.
- New Interact Dashboard.
- Updated Gather SBOM Data to allow a choice for OpenSSL.
- Added details to the Interact Dashboard called SBOM Reports that uses saved questions to display latest gathered details for specific vulnerabilities.
Issues Resolved
- Fixed an issue where One-Drive files were being indexed and shouldn't.
- Fixed issues where SBOM Results Age sensor showing wrong values.
- When the SBOM gather is in progress, value would show as 99999, it will now show correct values if the gather is running.
- Linux endpoints would not display the correct value at all.
New Supported Binaries
- OpenSSL Shared Libraries
Required Module
- Asset 1.19.161
New Packages
- Store SBOM Support Data
New Saved Questions
- SBOM Report: apache-commons-text
- SBOM Report: openssl
New Dashboards
- SBOM Reports
Tanium SBOM 1.1.88
Release Date: October 26, 2022
Information
SBOM = Software Bill of Materials. It is the ability to gather details against installed software packages in items like JAR files, JSON, GO, etc... The SBOM is a lot like an ingredients list on the back of a food package, listing out all of the different items that make up the software package you installed.
The initial use case with this version is to be able to identify all the associated libraries, versions, and ecosystems as they related to software binaries before there is an issue. We can determine where log4j exists in your fleet. As an example, is it in use on an endpoint, and if so, create reports based upon that data and provide it to the appropriate teams. When the next issue arises, a quick review of all the SBOM details will allow a customer to hunt for these issues without having to wait the 3 days to a week for the off the shelf software to say they use that library.
Supported OS’s
- MacOS x86_64 and arm64
- Linux x86_64 and aarch64
- Windows x86_64
Supported Binaries
- Java (JAR,PAR,SAR,WAR,EAR,JHI,JPI,LPKG)
- JavaScript (Node, NPM)
- Python
- PHP (Compose)
- Ruby (GEM)
- GoLang-Binaries
Required Module
- Asset 1.19.158
Sensors
- SBOM Deployment Details
- SBOM Has Results
- SBOM Discovered Packages
- SBOM Discovered Package Filtered By
- SBOM Discovered Package Information Filtered By
- SBOM Discovered Package Information For CPE
- SBOM Discovered Package Information For Name
- SBOM Discovered Package Stats
- SBOM Results Age
Packages
- Clear SBOM Cache
- Distribute SBOM Tools
- Distribute SBOM Tools - Linux
- Distribute SBOM Tools - MacOS
- Distribute SBOM Tools - Windows
- Gather SBOM Data
- TEMPLATE - Upload SBOM Data
- TEMPLATE - Upload SBOM Support Data
- Uninstall SBOM
Saved Questions
- SBOM Deployment Details
- SBOM Report: log4j-core
- SBOM Report: spring-beans
- SBOM Report: struts
- SBOM Results Hours Old
- SBOM Tools Deployment Required
Dashboards
- SBOM Reports
- SBOM Status