IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Threat Response (Version 1.4)

From Tanium Knowledge Base
Jump to navigation Jump to search

Threat Response 1.4.2.0003

Release Date: 10/01/2019

The new Tanium Threat Response module combines the functionality of Tanium Detect and Tanium Trace with the content of Tanium Index and Tanium Incident Response.

Migration from existing installations of the these modules is possible in the Threat Response module.

The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.

Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.

RedHat Enterprise Linux 8 is not supported by Threat Response 1.4.2

macOS 10.10 (and earlier) is not supported by Threat Response 1.4.2

Fixes

  • Fixed an issue to ensure the enablement of the recorder when pushing Threat Response profiles to endpoints
  • Fixed an issue that caused process ancestry to be missing from long-running parent processes
  • Fixed an issue to ensure proper migration of Detect configurations for deleted computer groups

Threat Response 1.4.1.0021

Release Date: 09/17/2019

The new Tanium Threat Response module combines the functionality of Tanium Detect and Tanium Trace with the content of Tanium Index and Tanium Incident Response.

Migration from existing installations of the these modules is possible in the Threat Response module.

The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.

Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.

RedHat Enterprise Linux 8 is not supported by Threat Response 1.4.1

macOS 10.10 (and earlier) is not supported by Threat Response 1.4.1

Changes

  • Removed interactivity in API documentation
  • Includes Sysmon 10.4 and 10.41 support
  • Profile revision numbers are included on the profile summary page
  • Includes Index 2.4.5.0009

Fixes

  • Fixed max depth settings for Live Response File Collectors
  • Fixed issue with temporary intel databases not being cleaned up when deploying intel
  • Fixed handling of escaped characters in signals
  • Fixed bug with response action expiration
  • Fixed handling of proxy settings on TS 7.3
  • Fixed OpenIOC 1.1 definition view in workbench

Recorder Fixes

  • Fix to correctly respect the 'contains not' condition
  • Fixed handling of double byte hostnames

Security

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Threat Response 1.4.0.0096

Release Date: 08/06/2019

The new Tanium Threat Response module combines the functionality of Tanium Detect and Tanium Trace with the content of Tanium Index and Tanium Incident Response.

Migration from existing installations of the these modules is possible in the Threat Response module.

The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.

Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.

RedHat Enterprise Linux 8 is not supported by Threat Response 1.4.

macOS 10.10 (and earlier) is not supported by Threat Response 1.4.

Enhancements

  • Import and export Signals to move them from one platform to another. For example, you can export Signals from a test system and import them to a production system. Signals are imported and exported as JSON files and have a file size limit of 1 MB.
  • Import and export global suppression rules to move them from one platform to another. For example, you can export global suppression rules from a test system and import them to a production system. Global suppression rules are imported and exported as JSON files and have a file size limit of 1 MB.
  • Signals can have one or more associated MITRE technique IDs. Technique IDs can categorize Signals to better align with the MITRE Attack Framework and help map coverage to the different tactics and techniques.
  • Initiate Live Response or Quarantine to a single affected endpoint directly from an alert. Initiating Live Response or Quarantine deploys a response action. A response action, unlike a scheduled action, runs once during a provided time range and ensures that if an endpoint is not online when you deploy the action, it runs when the endpoint comes online.
  • Default configurations are provided for engine, index, and recorder configurations as well as filters and exclusions. You cannot edit default configurations, but can copy them to use as a template for creating custom configurations.
  • Threat Response Audit logs now include a specific actions for live file browsing.
  • Sysmon v10 support.

Known Issues

  • Exporting signals that include MITRE technique IDs and importing them into an environment where the same Signals exist without associated MITRE technique IDs results in a new Signal with the same content and the addition of MITRE technique ID information. The result is that two Signals exist; one with MITRE technique information, and one without.

Additional Information

Product Documentation and Resources