Release Notes Threat Response (Version 2.0)
Important Notes
The releases of Tanium Threat Response 2.0, Integrity Monitor 2.0, and Map 2.0 all include a significant update to the Client Recorder Extension. This upgrade does not require that all three products be updated at the same time, but when more than one impacted product is deployed to an endpoint, conditional logic is applied to determine whether to upgrade the recorder component from 1.x to 2.0 versions. Please consult your Technical Account Manager to better understand how to best plan for your deployments if you have more than one impacted product installed.
The Threat Response module combines the functionality of the Detect and Trace modules and the Index and Incident Response content.
Migration from existing installations of the aforementioned modules is possible in the Threat Response module.
The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.
Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.
Threat Response 2.0.5.0005
Release Date: 2019-12-26
Improvements
- Allows environment variables to be used in Live Response collections. File patterns and file paths in Live Response collections support the use of regular expression syntax. File paths in Live Response collections support the use of supported environment variables. For an overview of supported environment variables and examples of regular expressions, see the Threat Response User guide at: https://docs.tanium.com/threat_response/threat_response/collect_data.html#Regular
- Updated the Live Response file collector behavior to apply the file pattern to the filename only for Mac and Linux
- Added System File Filters for Linux to recorder config, these filters will be applied to auditd on Linux endpoints.
Fixes
- Fixed an issue preventing Live Response from working correctly on Linux
- Fixed the Live Response default file collector regex patterns for Windows, Mac, and Linux
- Fixed an issue pruning the recorder database, includes new recorder 2.0.1.4070
- Includes new Index 2.5.2.0003
Additional Information
- SMB destinations are not included in Live Response packages for macOS and Linux. SMB destinations are exclusive to Windows environments.
Threat Response 2.0.3.0002
Release Date: 2019-12-10
Fixes
- Fixed an issue installing the recorder on Linux endpoints without SELinux
- Includes IC-Recorder content with the Threat Response solution installation
Threat Response 2.0.2.0004
Release Date: 2019-12-03
Fixes
- Fixed an issue with displaying image load events in the Live Endpoint view
- Fixed a missing RBAC privilege for the Threat Response Administrator and User roles when trying to run response actions
- Fixed an issue with IR sensors failing on version mismatch with TanFileInfo
- Updated index to 2.5.1.0003
- Updated to recorder 2.0.1.4052
- Fixed an issue applying the raw logging setting with auditd
- Fixed an issue with missing library signatures
Threat Response 2.0.1.0006 (DQ)
This version has been removed due to an issue with the installation of the Client Recorder Extension component on Linux endpoints.
If you installed Threat Response version 2.0.1.0006 and have deployed Threat Response to Linux endpoints, please consult your Technical Account Manager.
Release Date: 2019-11-19
Fixes
- Fixed an issue with displaying image load events in the Live Endpoint view
- Fixed a missing RBAC privilege for the Threat Response Administrator and User roles when trying to run response actions
- Updated to recorder 2.0.1.4039
- Fixed an issue applying the raw logging setting with auditd
- Fixed an issue with missing library signatures
Threat Response 2.0.0.0205
Release Date: 2019-10-29
Enhancements
- Upgrades Client Recorder Extension to 2.0 (version 2.0.1.4026)
- See the latest recorder documentation here
- Added Tanium Signals support for Mac and Linux in addition to Windows
- Added optional Recorder database encryption
- Updated default filters for Recorder 2.0
- Updated default indexing hashing exclusions
- Set string max age for alerts gathering sensors
- Added package cache status warning banner in workbench
- Add intel label impact dialog shown before deletion
- Updated Tools and Profiles deployment to only supported clients, >= 6.0.314.1540 on Windows, >= 7.2.314.3211 on Mac/Linux
- Added Download file response action
- Added Download recorder snapshot response action
- Added Task view in workbench
- Added Read only profile and config summary pages
- Includes Index 2.5.0.0038
Known Issues
- Windows Tanium 6.0.314.1540 clients have been shown to perform poorly with Threat Response sensors, and should be upgraded to the latest 7.2 Tanium Clients