Release Notes Threat Response (Version 2.1)
Important Notes
The releases of Tanium Threat Response 2.0, Integrity Monitor 2.0, and Map 2.0 all include a significant update to the Client Recorder Extension. This upgrade does not require that all three products be updated at the same time, but when more than one impacted product is deployed to an endpoint, conditional logic is applied to determine whether to upgrade the recorder component from 1.x to 2.0 versions. Please consult your Technical Account Manager to better understand how to best plan for your deployments if you have more than one impacted product installed.
The Threat Response module combines the functionality of the Detect and Trace modules and the Index and Incident Response content.
Migration from existing installations of the aforementioned modules is possible in the Threat Response module.
The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.
Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.
7.4 clients are not supported on versions of Threat Response versions earlier than 2.1.0.
Threat Response 2.1.0.0241
Release Date: 2020-02-06
Enhancements
- Added a feature that loads the appropriate areas of the Threat Response workbench that correspond with the terms of the license that is used when the workbench starts.
- Added a feature that shows the context of a signals match in the advanced details of an alert.
- Added the option of collecting files with Live Response in one directory where the filename includes the original path, but does not retain the folder structure.
- Added a feature that enables users to create a remediation policy in Tanium Protect, and specify conditions to enforce that policy from an alert.
- This release adds support for the 7.4 version of the Tanium Client, including updates to the python runtime version and supporting libraries.
Known Issues
- Windows Tanium 6.0.314.1540 clients have been shown to perform poorly with Threat Response sensors, and should be upgraded to the latest 7.2 Tanium Clients
- If a start_time is specified for an action, two rows in the action table are created. If a start_time is not specified, then only one row is created for the action. This will be addressed in a future version of Threat Response.
- A known issue exists with uploading snapshots using version 11 of the Internet Explorer web browser. This will be addressed in a future version of Threat Response.
- When a Download File response action is initiated from an Alert, Threat Response issues the "Trace - Start Session*" action every 6 minutes to ensure that the file is downloaded the system comes back online. This happens until the file completes the intended download. If it doesn't finish the download, it keeps issuing the actions to attempt to complete the download. This will be addressed in a future version of Threat Response.