Release Notes Threat Response (Version 2.3)
Important Notes
The releases of Tanium Threat Response 2.0, Integrity Monitor 2.0, and Map 2.0 all include a significant update to the Client Recorder Extension. This upgrade does not require that all three products be updated at the same time, but when more than one impacted product is deployed to an endpoint, conditional logic is applied to determine whether to upgrade the recorder component from 1.x to 2.0 versions. Please consult your Technical Account Manager to better understand how to best plan for your deployments if you have more than one impacted product installed.
The Threat Response module combines the functionality of the Detect and Trace modules and the Index and Incident Response content.
Migration from existing installations of the aforementioned modules is possible in the Threat Response module.
The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.
Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.
7.4 clients are not supported on versions of Threat Response versions earlier than 2.1.0.
Threat Response 2.3.1.0005
Release Date: 2020-04-14
Enhancements
- Fixes an issue where some endpoints respond to a Quick Scan with an error that reports that the scan did not complete before the last shutdown.
- Fixes an issue where the Trace Executed Process Trees sensor was not working correctly on Windows endpoints.
- Fixes an issue where the Tanium Driver does not uninstall correctly.
- Fixes an issue in the Recorder Client Extension where SELinux is in enforcing mode, but TaniumAuditPipe does not have the Recorder SELinux policy applied.
- Adds a command in the Recorder Client Extension to reset the database in the event that it becomes corrupted, and enables the deletion of the database and restarts the recorder.
Threat Response 2.3.0.0077
Release Date: 2020-03-31
Enhancements
- Tanium Threat Response now integrates with Tanium Trends to show Threat Response charts through the Trends initial gallery (Requires Tanium Trends 2.4 or later).
- Provides the ability to create suppression rules for parent path, ancestry command line, and ancestry path.
- Provides new permissions to the Threat Response Service Account user role to interact with Tanium Connect, Tanium Reputation, and Tanium Trends.
- Update Tanium Client extension to 2.2.0.1114
- Adds a separate process for client extensions (TaniumCX or TaniumCX.exe), running under the client.
- This will require new anti-virus exclusions. Work with your TAM to ensure these are set up properly.
- These changes were made to make the client extensions more robust, supportable, and allow more functionality than previously possible.
- Note: Installing this version of Tanium Client Extensions on an endpoint running Threat Response 2.2 or lower may cause issues with process exclusions. Please work with your TAM if you think this may impact you.
- Adds a separate process for client extensions (TaniumCX or TaniumCX.exe), running under the client.
- Fixes an issue where Quick Scan did not correctly process event grouping.
- Fixes an issue where Download File actions, when initiated as a Response Action from an Alert, re-issued the "Trace - Start Session*" actions every six minutes when the endpoint is not available.
- The Tanium Signals feed will be dividing up intel logic into more simplified signals going forward to allow for easier alert aggregation and more specific tuning via suppressions. This will apply to all signals in the feed going forwards as of this 3/31/2020 release.
- This release upgrades to Tanium Python version 1.3.0.44 with installer version 1.3.2
- Tanium Recorder 2.1.0.1696 included.
- Tanium Incident Response 5.5.0.0031 included.
- Tanium Index Index 2.5.4.1 included.
Upgrade Notes
- Threat Response 2.3.0 will not support Windows 2008 R2 (bare). You must have at least installed Service Pack 1 (circa 2011) for Threat Response's python sensors to execute on a Win2008R2 endpoint.
Security
- This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.