IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Threat Response (Version 3.2)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Threat Response 3.2.68

Release Date: 11 May 2021

Security Update

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM

Tanium Threat Response 3.2.67

Release Date: 13 April 2021

Important Notes

The primary improvements in Threat Response 3.2 are the ability to use RBAC to limit alerts and saved evidence that a user can view to only those that are associated with endpoints that user can view, and the ability to use Chronicle go-location URLs in stream configurations.

Support

This previous release of Threat Response 3.1 brings full feature parity with the legacy Trace service and Trace product. This 3.1 release marked the end of life of all Trace versions and Threat Response versions 1.x, which will be August 1, 2021.

Upgrade notes

Tanium Threat Response 3.2 provides RBAC capabilities for Alerts and Saved evidence based on users computer group access. This functionality has dependencies on the version of Interact (version 2.6.106+ or 2.7.165+) and Direct Connect (version 1.9.1 or higher).

Users will NOT be able to see old alerts after upgrade unless the RBAC permission Threat Response Visibility Bypass is granted to them. Once you go to 3.2, new Alerts and Saved Evidence will have an EID attached which is what the new visibility is based on. A full THR administrator will also be able to see the historical alert data.

New Features

  • Improved RBAC for alerts and saved evidence based on computer management rights of each user.
  • The ability to use geo-location based URLs in Stream for Chronicle.

Improvements

  • Improvement to Live Response to omit sparse data from Use.Jrnl collection to speed up collections.
  • Improvements to Mac sensors to now return shell history details.

Fixes

  • Autorun program details will no longer generate network connections to domain controllers.
  • An incorrect stream config will no longer cause profile deployment to fail.
  • Ensured that Threat Response will not get into a state where two alert gathering questions are running simultaneously.
  • HandleDetails-results.txt results are no longer truncated.
  • FIPS enforcement will no longer break Live Response collections.
  • Running Process with Parent now handles exceptions properly.
  • Fixed an issue where recent live connections would fail if the endpoint IP changed.
  • Live Response file collector max depth is now honored correctly.
  • Response actions fixed to fire properly.
  • Upgrade from 2.6.7 now correctly adds signals.
  • DNS sensors now return correctly on Windows 64 bit machines.

Known Issues

  • Memory Collection on Windows 10 2004 or newer might fail to load the winpmem driver and create a 0 byte collection file.
  • Saved Evidence dates collected by the legacy Trace service may be changed to the upgrade date when migrated to the new Threat Response service. (NOTE: The collection date is retained in the file download title/name).