IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Tanium Cloud Release Notes Investigate
Release Date: 16 June 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Release Date: 2 June 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Release Date: 12 May 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Release Date: 27 April 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Fixes
- Resolved an issue that could cause the Investigate workbench to crash when attempting to register ECF items at startup.
Release Date: 1 April 2026
Improvements
- Investigate service no longer leverages the System User Service (SUS)
Release Date: 24 Feburary 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Fixes
- Fixed an issue where a portion of the calander picker wasn't available when adding issues to an investigation.
- Fixed an issue that would require the Investigate service to require a manual service restart under certain conditions.
Release Date: 5 Janurary 2026
Improvements
- Upgrades various third-party libraries to their latest versions.
Fixes
- Resloved an issue where the Investigate service would fail to start if ECF approvals were enabled.
Release Date: 20 October 2025
Improvements
- Upgrades various third-party libraries to their latest versions.
Release Date: 20 August 2025
Fixes
- Resloved an issue where endpoints would still recieve tools after the module was uninstalled.
Known Issues
- REG_BINARY, REG_NONE, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, and REG_QWORD_LITTLE_ENDIAN values are not displayed.
Creating a new value with the same name as an existing value gives the appearance of a duplicate value, however no duplicate is created in the Registry. The "Filter items" bar in the Windows Registry panel does not filter correctly.
Release Date: 28 April 2025
Improvements
- Upgrades various third-party libraries to their latest versions.
Known Issues
- REG_BINARY, REG_NONE, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, and REG_QWORD_LITTLE_ENDIAN values are not displayed.
Creating a new value with the same name as an existing value gives the appearance of a duplicate value, however no duplicate is created in the Registry. The "Filter items" bar in the Windows Registry panel does not filter correctly.
Release Date: 28 February 2025
Improvements
- Upgrades various third-party libraries to their latest versions.
Known Issues
- REG_BINARY, REG_NONE, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, and REG_QWORD_LITTLE_ENDIAN values are not displayed.
- Creating a new value with the same name as an existing value gives the appearance of a duplicate value, however no duplicate is created in the Registry.
- The “Filter items” bar in the Windows Registry panel does not filter correctly.
Release Date: 4 February 2025
Improvements
- Adds a User column next to the Endpoint column in the activities grid to make it easier to see which user or users are related to activities.
- Upgraded various third-party libraries to newer versions.
Fixes
- Fixes an issue where an error could occur when deleting all activities from an investigation that is in the open status.
- Fixes an issue where if you copy the "Investigate Operator" role and it is limited to the "Investigate" content set and assigned to a user, group, or persona you could not create Investigations because the drop-down selection for Content set is blank.
- Fixes an issue where when deleting an activity, only a single activity is displayed in the Comments before the page refreshes.
Known Issues
- REG_BINARY, REG_NONE, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, and REG_QWORD_LITTLE_ENDIAN values are not displayed.
- Creating a new value with the same name as an existing value gives the appearance of a duplicate value, however no duplicate is created in the Registry.
- The “Filter items” bar in the Windows Registry panel does not filter correctly.
Release Date: 13 November 2024
Improvements
- New “Windows Registry” panel added to the “Remote Management” tab in Single Endpoint View provides remote visibility and control over the Registry on Windows endpoints.
- Adds an online/offline indicator next to the endpoint name in the Activities grid of an Investigation.
- Clicking the endpoint name next to an online endpoint in the Activities grid of an Investigation will now pivot you to the “Investigate” tab in Single Endpoint View and automatically establish a connection.
- Load times of Activity counts in the Type dropdown have been significantly improved.
Fixes
- The ServiceNow integration will now return an error instead of silently failing if there is an issue with the configuration.
- The Level filter in the “Windows Events” tab now works as expected.
- Activity types that aren’t relevant to the Operating System of the endpoint being viewed in the Investigate tab are no longer displayed.
Tools Versions
- Endpoint Configuration Toolset 2.3.42 or later is required for this release. Review the Endpoint Configuration Toolset release notes for more details.
Known Issues
- REG_BINARY, REG_NONE, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_EXPAND_SZ, REG_LINK, and REG_QWORD_LITTLE_ENDIAN values are not displayed.
- Creating a new value with the same name as an existing value gives the appearance of a duplicate value, however no duplicate is created in the Registry.
- The “Filter items” bar in the Windows Registry panel does not filter correctly.
Release Date: 15 October 2024
Fixes
- Fixes an issue where Investigations with a high number of activities added to them could take a long time to load.
- Fixes an issue where the actions for Service Control and Live Process monitor were not visible.
Tools Versions
- Endpoint Configuration Toolset 2.3.42 or later is required for this release.
- Review the Endpoint Configuration Toolset release notes for more details.
Known Issues
- Activities from the “Recorder Events” category do not produce a marker on the timeline graph in the Investigate Tab of Single Endpoint View.
Release Date: 14 August 2024
Improvements
- Introduces Annotations
- Annotations are a new and customizable activity type that enable you to select endpoints, even if they are offline, or enter a username, for inclusion in the timeline in an Investigation.
- Shift+Click the Activities Timeline to create an Annotation that is scoped to the corresponding Endpoint or User at the date/time clicked or use the new “Add Annotation” button in the data grid.
- Upgrades various third-party libraries to their latest versions.
- Tooltip for Endpoint Details no longer requires scrolling to view.
Fixes
- Fixes an issue where Usernames on the Users timeline may be misaligned.
Tools Versions
- Endpoint Configuration Toolset 2.3.42 or later is required for this release. Review the Endpoint Configuration Toolset release notes for more details.
Known Issues
- Activities from the “Recorder Events” category do not produce a marker on the timeline graph in the Investigate Tab of Single Endpoint View.
- The Services Control actions and the Terminate Process(es) button are not displaying in the Remote Management tab of the Endpoint Details page.
- You may get logged out of the Tanium Console when viewing the Investigate tab in Single Endpoint View if the ServiceNow integration credentials are invalid. Update the ServiceNow integration configuration from the Investigate module with valid credentials to resolve the issue.
Release Date: 09 July 2024
Improvements
- Windows Event Log Subscription Manager
- Create, Edit, Delete, Enable, or Disable subscriptions to events in the Windows Event Log.
- Assign a Name and Category to event subscriptions to make them easier to find in the Investigate tab.
- Includes 81 new default subscriptions that cover a wide variety of use cases.
- The Direct Connect search bar in an Investigation will now open the Investigate tab in Single Endpoint View and automatically attempt to establish a connection to the specified endpoint.
Fixes
- Fixes an issue where the endpoint name for activities added to an Investigation from Threat Response would show up as “undefined”. (Requires Threat Response 4.6.415 or later)
- Fixes an issue where saving an Investigation with a linked ServiceNow incident could result in a 400 error.
Tools Versions
- Endpoint Configuration Toolset 2.3.42 or later is required for this release. Review the Endpoint Configuration Toolset release notes for more details.
Known Issues
- Activities from the “Recorder Events” category do not produce a marker on the timeline graph.
Release Date: 27 February 2024
Fixes
- Fixes an issue with linking an Investigation to a ServiceNow ticket.
Tools Versions
- Includes Core CX: 2.8.2019
- Includes DEC CX: 2.7.1129
- Includes Extras CX 1.5.13
- Includes Performance CX: 1.11.40
- Includes Performance TSDB: 2.15.78
- Includes Software Manager CX: 2.9.719
Notes
- Enterprise-Wide Pivots from the Investigate Tab in Single Endpoint View will become available with the release of Reporting 1.36.
Known Issues
- When adding activities from the Threat Response Context Analyzer to an investigation, the endpoint can be displayed as "undefined."
- Activities from the “Recorder Events” category do not produce a marker on the timeline graph.
Release Date: 08 February 2024
Improvements
- Adds Enterprise-Wide Pivots (see Notes) for the following activity types:
- Patch Install
- Browser Plugins
- System Reboot
- USB Device
- User Logon
- Explicit Logon
- CPU Utilization
- Available Memory
- Disk Capacity
- Disk Latency
- Application Crash
- System Crash
- Application Install and Upgrade
- Added the ability to search and filter on comments across all Investigations.
Fixes
- Fixes an issue where Investigations could still show up in the list after deletion.
Tools Versions
- Includes Core CX: 2.8.2019
- Includes DEC CX: 2.7.1129
- Includes Extras CX 1.5.13
- Includes Performance CX: 1.11.40
- Includes Performance TSDB: 2.15.78
- Includes Software Manager CX: 2.9.719
Notes
- Enterprise-Wide Pivots from the Investigate Tab in Single Endpoint View will become available with the release of Reporting 1.36
Known Issues
- Creating an Investigation with a linked ServiceNow ticket may result in a 400 error.
- Activities from the “Recorder Events” category do not produce a marker on the timeline graph.
Release Date: 27 November 2023
Improvements
- Adds support for Endpoint Change Management.
- Adds support for upcoming Windows Service Control feature.
- Improves performance of the Overview page.
- Adds a filter option for “No Associated User” to the Activities Timeline.
- Adds a “Click to Copy” feature to the Activity Details panel.
Fixes
- Fixes an issue with copying contents of the Details cell from the Activities Table.
- Fixes an issue with duplicate entries being added to the Audit Log.
- Fixes an issue with sorting comments.
- Fixes a comment display issue.
Tools Versions
- Includes Core CX: 2.8.2019
- Includes DEC CX: 2.6.1888
- Includes Extras CX 1.5.13
- Includes Performance CX: 1.11.36
- Includes Performance TSDB: 2.15.78
- Includes Software Manager CX: 2.9.719
Known Issues
- When adding activities from the Threat Response Context Analyzer to an investigation, the endpoint can be displayed as "undefined."
Release Date: 14 November 2023
Improvements
- Supports adding events from the Windows Event Log to an investigation using the new Windows Events tab in Endpoint Details with Tanium Reporting 1.32 or later.
Tools Versions
- Includes Core CX: 2.8.2019
- Includes DEC CX: 2.6.1888
- Includes Extras CX 1.5.13
- Includes Performance CX: 1.11.36
- Includes Performance TSDB: 2.15.78
- Includes Software Manager CX: 2.9.719
Known Issues
- When adding activities from the Threat Response Context Analyzer to an investigation, the endpoint can be displayed as "undefined."
Release Date: 06 November 2023
Improvements
- Support for adding data from Tanium Threat Response 4.4 or later to an Investigation.
- New UI for Audit Log within an Investigation.
- Added the ability to filter the activities grid by endpoint from within the filter selection.
- Added the ability to filter the activities grid by user from the Users view on the Activities Timeline.
Fixes
- Corrected the behavior of clicking the duration inside of an activity’s details.
- Fixed a display issue with comments inside of an activity’s details.
- Fixed an issue with certain Windows Events incorrectly returning “No Associated User” in the Users view of the Activities Timeline.
- Corrected the behavior of the “Copy cell value” function in the Start and End Time columns of the Activities grid.
- Corrected the behavior of the time range filter.
- Fixed an issue with sorting Comments by Last Updated.
Tools Versions
- Includes Core CX: 2.8.2005
- Includes DEC CX: 2.6.1888
- Includes Extras CX 1.5.10
- Includes Performance CX: 1.11.36
- Includes Performance TSDB: 2.15.78
- Includes Software Manager CX: 2.9.719
Known Issues
- When adding activities from the Threat Response Context Analyzer to an investigation, the endpoint can be displayed as "undefined."
Release Date: 07 August 2023
This is the initial release of the Tanium Investigate solution. Tanium Investigate allows users to perform root cause analysis on both operational and security issues while accelerating mean time to resolution.
Features
- Investigate tab added to the Endpoint Details feature of Tanium Reporting that provides a timeline view of Activities and allows adding Activities from an endpoint to an Investigation.
- Remote Management tab added to the Endpoint Details feature of Tanium Reporting that provides live visibility and control over running processes on the endpoint.
- File Browser button added to the Endpoint Details feature of Tanium Reporting that allows viewing, tailing, downloading, and deleting files from the endpoint’s file system.
- Integration with ServiceNow for including ticket creation in the Investigation timeline.
- A new module workbench that provides a case management workflow and statistics around Investigations.
Tools Versions
- Includes Performance CX binary: 1.11.36
- Software Manager CX binary: 2.9.675