Map Lateral Movement with Tanium Impact - Tanium Tech Talks #123

tanium logo
Tanium
Apr 16, 2025
Tanium

Today see how Tanium Impact will help you visualize, contextualize, and prioritize remediation of Windows lateral movement before it becomes a problem:

  • Identify nested accounts and groups risk across Active Directory domains
  • Quickly scope endpoints during incident response
  • Prioritize triage based on endpoint criticality
  • See lateral movement impact on alerts in Threat Response

Tanium modules and services featured in this demo:

  • Impact
  • Threat Response
  • Automate
  • Directory Query
  • Criticality

#dfir #incidentresponse #windows #informationsecurity #informationtechnology #mimikatz #passthehash #pth #passtheticket #lateralmovement #activedirectory

RESOURCES
Docs: Impact
https://help.tanium.com/bundle/ug_impact_cloud/page/impact/overview.html
Docs: Threat Response
https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/overview.html#interoperability
Docs: Criticality
https://help.tanium.com/bundle/ug_criticality_cloud/page/criticality/index.html
Docs: Directory Query
https://help.tanium.com/bundle/ug_directory_query_cloud/page/directory_query/index.html
SSH Snake (Linux lateral movement)
https://www.youtube.com/watch

CHAPTERS
00:00:00 Intro
00:01:08 Meet Josh
00:02:40 What is Tanium Impact?
00:04:40 DEMO Overview
00:07:22 How does it work?
00:10:30 Lateral movement
00:12:40 DEMO Tanium Threat Response alert integration
00:14:50 DEMO Outbound impact graph
00:16:50 DEMO Shortest path graph
00:21:50 Data refresh process and rate
00:23:00 DEMO Tanium Criticality service
00:25:10 DEMO Tanium Directory Query service
00:31:00 Setup overview
00:31:45 DEMO On-demand data sync
00:33:45 DEMO Metrics
00:34:30 DEMO Domain Users & indirect control
00:36:33 Group nesting visibility
00:39:17 Recap so far
00:40:17 DEMO Active Directory details popup
00:41:41 DEMO Asset search bar
00:43:20 DEMO Incident response
00:45:27 How do I get this?
00:45:50 DEMO FAQs & Troubleshooting
00:47:25 Customer stories
00:48:34 DEMO Session visibility & termination
00:51:40 PRO TIP Credentials in memory
00:53:30 DEMO Session visibility & termination
00:55:13 DEMO Session termination in Automate
01:01:34 Try it
01:02:29 Wrap up & resources

Copyright © 2026 OpsMatters™. All rights reserved.