Tanium Threat Navigator: Tanium Tech Talks #164

Threat Navigator brings live hunting searches, version-controlled iterations, MITRE mapping, and one-click signal creation together — so your team can hunt faster and turn every finding into repeatable detection.

You'll see how Tanium Threat Navigator:

• Runs IOC and signal-syntax searches live across your environment
• Tracks iterations so you can filter, refine, and branch your hunt without losing earlier results
• Lets you pin key findings
• Groups related searches into hypotheses you can export and share with your team
• Converts completed hunts into signals with one click—making detection the natural end of every hunt
• Maps all searches, intel, and hypotheses to MITRE ATT&CK techniques in a single view

#informationsecurity #informationtechnology #ThreatHunting #ThreatResponse #TaniumTechTalks

RESOURCES
Community article: https://help.tanium.com/bundle/ThreatNavigator/page/ANN/ThreatNavigator/ThreatNavigator.htm
Docs: https://help.tanium.com/bundle/ug_threat_response_cloud/page/threat_response/threat_navigator.html
Tuning Tanium webinars: https://community.tanium.com/s/tuning-tanium

CHAPTERS

0:00 Intros

1:14 Meet Duncan

2:02 Threat Navigator Overview

2:19 Searches: the core of Threat Navigator

3:10 Hypotheses: containers for your searches

3:38 MITRE techniques tab explained

4:23 DEMO: Filtering by MITRE technique

5:12 DEMO: PowerShell search walkthrough

6:20 Count view, column selection, and quick filters

7:40 Iterations and version history

9:34 Pinning findings to preserve them

11:10 Collaborative hunting and sharing searches

13:43 Hypothesis tab: grouping and exporting

14:48 DEMO: Create signal from a search

15:22 Save button and scratchpad workflow

16:14 Hypotheses: tying it all together and exporting

17:34 Three things to remember about Threat Navigator

19:03 How hunts become detection

21:10 Proactive security at enterprise scale

21:45 Availability: who has access and when

22:08 Wrap-ups