Threat Response In Real Life - Tanium Tech Talks #66
Learn from a digital forensics and incident response professional how they use Tanium Threat Response in real life. #dfir #irl
Tanium Threat Response
- Enable security teams to collaborate and accelerate
- Live endpoint investigation of activity past and present
- Interactive hunting of IOCs (indicators of compromise)
- Zero in on files by name, hash, and magic number
- Quarantine risky endpoints in real-time
- Lean into the security community for career growth
#digitalforensics #incidentresponse #informationsecurity #cybersecurity #powershell #threathunting
RESOURCES
Magic Number reference
https://garykessler.net/library/file_sigs.html
Threat Response Best Practices
https://community.tanium.com/s/article/Maximizing-Value-from-Tanium-Threat-Response-14-suggestions
Community articles
https://community.tanium.com/s/global-search/threat%20response
Docs
https://docs.tanium.com/threat_response/threat_response/index.html
Tuning Tanium free webinar series
https://community.tanium.com/s/tuning-tanium
Tanium Converge Registration
https://converge.tanium.com
CHAPTERS
00:00 Intro
00:44 Meet Matt
01:25 Why Tanium?
01:50 How does Tanium accelerate investigations?
02:16 Favorite feature?
02:39 DEMO Alert Details
07:45 Most common alerts?
09:10 DEMO Live Endpoints connection
11:45 DEMO Browse File System & Saved Evidence
18:15 DEMO Quarantine
19:34 DEMO Live Response
20:50 DEMO Threat Hunting, Files, Magic Number, Hash
27:20 Forensic visibility
28:00 DEMO Interact hunting at scale
29:00 DEMO Was it executed? Process history, parent/child processes
33:20 "Time in the seat", learn the tool
35:37 Security Community Participation
38:43 Resources