Tanium Threat Response

This app supports various generic and investigate actions on Tanium Threat Response

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• list connections: Get a list of connections
• create connection: Create a new live endpoint connection
• get endpoint: Get information for an endpoint
• close connection: Close an endpoint connection
• delete connection: Delete an endpoint connection
• create snapshot: Capture a new snapshot
• list snapshots: Get a list of all snapshots
• delete snapshot: Delete a snapshot
• get process: Get information for a process
• get process tree: Get process tree for a process instance
• get events: Build a query to get events of a certain type from a connection
• get events summary: Returns counts of given event type
• list files: List downloaded files in Tanium Threat Response
• save file: Save a file from a remote connection to Tanium Threat Response
• delete file: Delete a file evidence from disk and Tanium Threat Response database
• get file: Download a file from Tanium Threat Response to the SOAR Vault
• upload intel doc: Upload intel document to Tanium Threat Response
• start quick scan: Scan a computer group for hashes in intel document
• list alerts: List alerts with optional filtering