The Tanium Action Bundle enables teams to perform automated actions against Tanium to better secure their environment. The actions included in the bundle can perform automated exports of intelligence to Tanium so that it can be used to improve an organization’s security posture and find critical vulnerabilities.

Tanium helps IT teams manage and secure all their devices. It gives a real-time view of everything on the network, allowing teams to identify risks/vulnerabilities, distribute software, and fix problems quickly. Tanium makes it easy for teams to investigate potential issues by allowing them to ask questions about their devices using natural language and take automated actions to address any issues.

The integration provides the following actions:

• Tanium - Export Hash Reputations - exports a dynamic list of hashes from ThreatQ to Tanium.
• Tanium - Delete All Hash Reputations - deletes hash reputations from your Tanium reputation database.
• Tanium - Export YARA Rules - exports a dynamic list of YARA Signatures from ThreatQ to Tanium.
• Tanium - Get Assets Vulnerable to CVEs - queries Tanium for vulnerable assets associated with threat intel included in a ThreatQ data collection.

The action is compatible with the following system object types:

• Indicators
• MD5
• SHA-1
• SHA-256
• Signatures
• YARA
• Vulnerabilities

The action returns the following enriched system objects:

• Assets
• Indicators (CVEs)
• Vulnerabilities

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.