Automating Workflows with the Tanium REST API |
This will session will begin with an overview of the Tanium API and then do a deeper dive into automating security and operational workflows using PowerShell script.
Pre-Reqs: Working knowledge of PowerShell scripts is recommended, but not required | Intermediate-Advanced | Core, Threat Response, Reputation | |
Becoming an IT Operations Pro with Tanium |
Converged Endpoint Management helps the largest and most demanding organizations manage, inventory, monitor, contextualize, and remediate endpoints with ultimate visibility and control at scale. The goal of this session is to get you familiar with asking questions within Tanium to make data driven decisions by taking inventory of what is running in your environment and monitoring the health of devices and agents.
Throughout this lab, you will track application usage throughout the organization and remove unused and potentially unwanted programs which can reduce risk and spending on unused software. In addition, you will review an automated patching strategy for operating system and third-party applications. Next, you will review how to identify poorly performing software using Tanium Performance and then remediate that software with Tanium Deploy. Finally, you will review issues in the environment and use Tanium Client Management to gather and Troubleshoot those issues. Throughout the session, Tanium SMEs will discuss best practices and new features of each module.
Pre-Reqs: None | Beginner | Asset, Deploy, Interact, Patch, Performance, Tanium Client Management | |
Better Together with Microsoft on a Security Level |
In this session, students will be afforded the opportunity to leverage Microsoft Defender to generate alerts in Tanium Threat Response. From there, we will dig deeper, integrating with Microsoft Sentinel to further investigate, remediate, and take action on the endpoint.
Pre-Reqs: A security mindset would be helpful, but all practitioners are welcome | Intermediate | Asset, Comply, Core, Deploy, Enforce, Patch, Threat Response | |
Breaking Silos and Making Friends |
Tanium's platform approach provides a unique way to bring teams together. With today's prolific tool suites, it takes a practitioner time to evaluate what their true risk is in their enterprise, and how best to mitigate/remediate these items. This goes beyond identifying unmanaged systems and bringing them under compliance. It must include populating a proper CMDB, identifying what the riskiest areas are, and applying the proper methods to remediate them. In today’s Enterprises, we commonly see multiple teams using their own tools to gather information, but as we know this data is outdated, inaccurate, or just can't be used, because of the time involved to do the correlation between the tools.
With Tanium, this lab will show how quickly you can discover, and bring these endpoints under control. Adding them into a CMDB is just the beginning. Understanding how these unmanaged systems have been impacting your Risk (and you didn't even know it), and what those systems can also affect should they be compromised. These steps traditionally have been done by multiple teams, with multiple tools. We want to break these silos and get teams talking and working together. To do this we will attempt to demonstrate what each team can see and do within the Tanium Platform, making for a better understanding of the entire enterprise, by providing a single pane of glass to everyone.
Pre-Reqs: None | Beginner-Intermediate | Asset, Comply, Discover, Enforce, Impact, Patch, Reveal | |
Code Your Way to Freedom: Tanium Endpoint Coding for Self-Reliance and Real Weekends |
Come check out Converge 2021's most well-attended lab, with new additions and lab exercises!
Tanium was built to deploy and run code fast. Executing your own code as a Sensor or Package to get information and control endpoints in seconds is how you get your weekends back and look like a hero doing it. Learn why security and operations admins finally agree on something - waiting for a vendor is not nearly as much fun as impersonating one. Learn how to do it and also what to absolutely never do. No programming experience required - you can do this! Yes, You!
Pre-Reqs: Basic Tanium experience, asking questions and deploying actions; No specific product experience required | Intermediate | Core | |
Find and Prevent Sensitive Data From Moving Around in Your Organization |
This is a scenario-based lab that involves finding and monitoring sensitive data and taking remediation action. Lab participants will use Tanium Reveal to first define sensitive data based upon a keyword list and then find files containing such.
Based upon company policy, sensitive data should be removed if found on unauthorized systems, and that will be accomplished via a Tanium Enforce Remediation policy. Next, sensitive data that is permitted on authorized systems will be monitored for changes and deletions using Integrity Monitor. Finally, Tanium Impact will be analyzed to determine if there are easy paths of lateral movement that an adversary could use to gain access to computers having sensitive data.
Pre-Reqs: Basic understanding of Tanium Reveal, Enforce and Impact modules | Intermediate-Advanced | Enforce, Impact, Reveal, Integrity Monitor | |
Finding All Your Cattle: Corralling Your Tanium Herd |
Discover networked devices, identify and assess unmanaged endpoints, and reduce vulnerability exposure with updates! In this lab, learn how to use Tanium's automated abilities to speed up onboarding new endpoints, whether they are unmanaged endpoints in your environment or expansion to additional sites.
Pre-Reqs: Intermediate Tanium Administrator skills, especially Operations and Risk focused | Intermediate-Advanced | Asset, Deploy, Direct Connect, Discover, Impact, Interact, Patch, Tanium Reporting Service | |
Get Started Leveraging the Tanium Platform and Module REST APIs Quickly with the TanREST PowerShell Module |
In this lab you will learn how to set up the TanREST module, find the API docs and create some example workflows to familiarize yourself with the tools available.
Pre-Reqs: None | Intermediate | Core, Deploy, Interact | |
Integrate Tanium with ServiceNow to Make Your CMDB Actual and Complete |
Companies are changing every day and there is great need to have valuable IT workflows. The reality is often that there is a lack of decision making data in the CMDB. This will block the automation part of the workflows. The foundation to solve this issue is to get the CMDB data accurate and actual.
In this lab, we will cover Tanium Asset and Discover as the source for an automated ServiceNow CMDB. First, to see the capabilities in Tanium and second, how to setup the integration with the market leading ServiceNow IT workflow platform. The last part of this lab will cover the standard available integrations with Security Operations and Vulnerability Management to show the art of possibility between both platforms. Dreams become reality!
Pre-Reqs: Administrative knowledge of Tanium; basic administrative knowledge of ServiceNow. Attendees will need to have access to a ServiceNow developer instance, which can be requested at developer.servicenow.com prior to Converge. | Intermediate | API Gateway, Asset, Comply, Connect, Discover | |
It's Coming from Inside the House: On the Hunt for Insider Threats with Tanium |
The sequel to a much-loved story of a young hunter looking to find and destroy the malodorous and malicious threat within the network -- this year, our hunter is seeking insider threats!
We will review hunting techniques and walk through a Malicious Insider Kill Chain, as well as signs of accidental or negligent behaviors that compromise security. Hands on labs will leverage Threat Response and Reveal to detect malicious and negligent behavior as well as utilize Impact and Enforce to mitigate future risk from an insider threat.
Pre-Reqs: Intermediate Security experience; Familiarity with Tanium Core; Prior Tanium Threat Response experience recommended, but not required | Advanced | Impact, Reveal, Threat Response, Integrity Monitor | |
Learning How to Defend Against Threats with Tanium Before a Real Attack |
This lab will focus on using Tanium to respond to attacks, and reduce attack surface, by combining Tanium and Threat Emulation. Students will understand a given attack scenario at a high level and identify/implement remediations accordingly. Remediations will focus on reducing the attack surface by applying appropriate security controls and mitigations.
Pre-Reqs: Basic Tanium experience; Cybersecurity background helpful, but not required | Intermediate-Advanced | Enforce, Impact, Threat Response | |
Setting the Curve: How to Improve Your Marks and Reduce Enterprise Risk with Tanium Benchmarks |
In this lab, students will observe how Tanium Benchmark provides unique insights into security program effectiveness, enterprise security hygiene, vulnerability and patch management programs, and endpoint risk via organizational metrics and industry comparisons. Students will be able to examine new ways to compare their organization's metrics and real-time risk posture against other customers in their industry to see how they stack up. Additionally, this lab also introduces new capabilities to dynamically define asset criticality levels on Tanium endpoints to focus on the most important endpoints first in critical enterprise workflows such as investigation and remediation.
Pre-Reqs: This course is intended for new and experienced Tanium users who are ready to expand their knowledge of Tanium Benchmarks module and its metrics and risk scoring capabilities. | Beginner-Intermediate | Comply, Impact, Patch, Reveal, Risk | |
Show Your CIO How Tanium Delivers Value Using Tanium Reporting |
Maximize the value of Tanium Reporting for all users from executive to engineer. Reporting allows new and experienced users the ability to easily find, combine, filter, format and share results without having to leave the Tanium Console.
In this lab we will walk through the basics of creating reports and dashboards, and pivoting to action across modules to strengthen key workflows.
Pre-Reqs: None | Beginner-Intermediate | Comply, Connect, Enforce, Patch, Tanium Reporting Service | |
Take Your ISMS to the Next (Maturity-) Level! |
Whether it's ISO27001, NIST CSF or PCI-DSS — all ISMS frameworks need process automation and measure effectiveness to reach high maturity ratings and pass certification audits. Besides CIS recommendations, many companies already have their own baselines and target values in place.
In this lab, we would like to show how generic CIS benchmarks can easily be tuned or customized to exactly match customers' requirements. Additionally, we would like to showcase how custom benchmarks can be created to check various other endpoint settings.
After taking this lab, CISOs, ISMS Managers and ISMS Implementers should know how to leverage Tanium to automatically assess compliance with corporate policies and at best, extend their benchmark libraries with custom checks.
Pre-Reqs: Fundamental knowledge of the Tanium platform; Basic knowledge about Tanium Comply | Intermediate | Comply, Interact | |
Tanium Basics: Leveraging the Power of Certainty |
Intended for both new users and those looking to increase their Tanium knowledge, this lab introduces learners to the Tanium Platform and core functions including questions, sensors, packages, saved questions, dashboards, categories, analyzing trends, actions, action groups and more.
Pre-Reqs: None | Beginner | Connect, Core, Interact, Trends | |
Using Tanium to Pinpoint Issues on Your Clients |
Have you ever had performance issues on endpoints? Did you ever wonder why an application was running slow? Have you ever had difficulty investigating and understanding the root cause of issues on your endpoints? I bet the answer is, "Yes!"
In this lab, we will walk you through troubleshooting issues on a Windows client. We will show you how to detect issues using Tanium Performance and Tanium Interact, then deep dive into the client itself and show you how to identify issues using task manager, windows event log and other tools. Lastly, we will demonstrate how to resolve these issues through hands-on experience and allowing you to fix it yourself.
Pre-Reqs: Basic understanding of Tanium Interact, Performance, and general Windows troubleshooting tools | Intermediate | Asset, Interact, Performance | |
Vulnerability Identification, Remediation, and Reporting with Tanium |
In this lab, attendees will be given an overview into the entire life cycle of vulnerability management.
In part 1, we will review best practices for configuring Vulnerability scans in Tanium Comply, including scan frequency and low resource configurations. In part 2, we will look at an automated patching strategy that allows for a W0-W4 monthly patching cadence and makes handling patching exceptions exceptionally easy. Lastly, in part 3, we will walk through configuring KPI reports to show vulnerability posture and patching efficacy using Tanium Data.
Pre-Reqs: None | Intermediate | Comply, Patch, Tanium Reporting Service | |
Weaving Endpoint Data Into Reporting Gold with API Gateway |
Tanium Data Service and Tanium Reporting are two powerful tools in Tanium, but users and developers need the right tool to weave that raw data into reporting gold.
Using API Gateway as the needle, you can pull from TDS data spools and spin the thread into meaningful patterns in Reporting. Tanium's API Gateway can cover the whole end-to-end tasks for automating data operations.
In this session, attendees will learn how to use a number of tools to create a customized report and then get that data out of Tanium and into your other tools (in multiple ways).
Pre-Reqs: Basic knowledge of Tanium and its capabilities; Python or scripting knowledge will be helpful, but not required | Intermediate | API Gateway, Connect, Tanium Reporting Service | |