In-Person Labs

Peruse the list of In-Person Labs being offered at Converge 2024 below and use the filters to narrow down which best fit your needs and expertise. More information about In-Person Labs can be found here.

Description Session Tag Difficulty More Info
Advanced Integration Workshop: Optimizing Tanium Automate With External Systems

This advanced lab is designed for operators who need to master the integration of Tanium Automate with key external systems such as Microsoft Azure, VMware, Ansible, and ServiceNow. Participants will delve deep into the functionalities of the Tanium API, with a particular focus on the Tanium Automate API, learning to orchestrate and automate responses to real-world scenarios through sophisticated API-based integrations.

Pre-Req(s): A practical use of Tanium; Having an understanding of API technologies would be beneficial, but not required

Endpoint Management, Risk & Compliance Management, XEM CoreIntermediate, Advanced
Automate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate

In the lab, participants will leverage Tanium Automate along with other Tanium capabilities to align newly onboarded endpoints with your standards, quarantine and remediate vulnerable device, and ensure patching compliance. The new office hasn't been able to update in a year - reel in those endpoints and let Tanium take control, while you focus on the other parts of your job!

Pre-Req(s): Some Tanium Experience

Endpoint Management, Incident Response, Risk & Compliance Management, XEM CoreIntermediate, Advanced
Cloud Workloads: Container Visibility and Beyond

Discover the capabilities Cloud Workloads adds to Asset/SBOM, Reporting, Comply, and Enforce. Participants will first add a container registry and Kubernetes cluster to Tanium Cloud Workload and explore visibility using Asset and Reporting. Then control their managed clusters using Enforce to block rogue containers and create a custom policy. Finally, participants will use Comply to detect container images with vulnerabilities.

Pre-Req(s): Practical use of Tanium and familiarity of Kubernetes or containers

Endpoint Management, Risk & Compliance Management, XEM CoreIntermediate
Enhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI

In this lab, participants will learn how to protect their organization by combining the power of Tanium’s Threat Response and Connect modules & the OpenCTI platform. Participants will gain an understanding of how detection capabilities within Tanium can be extended using 3rd party intelligence. Participants will configure an integration between Tanium and an OpenCTI instance and see how intelligence and alerts can flow between the two systems and learn why that is beneficial. Finally, participants will learn how Threat Response helps to contextualize and investigate alerts raised by alternate intelligence feeds.

Pre-Req(s): Administrative knowledge of Tanium Threat Response and Connect; Basic knowledge/understanding of OpenCTI platform

Incident Response, Risk & Compliance Management, XEM CoreIntermediate
I Hear You Knocking, but You Can't Login!: An Exploration of Zero Trust With Tanium and Microsoft Entra ID

This lab will showcase a practical example of how to tie together Tanium functionality focused on the Zero Trust integration with Microsoft Entra ID. Tanium’s tie-in to Microsoft’s Entra ID allows for nearly any Tanium question to be used as a reason to block access to an endpoint. In this lab, participants will move from the overview of this process using Tanium to automatically remediate an endpoint.

Blocking logins via the Microsoft-Tanium integration with Entra ID is the start of a process to protect your enterprise, but it’s important to be able to quickly remediate the conditions which would cause a user not to be able to log in. This lab will walk through a scenario where using Automate and Enforce to remediate a condition which blocks user logins. We will also discuss how this process can be incorporated with other toolsets, like ServiceNow.

Pre-Req(s): General familiarity of Tanium functionality – Enforce Remediation; General familiarity of Microsoft Entra ID – User and Device Control

Incident Response, Risk & Compliance Management, ServiceNow and Tanium, XEM CoreIntermediate
Low Code, High Power Workflows With Tanium Gateway and Automate

Using the Tanium Gateway is key to building integrations with external systems and enriching data in systems, such as a SIEM. Whether participants are looking for data such as applicable patches, open vulnerabilities, or current configurations, Tanium Gateway makes these integrations seamless. However, many users struggle to implement more advanced workflows between these systems and Tanium.

In this lab, participants will see how Tanium integrates and enriches data into a standard SIEM. Participants will also learn how to use the power of Tanium Automate with Tanium Gateway to execute advanced workflows to affect change on their endpoints.

Pre-Req(s): Working Knowledge of the Tanium Platform, knowledge of APIs, and knowledge of Powershell or Python

Incident Response, Risk & Compliance Management, XEM CoreIntermediate, Advanced
Mastering Interact With Automation

Back by popular demand, this year’s session will focus on advanced targeting techniques for limited scope automation jobs. Go from automating your most common tasks to automating break/fix and specialized work flows. Participants will learn various techniques for building questions that can be used to get the exact data you need to target specific endpoints for changes.

Pre-Req(s): Basic understanding of Tanium; Six months experience recommended

XEM CoreIntermediate
One Big RBAC Family: Managing Federated Organizations With Tanium

In this lab, participants will learn best practices and possibilities for building out Tanium to support distributed or federated organizations. Participants will learn how to break down roles in Tanium to give small groups in their organization the power to use Tanium on the systems that are under their control without affecting other entities while maintaining the valuable top level visibility that Tanium is known for.

Pre-Req(s): A basic understanding of user and computer administration in Tanium

Endpoint Management, XEM CoreBeginner, Intermediate
PART 1: Driving Efficiencies with Tanium Automate

This Lab is part 1 of a 2-part lab. During this session, you will receive an immersive workshop that is designed to give you a comprehensive understanding of Tanium Automate. This combined lecture and lab workshop will begin with the fundamentals of automation, including an overview of Tanium AEM (Autonomous Endpoint Management) and Automate, along with a live demo.

Endpoint Management, XEM CoreBeginner
PART 2: Driving Efficiencies with Tanium Automate

In Part 2 of this lab, participants will engage in hands-on activities to explore and identify key processes suitable for automation and learn how to build effective playbooks using Tanium Automate. By the end of the workshop, you'll have the skills to drive efficiencies and streamline operations within your organization. This lab is ideal for IT Operations, Security professionals, and other relevant roles looking to leverage automation for enhanced productivity and business value.

Endpoint Management, XEM CoreBeginner
See it, Save it, Solve it With Investigate

This lab will guide participants through real world investigations using Tanium Investigate. Participants will use Tanium’s Investigate Workbench to locate, close-with, and remediate incidents and operations events. Using Investigate, participants will orient on threats and IT events, then rapidly collect data to gain an information advantage. Remediate, reinstall, remove, recover, report, or resume prescribed lab activities, participants will rapidly matriculate through the Investigate Workbench to make the right decision in time and on target. This lab will leverage real-world (sanitized) customer scenarios to guide participants through Investigate workflows.

Pre-Req(s): Tanium Certified Operator (TCO) recommended but not required

Endpoint Management, Incident Response, Risk & Compliance Management, XEM CoreIntermediate
[SPONSOR CO-LED] Better Together: Next Gen SOC Powered by Microsoft Sentinel and Tanium

This lab focuses on integrating Tanium with Microsoft Sentinel to enhance SOC (Security Operations Center) capabilities. The integration utilizes Tanium connectors and Sentinel's real-time capabilities to offer several benefits:

Data Integration: Students will learn how to send data from Tanium to Sentinel and automatically create incidents using the Tanium connection.
Incident Management: The lab involves leveraging both automated and manual incident actions running a custom PwC playbook, utilizing Tanium as a data source.
Real-time Remediation: Students will use Tanium's API for real-time remediation actions within Sentinel using custom PwC Tanium packages.

Pre-Req(s): Practical experience with Tanium, speciically Threat Response; Basic understanding of Microsoft Sentinel

Sponsor Co-Led by PwC

Endpoint Management, Incident Response, PwC and Tanium, Sponsor Co-Led, XEM CoreIntermediate
[SPONSOR CO-LED] Do You Know Your Risk Posture? Tanium and ServiceNow Provides Real-Time Results

In this lab, participants will get an understanding of the Vulnerability Response Framework and architecture supported by Tanium and ServiceNow. Participants will then configure the needed Vulnerability Response app integrations, as available in the ServiceNow store. Lastly, participants will work on additional configuration activities based on best practices and experiences we have discovered during customer implementations.

Pre-Req(s): Administrative ServiceNow knowledge; Administrative knowledge of Tanium; Familiarity with vulnerability and patch management

Sponsor Co-Led by AHEAD

AHEAD and Tanium, Incident Response, Risk & Compliance Management, Sponsor Co-Led, XEM CoreIntermediate
[SPONSOR CO-LED] Revolutionizing Patch Operations with ServiceNow and Tanium

Many IT Operations teams spend countless hours submitting change requests for their patching activities. Imagine a world where IT Ops staff can save time by opening changes for their patch activities in ServiceNow and have them be scheduled automatically after they are approved. The future is now! In this hands-on lab, participants will have access to their own Tanium and ServiceNow environments to perform an automated monthly patching cycle orchestrated by ServiceNow.

Pre-Req(s): Basic understanding of Tanium Platform, Patch and Deploy; Basic understanding of ServiceNow (Change Management concepts and Flow Designer knowledge)

Sponsor Co-Led by ServiceNow

Endpoint Management, Incident Response, Risk & Compliance Management, ServiceNow and Tanium, Sponsor Co-Led, XEM CoreIntermediate
[SPONSOR CO-LED] The Power of Three: Explore What's Possible When Integrating Microsoft Security Solutions With Tanium and ServiceNow

Dive into the world of cutting-edge security by integrating Microsoft Security Copilot with Tanium and ServiceNow. This hands-on lab will guide participants through detecting incidents, automating ticket creation, performing initial triage, and remediating security issues efficiently. By the end of this lab, participants will be equipped to enhance their organization’s security posture through streamlined workflows and powerful integrations.

Pre-Req(s): Prior experience with Tanium Administration, ServiceNow, and Microsoft Defender for Endpoint (MDE)

Sponsor Co-Led by Avanade 

Endpoint Management, Incident Response, ServiceNow and Tanium, Sponsor Co-Led, XEM Core, Avanade and TaniumIntermediate, Advanced
Tanium Automate: One Touch Patching for Server Clusters

In this lab, participants will learn how to leverage Tanium Automate Runbooks to apply OS Patches on servers in an application cluster across Linux and Windows Server platforms. Participants will learn to reduce demand and time required by patching teams and application owners. The playbook will include stopping and starting of services, one-by-one server patching, and cluster health checks to ensure the integrity and availability of the cluster during patching. Participants will then pivot into Tanium Reporting to build reports and dashboards to monitor the progress of your cluster patching runbook.

Pre-Req(s): Administration knowledge of the Tanium Platform. Basic knowledge of Patch & Reporting.

Endpoint Management, Tanium Platform, XEM CoreIntermediate, Advanced
Tanium Basics: Leveraging the Power of Certainty

Intended for both new users and those looking to increase their Tanium knowledge, this lab introduces participants to the Tanium Platform and core functions including questions, sensors, packages, saved questions, dashboards, categories, analyzing trends, actions, and more.

Pre-Req(s): None

Endpoint Management, XEM CoreBeginner
Tanium Guardian Experience: A Practical on Vulnerability Exploitation and Response

Vulnerability management is challenging. Organizations must assess CVEs, implement mitigations or patches, and check for exploitation. In this lab, participants will analyze, scope, and mitigate a complex vulnerability using Tanium Guardian and Automate. Participants can then search for evidence of exploitation with Guardian and, if found, use Tanium Threat Response, Investigate, Enforce, and more to contain, eradicate, and recover from the intrusion.

Pre-Req(s): Practical use of Tanium console and experience with analyzing data from one of these modules: Asset, SBOM, Comply, or Threat Response; Familiarity with vulnerability management or threat hunting/incident response is also a plus.

Endpoint Management, Incident Response, Risk & Compliance Management, XEM CoreIntermediate
Threat Hunt Like a Pro: Threat Response and Beyond!

Use Tanium’s visibility and control to investigate security events in an entirely different way. Participants can leverage the tools they already have today to gain visibility and respond to incidents from a single platform. This lab will tie Threat Response together with other components of Tanium such as Investigate, Reactions, Single Endpoint View, Impact and much more. Participants can take advantage of the capabilities of these powerful Tanium tools to increase the speed and efficacy of threat hunting investigations in their organization.

Pre-Req(s): Basic understanding of Tanium, specifically Tanium Threat Response; Basic understanding of Incident Response and Threat Hunting

Incident Response, Risk & Compliance Management, XEM CoreIntermediate
Unleashing Tanium Magic: Crafting Custom Content to Supercharge Tanium's capabilities

Why wait for a vendor to create new functionality to solve your business challenge? Tanium is pretty comprehensive, but we can't predict every question you might want to ask, or make every change to your endpoints you might need to! However, by writing your own sensors and packages, you can take advantage of Tanium's speed and scale to solve the unique challenges that your business faces, just like many of our customers already have. In this lab, we'll walk participants through some of the more advanced techniques for creating custom content and help take advantage of the Tanium platform to solve these more complex business challenges. If you've been developing content for Tanium for a while, this is the lab that helps you take it to the next level!

Pre-Req(s): Basic Tanium experience, asking questions and deploying actions. Some prior knowledge and experience of building custom code, ideally but not necessarily for Tanium; any blockers or issues you've encountered may well be answered in this lab.

XEM CoreIntermediate
Time Name More Info
Monday, November 18, 2024
8:30 AM - 10:00 AMAutomate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate
8:30 AM - 10:00 AMCloud Workloads: Container Visibility and Beyond
8:30 AM - 10:00 AMI Hear You Knocking, but You Can't Login!: An Exploration of Zero Trust With Tanium and Microsoft Entra ID
8:30 AM - 10:00 AMIn-Person Labs
8:30 AM - 10:00 AMMastering Interact With Automation
8:30 AM - 10:00 AMOne Big RBAC Family: Managing Federated Organizations With Tanium
8:30 AM - 10:00 AMSee it, Save it, Solve it With Investigate
8:30 AM - 10:00 AM[SPONSOR CO-LED] Do You Know Your Risk Posture? Tanium and ServiceNow Provides Real-Time Results
8:30 AM - 10:00 AM[SPONSOR CO-LED] The Power of Three: Explore What's Possible When Integrating Microsoft Security Solutions With Tanium and ServiceNow
8:30 AM - 10:00 AMTanium Basics: Leveraging the Power of Certainty
8:30 AM - 10:00 AMTanium Guardian Experience: A Practical on Vulnerability Exploitation and Response
10:30 AM - 12:00 PMAdvanced Integration Workshop: Optimizing Tanium Automate With External Systems
10:30 AM - 12:00 PMEnhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI
10:30 AM - 12:00 PMI Hear You Knocking, but You Can't Login!: An Exploration of Zero Trust With Tanium and Microsoft Entra ID
10:30 AM - 12:00 PMIn-Person Labs
10:30 AM - 12:00 PMLow Code, High Power Workflows With Tanium Gateway and Automate
10:30 AM - 12:00 PMOne Big RBAC Family: Managing Federated Organizations With Tanium
10:30 AM - 12:00 PMPART 1: Driving Efficiencies with Tanium Automate
10:30 AM - 12:00 PM[SPONSOR CO-LED] Better Together: Next Gen SOC Powered by Microsoft Sentinel and Tanium
10:30 AM - 12:00 PM[SPONSOR CO-LED] Revolutionizing Patch Operations with ServiceNow and Tanium
10:30 AM - 12:00 PMTanium Automate: One Touch Patching for Server Clusters
10:30 AM - 12:00 PMThreat Hunt Like a Pro: Threat Response and Beyond!
10:30 AM - 12:00 PMUnleashing Tanium Magic: Crafting Custom Content to Supercharge Tanium's capabilities
1:00 PM - 2:30 PMAdvanced Integration Workshop: Optimizing Tanium Automate With External Systems
1:00 PM - 2:30 PMAutomate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate
1:00 PM - 2:30 PMCloud Workloads: Container Visibility and Beyond
1:00 PM - 2:30 PMEnhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI
1:00 PM - 2:30 PMIn-Person Labs
1:00 PM - 2:30 PMMastering Interact With Automation
1:00 PM - 2:30 PMPART 2: Driving Efficiencies with Tanium Automate
1:00 PM - 2:30 PMSee it, Save it, Solve it With Investigate
1:00 PM - 2:30 PM[SPONSOR CO-LED] The Power of Three: Explore What's Possible When Integrating Microsoft Security Solutions With Tanium and ServiceNow
1:00 PM - 2:30 PMTanium Basics: Leveraging the Power of Certainty
1:00 PM - 2:30 PMTanium Guardian Experience: A Practical on Vulnerability Exploitation and Response
1:00 PM - 2:30 PMThreat Hunt Like a Pro: Threat Response and Beyond!
3:00 PM - 4:30 PMCloud Workloads: Container Visibility and Beyond
3:00 PM - 4:30 PMI Hear You Knocking, but You Can't Login!: An Exploration of Zero Trust With Tanium and Microsoft Entra ID
3:00 PM - 4:30 PMIn-Person Labs
3:00 PM - 4:30 PMLow Code, High Power Workflows With Tanium Gateway and Automate
3:00 PM - 4:30 PMMastering Interact With Automation
3:00 PM - 4:30 PMSee it, Save it, Solve it With Investigate
3:00 PM - 4:30 PM[SPONSOR CO-LED] Better Together: Next Gen SOC Powered by Microsoft Sentinel and Tanium
3:00 PM - 4:30 PM[SPONSOR CO-LED] Revolutionizing Patch Operations with ServiceNow and Tanium
3:00 PM - 4:30 PMTanium Automate: One Touch Patching for Server Clusters
3:00 PM - 4:30 PMTanium Basics: Leveraging the Power of Certainty
3:00 PM - 4:30 PMUnleashing Tanium Magic: Crafting Custom Content to Supercharge Tanium's Capabilities
Wednesday, November 20, 2024
1:00 PM - 2:30 PMAdvanced Integration Workshop: Optimizing Tanium Automate With External Systems
1:00 PM - 2:30 PMEnhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI
1:00 PM - 2:30 PMIn-Person Labs
1:00 PM - 2:30 PMLow Code, High Power Workflows With Tanium Gateway and Automate
1:00 PM - 2:30 PMOne Big RBAC Family: Managing Federated Organizations With Tanium
1:00 PM - 2:30 PMPART 1: Driving Efficiencies with Tanium Automate
1:00 PM - 2:30 PMSee it, Save it, Solve it With Investigate
1:00 PM - 2:30 PM[SPONSOR CO-LED] Do You Know Your Risk Posture? Tanium and ServiceNow Provides Real-Time Results
1:00 PM - 2:30 PM[SPONSOR CO-LED] The Power of Three: Explore What's Possible When Integrating Microsoft Security Solutions With Tanium and ServiceNow
1:00 PM - 2:30 PMTanium Automate: One Touch Patching for Server Clusters
1:00 PM - 2:30 PMTanium Basics: Leveraging the Power of Certainty
1:00 PM - 2:30 PMTanium Guardian Experience: A Practical on Vulnerability Exploitation and Response
3:30 PM - 5:00 PMAutomate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate
3:30 PM - 5:00 PMCloud Workloads: Container Visibility and Beyond
3:30 PM - 5:00 PMI Hear You Knocking, but You Can't Login!: An Exploration of Zero Trust With Tanium and Microsoft Entra ID
3:30 PM - 5:00 PMIn-Person Labs
3:30 PM - 5:00 PMMastering Interact With Automation
3:30 PM - 5:00 PMPART 2: Driving Efficiencies with Tanium Automate
3:30 PM - 5:00 PM[SPONSOR CO-LED] Better Together: Next Gen SOC Powered by Microsoft Sentinel and Tanium
3:30 PM - 5:00 PM[SPONSOR CO-LED] Do You Know Your Risk Posture? Tanium and ServiceNow Provides Real-Time Results
3:30 PM - 5:00 PM[SPONSOR CO-LED] Revolutionizing Patch Operations with ServiceNow and Tanium
3:30 PM - 5:00 PMTanium Automate: One Touch Patching for Server Clusters
3:30 PM - 5:00 PMThreat Hunt Like a Pro: Threat Response and Beyond!
3:30 PM - 5:00 PMUnleashing Tanium Magic: Crafting Custom Content to Supercharge Tanium's Capabilities
Thursday, November 21, 2024
8:30 AM - 10:00 AMAdvanced Integration Workshop: Optimizing Tanium Automate With External Systems
8:30 AM - 10:00 AMAutomate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate
8:30 AM - 10:00 AMEnhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI
8:30 AM - 10:00 AMIn-Person Labs
8:30 AM - 10:00 AMOne Big RBAC Family: Managing Federated Organizations With Tanium
8:30 AM - 10:00 AM[SPONSOR CO-LED] Revolutionizing Patch Operations with ServiceNow and Tanium
8:30 AM - 10:00 AM[SPONSOR CO-LED] The Power of Three: Explore What's Possible When Integrating Microsoft Security Solutions With Tanium and ServiceNow
8:30 AM - 10:00 AMThreat Hunt Like a Pro: Threat Response and Beyond!