| Advanced Integration Workshop: Optimizing Tanium Automate With External Systems |
|---|
This advanced lab is designed for operators who need to master the integration of Tanium Automate with key external systems such as Microsoft Azure, VMware, Ansible, and ServiceNow. Participants will delve deep into the functionalities of the Tanium API, with a particular focus on the Tanium Automate API, learning to orchestrate and automate responses to real-world scenarios through sophisticated API-based integrations.
Pre-Req(s): A practical use of Tanium; Having an understanding of API technologies would be beneficial, but not required | Intermediate, Advanced | Asset, Automate, Data (TDS), Deploy, Gateway, Interact, Patch, Reporting, Threat Response | |
| Automate Then Take a Break: Improve Operational and Security Workflows With Tanium Automate |
|---|
In the lab, participants will leverage Tanium Automate along with other Tanium capabilities to align newly onboarded endpoints with your standards, quarantine and remediate vulnerable device, and ensure patching compliance. The new office hasn't been able to update in a year - reel in those endpoints and let Tanium take control, while you focus on the other parts of your job!
Pre-Req(s): Some Tanium Experience | Intermediate, Advanced | Asset, Automate, Comply, Deploy, Patch, Reporting, SBOM, Threat Response | |
| Cloud Workloads: Container Visibility and Beyond |
|---|
Discover the capabilities Cloud Workloads adds to Asset/SBOM, Reporting, Comply, and Enforce. Participants will first add a container registry and Kubernetes cluster to Tanium Cloud Workload and explore visibility using Asset and Reporting. Then control their managed clusters using Enforce to block rogue containers and create a custom policy. Finally, participants will use Comply to detect container images with vulnerabilities.
Pre-Req(s): Practical use of Tanium and familiarity of Kubernetes or containers | Intermediate | Asset, Comply, Enforce, Reporting, SBOM | |
| Enhance Your Intelligence With Tanium: Learn How to Protect Your Organization by Combining the Power of Tanium and OpenCTI |
|---|
In this lab, participants will learn how to protect their organization by combining the power of Tanium’s Threat Response and Connect modules & the OpenCTI platform. Participants will gain an understanding of how detection capabilities within Tanium can be extended using 3rd party intelligence. Participants will configure an integration between Tanium and an OpenCTI instance and see how intelligence and alerts can flow between the two systems and learn why that is beneficial. Finally, participants will learn how Threat Response helps to contextualize and investigate alerts raised by alternate intelligence feeds.
Pre-Req(s): Administrative knowledge of Tanium Threat Response and Connect; Basic knowledge/understanding of OpenCTI platform | Intermediate | Connect, Threat Response | |
| Low Code, High Power Workflows With Tanium Gateway and Automate |
|---|
Using the Tanium Gateway is key to building integrations with external systems and enriching data in systems, such as a SIEM. Whether participants are looking for data such as applicable patches, open vulnerabilities, or current configurations, Tanium Gateway makes these integrations seamless. However, many users struggle to implement more advanced workflows between these systems and Tanium.
In this lab, participants will see how Tanium integrates and enriches data into a standard SIEM. Participants will also learn how to use the power of Tanium Automate with Tanium Gateway to execute advanced workflows to affect change on their endpoints.
Pre-Req(s): Working Knowledge of the Tanium Platform, knowledge of APIs, and knowledge of Powershell or Python | Intermediate, Advanced | Automate, Gateway, Interact, Threat Response | |
| Mastering Interact With Automation |
|---|
Back by popular demand, this year’s session will focus on advanced targeting techniques for limited scope automation jobs. Go from automating your most common tasks to automating break/fix and specialized work flows. Participants will learn various techniques for building questions that can be used to get the exact data you need to target specific endpoints for changes.
Pre-Req(s): Basic understanding of Tanium; Six months experience recommended | Intermediate | Automate, Interact | |
| One Big RBAC Family: Managing Federated Organizations With Tanium |
|---|
In this lab, participants will learn best practices and possibilities for building out Tanium to support distributed or federated organizations. Participants will learn how to break down roles in Tanium to give small groups in their organization the power to use Tanium on the systems that are under their control without affecting other entities while maintaining the valuable top level visibility that Tanium is known for.
Pre-Req(s): A basic understanding of user and computer administration in Tanium | Beginner, Intermediate | Core, Deploy, Patch, Reporting | |
| See it, Save it, Solve it With Investigate |
|---|
This lab will guide participants through real world investigations using Tanium Investigate. Participants will use Tanium’s Investigate Workbench to locate, close-with, and remediate incidents and operations events. Using Investigate, participants will orient on threats and IT events, then rapidly collect data to gain an information advantage. Remediate, reinstall, remove, recover, report, or resume prescribed lab activities, participants will rapidly matriculate through the Investigate Workbench to make the right decision in time and on target. This lab will leverage real-world (sanitized) customer scenarios to guide participants through Investigate workflows.
Pre-Req(s): Tanium Certified Operator (TCO) recommended but not required | Intermediate | Comply, Core, Investigate, Performance, Threat Response | |
| Tanium Automate: One Touch Patching for Server Clusters |
|---|
In this lab, participants will learn how to leverage Tanium Automate Runbooks to apply OS Patches on servers in an application cluster across Linux and Windows Server platforms. Participants will learn to reduce demand and time required by patching teams and application owners. The playbook will include stopping and starting of services, one-by-one server patching, and cluster health checks to ensure the integrity and availability of the cluster during patching. Participants will then pivot into Tanium Reporting to build reports and dashboards to monitor the progress of your cluster patching runbook.
Pre-Req(s): Administration knowledge of the Tanium Platform. Basic knowledge of Patch & Reporting. | Intermediate, Advanced | Automate, Data/Reporting (Core Platform), Patch, Reporting | |
| Tanium Basics: Leveraging the Power of Certainty |
|---|
Intended for both new users and those looking to increase their Tanium knowledge, this lab introduces participants to the Tanium Platform and core functions including questions, sensors, packages, saved questions, dashboards, categories, analyzing trends, actions, and more.
Pre-Req(s): None | Beginner | Connect, Dashboards, Data (TDS), Interact, Reporting | |
| Tanium Guardian Experience: A Practical on Vulnerability Exploitation and Response |
|---|
Vulnerability management is challenging. Organizations must assess CVEs, implement mitigations or patches, and check for exploitation. In this lab, participants will analyze, scope, and mitigate a complex vulnerability using Tanium Guardian and Automate. Participants can then search for evidence of exploitation with Guardian and, if found, use Tanium Threat Response, Investigate, Enforce, and more to contain, eradicate, and recover from the intrusion.
Pre-Req(s): Practical use of Tanium console and experience with analyzing data from one of these modules: Asset, SBOM, Comply, or Threat Response; Familiarity with vulnerability management or threat hunting/incident response is also a plus. | Intermediate | Asset, Automate, Comply, Core, Enforce, Guardian, Investigate, SBOM, Threat Response | |
| Threat Hunt Like a Pro: Threat Response and Beyond! |
|---|
Use Tanium’s visibility and control to investigate security events in an entirely different way. Participants can leverage the tools they already have today to gain visibility and respond to incidents from a single platform. This lab will tie Threat Response together with other components of Tanium such as Investigate, Reactions, Single Endpoint View, Impact and much more. Participants can take advantage of the capabilities of these powerful Tanium tools to increase the speed and efficacy of threat hunting investigations in their organization.
Pre-Req(s): Basic understanding of Tanium, specifically Tanium Threat Response; Basic understanding of Incident Response and Threat Hunting | Intermediate | Impact, Interact, Investigate, Threat Response | |
| Unleashing Tanium Magic: Crafting Custom Content to Supercharge Tanium's Capabilities |
|---|
Why wait for a vendor to create new functionality to solve your business challenge? Tanium is pretty comprehensive, but we can't predict every question you might want to ask, or make every change to your endpoints you might need to! However, by writing your own sensors and packages, you can take advantage of Tanium's speed and scale to solve the unique challenges that your business faces, just like many of our customers already have. In this lab, we'll walk participants through some of the more advanced techniques for creating custom content and help take advantage of the Tanium platform to solve these more complex business challenges. If you've been developing content for Tanium for a while, this is the lab that helps you take it to the next level!
Pre-Req(s): Basic Tanium experience, asking questions and deploying actions. Some prior knowledge and experience of building custom code, ideally but not necessarily for Tanium; any blockers or issues you've encountered may well be answered in this lab. | Intermediate | Core, Data/Reporting (Core Platform) | |