This advanced lab is designed for operators who need to master the integration of Tanium Automate with key external systems such as Microsoft Azure, VMware, Ansible, and ServiceNow. Participants will delve deep into the functionalities of the Tanium API, with a particular focus on the Tanium Automate API, learning to orchestrate and automate responses to real-world scenarios through sophisticated API-based integrations.

Pre-Req(s): A practical use of Tanium; Having an understanding of API technologies would be beneficial, but not required

In the lab, participants will leverage Tanium Automate along with other Tanium capabilities to align newly onboarded endpoints with your standards, quarantine and remediate vulnerable device, and ensure patching compliance. The new office hasn't been able to update in a year - reel in those endpoints and let Tanium take control, while you focus on the other parts of your job!

Pre-Req(s): Some Tanium Experience

Discover the capabilities Cloud Workloads adds to Asset/SBOM, Reporting, Comply, and Enforce. Participants will first add a container registry and Kubernetes cluster to Tanium Cloud Workload and explore visibility using Asset and Reporting. Then control their managed clusters using Enforce to block rogue containers and create a custom policy. Finally, participants will use Comply to detect container images with vulnerabilities.

Pre-Req(s): Practical use of Tanium and familiarity of Kubernetes or containers

In this lab, participants will learn how to protect their organization by combining the power of Tanium’s Threat Response and Connect modules & the OpenCTI platform. Participants will gain an understanding of how detection capabilities within Tanium can be extended using 3rd party intelligence. Participants will configure an integration between Tanium and an OpenCTI instance and see how intelligence and alerts can flow between the two systems and learn why that is beneficial. Finally, participants will learn how Threat Response helps to contextualize and investigate alerts raised by alternate intelligence feeds.

Pre-Req(s): Administrative knowledge of Tanium Threat Response and Connect; Basic knowledge/understanding of OpenCTI platform

This lab will showcase a practical example of how to tie together Tanium functionality focused on the Zero Trust integration with Microsoft Entra ID. Tanium’s tie-in to Microsoft’s Entra ID allows for nearly any Tanium question to be used as a reason to block access to an endpoint. In this lab, participants will move from the overview of this process using Tanium to automatically remediate an endpoint.

Blocking logins via the Microsoft-Tanium integration with Entra ID is the start of a process to protect your enterprise, but it’s important to be able to quickly remediate the conditions which would cause a user not to be able to log in. This lab will walk through a scenario where using Automate and Enforce to remediate a condition which blocks user logins. We will also discuss how this process can be incorporated with other toolsets, like ServiceNow.

Pre-Req(s): General familiarity of Tanium functionality – Enforce Remediation. General familiarity of Microsoft Entra ID – User and Device Control.

Using the Tanium Gateway is key to building integrations with external systems and enriching data in systems, such as a SIEM. Whether participants are looking for data such as applicable patches, open vulnerabilities, or current configurations, Tanium Gateway makes these integrations seamless. However, many users struggle to implement more advanced workflows between these systems and Tanium.

In this lab, participants will see how Tanium integrates and enriches data into a standard SIEM. Participants will also learn how to use the power of Tanium Automate with Tanium Gateway to execute advanced workflows to affect change on their endpoints.

Pre-Req(s): Working Knowledge of the Tanium Platform, knowledge of APIs, and knowledge of Powershell or Python

Back by popular demand, this year’s session will focus on advanced targeting techniques for limited scope automation jobs. Go from automating your most common tasks to automating break/fix and specialized work flows. Participants will learn various techniques for building questions that can be used to get the exact data you need to target specific endpoints for changes.

Pre-Req(s): Basic understanding of Tanium; Six months experience recommended

In this lab, participants will learn best practices and possibilities for building out Tanium to support distributed or federated organizations. Participants will learn how to break down roles in Tanium to give small groups in their organization the power to use Tanium on the systems that are under their control without affecting other entities while maintaining the valuable top level visibility that Tanium is known for.

Pre-Req(s): A basic understanding of user and computer administration in Tanium

This lab will guide participants through real world investigations using Tanium Investigate. Participants will use Tanium’s Investigate Workbench to locate, close-with, and remediate incidents and operations events. Using Investigate, participants will orient on threats and IT events, then rapidly collect data to gain an information advantage. Remediate, reinstall, remove, recover, report, or resume prescribed lab activities, participants will rapidly matriculate through the Investigate Workbench to make the right decision in time and on target. This lab will leverage real-world (sanitized) customer scenarios to guide participants through Investigate workflows.

Pre-Req(s): Tanium Certified Operator (TCO) recommended but not required

This lab focuses on integrating Tanium with Microsoft Sentinel to enhance SOC (Security Operations Center) capabilities. The integration utilizes Tanium connectors and Sentinel's real-time capabilities to offer several benefits:

Data Integration: Students will learn how to send data from Tanium to Sentinel and automatically create incidents using the Tanium connection.
Incident Management: The lab involves leveraging both automated and manual incident actions running a custom PwC playbook, utilizing Tanium as a data source.
Real-time Remediation: Students will use Tanium's API for real-time remediation actions within Sentinel using custom PwC Tanium packages.

Pre-Req(s): Practical experience with Tanium, speciically Threat Response; Basic understanding of Microsoft Sentinel

Sponsor Co-Led by PwC

In this lab, participants will get an understanding of the Vulnerability Response Framework and architecture supported by Tanium and ServiceNow. Participants will then configure the needed Vulnerability Response app integrations, as available in the ServiceNow store. Lastly, participants will work on additional configuration activities based on best practices and experiences we have discovered during customer implementations.

Pre-Req(s): Administrative ServiceNow knowledge; Administrative knowledge of Tanium; Familiarity with vulnerability and patch management

Sponsor Co-Led by AHEAD

Many IT Operations teams spend countless hours submitting change requests for their patching activities. Imagine a world where IT Ops staff can save time by opening changes for their patch activities in ServiceNow and have them be scheduled automatically after they are approved. The future is now! In this hands-on lab, participants will have access to their own Tanium and ServiceNow environments to perform an automated monthly patching cycle orchestrated by ServiceNow.

Pre-Req(s): Basic understanding of Tanium Platform, Patch and Deploy; Basic understanding of ServiceNow (Change Management concepts and Flow Designer knowledge)

Sponsor Co-Led by ServiceNow

Dive into the world of cutting-edge security by integrating Microsoft Security Copilot with Tanium and ServiceNow. This hands-on lab will guide participants through detecting incidents, automating ticket creation, performing initial triage, and remediating security issues efficiently. By the end of this lab, participants will be equipped to enhance their organization’s security posture through streamlined workflows and powerful integrations.

Pre-Req(s): Prior experience with Tanium Administration, ServiceNow, and Microsoft Defender for Endpoint (MDE)

Sponsor Co-Led by Avanade 

In this lab, participants will learn how to leverage Tanium Automate Runbooks to apply OS Patches on servers in an application cluster across Linux and Windows Server platforms. Participants will learn to reduce demand and time required by patching teams and application owners. The playbook will include stopping and starting of services, one-by-one server patching, and cluster health checks to ensure the integrity and availability of the cluster during patching. Participants will then pivot into Tanium Reporting to build reports and dashboards to monitor the progress of your cluster patching runbook.

Pre-Req(s): Administration knowledge of the Tanium Platform. Basic knowledge of Patch & Reporting.

Intended for both new users and those looking to increase their Tanium knowledge, this lab introduces participants to the Tanium Platform and core functions including questions, sensors, packages, saved questions, dashboards, categories, analyzing trends, actions, and more.

Pre-Req(s): None

Vulnerability management is challenging. Organizations must assess CVEs, implement mitigations or patches, and check for exploitation. In this lab, participants will analyze, scope, and mitigate a complex vulnerability using Tanium Guardian and Automate. Participants can then search for evidence of exploitation with Guardian and, if found, use Tanium Threat Response, Investigate, Enforce, and more to contain, eradicate, and recover from the intrusion.

Pre-Req(s): Practical use of Tanium console and experience with analyzing data from one of these modules: Asset, SBOM, Comply, or Threat Response; Familiarity with vulnerability management or threat hunting/incident response is also a plus.

Use Tanium’s visibility and control to investigate security events in an entirely different way. Participants can leverage the tools they already have today to gain visibility and respond to incidents from a single platform. This lab will tie Threat Response together with other components of Tanium such as Investigate, Reactions, Single Endpoint View, Impact and much more. Participants can take advantage of the capabilities of these powerful Tanium tools to increase the speed and efficacy of threat hunting investigations in their organization.

Pre-Req(s): Basic understanding of Tanium, specifically Tanium Threat Response; Basic understanding of Incident Response and Threat Hunting

Why wait for a vendor to create new functionality to solve your business challenge? Tanium is pretty comprehensive, but we can't predict every question you might want to ask, or make every change to your endpoints you might need to! However, by writing your own sensors and packages, you can take advantage of Tanium's speed and scale to solve the unique challenges that your business faces, just like many of our customers already have. In this lab, we'll walk participants through some of the more advanced techniques for creating custom content and help take advantage of the Tanium platform to solve these more complex business challenges. If you've been developing content for Tanium for a while, this is the lab that helps you take it to the next level!

Pre-Req(s): Basic Tanium experience, asking questions and deploying actions. Some prior knowledge and experience of building custom code, ideally but not necessarily for Tanium; any blockers or issues you've encountered may well be answered in this lab.