Tanium Detect

This app integrates with Tanium Detect to perform several investigate, generic, and ingest type of actions

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• get suppression rule: Get a suppression rule by ID
• create suppression rule: Create a new suppression rule
• list suppression rules: List all available suppression rules in the system
• delete suppression rule: Delete one suppression rule
• get source: Get a single source by ID
• delete source: Delete an existing source by ID
• list sources: List sources configured to manage IOC's in the system
• get sourcetype: Show details for a single source type by ID
• list sourcetypes: List source types supported on this system
• get notification count: List notification counts for the last N days in UTC by default
• get notification: Show a single notification by ID
• update notification: Update the state of one notification by ID
• list notifications: List notifications with optional filtering, sorting, and pagination
• delete notification: Delete one notification by ID
• modify label: Modify the properties of an existing label by ID
• get label: Request a single label by ID
• delete label: Delete an existing label by ID. Will fail if label is used in group configurations
• create label: Create a new label
• list labels: List all available labels in the system
• get intel: Show a single Intel Document by ID
• delete intel: Delete the identified intel document by ID
• list intel: List intel documents
• get counts group: List alert counts grouped by computer name or intel id
• get alert count: List alert counts for the last N days, in UTC by default
• get alert: Show a single alert by ID
• update state: Update the state of an alert
• list alerts: List alerts with optional filtering, sorting, and pagination
• delete alert: Delete an alert by ID
• on poll: Callback action for the on_poll ingest functionality