Tanium Threat Response

This app supports various generic and investigate actions on Tanium Threat Response

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• list computers: Get top 10 suggestions for computers where name or IP contains <name>
• initialize computers list: Start background question for computers list
• list connections: Get a list of connections
• create connection: Create a new local or remote connection
• get connection: Gets connection information
• delete connection: Deletes connection
• list local snapshots: Get a list of local snapshots
• create snapshot: Capture a new snapshot
• delete local snapshot: Delete a local snapshot
• list snapshots: Get a list of all the snapshots
• delete snapshot: Delete a snapshot
• get process: Get information for a process
• get process timeline: Get process timeline
• get process tree: Get process tree for a process instance
• get parent process tree: Get parent process tree for a process instance
• get children process tree: Get children process tree for a process instance
• get events: Build a query to get events of a certain type from a connection
• get events summary: Returns counts of each type of event
• list files: List downloaded files in Tanium Threat Response
• save file: Save a file from a remote connection to Tanium Threat Response
• delete file: Delete a downloaded file from Tanium Threat Response
• get file: Download a file from Tanium Threat Response to the Phantom Vault
• upload intel doc: Upload intel document to Tanium Threat Response
• start quick scan: Scan a computer group for hashes in intel document
• list alerts: List alerts with optional filtering