Tanium - Get File Details workflow

This workflow queries the Tanium server for the existence of files with a specific hash value or file name. The activities collect the results and store them as enrichment data on a security incident.

Figure 1. Security Operations Tanium Integration - Get File Details workflow
Get File Details workflow
Note: This workflow illustrates how you can query the Tanium server for the existence of files with a specific hash value or file name, collect the data, and store it as enrichment data on a security incident. In its current implementation, the workflow does not return the enriched data for use by the system. It is provided to exemplify the process you can use to increase the effectiveness of your security incident investigation.