Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Tanium - Get Running Processes workflow

Log in to subscribe to topics and get notified when content changes.

Tanium - Get Running Processes workflow

This workflow creates an audit trail, and the Tanium: Get-Processes Question activity takes the IPV4 address of the CI as input and runs a query on the Tanium server. The output is a list of all the running processes on the affected CI.

Figure 1. Security Operations Tanium Integration - Get Running Processes workflow

When the Configuration item field in a security incident is modified, this workflow is launched.

Get Running Processes workflow

How the workflow works

Given a string question ID (normally the result of an AddObject command), the Tanium: Check if Done activity queries the Tanium server to check if data collection is complete. This activity uses the sn_sec_tanium.TaniumEndpointUtil script include and relies on the GetResultInfo Tanium server SOAP message.

When the Tanium: Check if Done activity returns true, the Tanium: Get Result Data from Response activity collects all the data returned from the Tanium server in answer to the Get-Processes question. The output consists of an array of objects, each containing key-value pairs composed of the column and values returned from the server. If no data is received from the server, the output is an empty array.

Activities specific to this integration are described here. For more information on other activities, see Common integration workflow activities.