Tanium Detect

The time to complete all the answers is 1 hour. Answers submitted after the given time will not be considered.

1. Explain the Threat Response module with respect to Detect Alerts in Tanium *

2. How do you Triage an incident which is detected in Tanium? *

3. While analyzing the Alert, How do you come to the conclusion that it is a False positive one? *

4. What are the parameters that you will be looking into, while dealing with the alerts? *

5. How do deal with the true positive alerts? What’s your approach? *

6. What’s your approach when a malicious file has been detected at the endpoint and the alert is triggered in tanium? *

7. How do you delete the particular file in a particular machine which you feel is malicious? *

8. How can the live connection be established to the machine and what’s the criteria to establish a live connection? *

9. Let’s say there are around 40k plus alerts listed in the console, how do you manage to eliminate the false positives in huge numbers without eliminating true positive one? *

10. What’s your approach when you need to contact the user on detecting a malicious file on his machine? *

11. Once the alert is analyzed and you are ready with your findings, would you go on check in other security tools to gather more information on that Host? If so, what and how would it be? *

12. The same machine is triggering the alert again and again for the same intel in tanium and ticket has been raised previously to delete those particular paths. How do you approach this again while raising the ticket to the DSS Team? *

13. What do you understand from the MITRE Attacks TTP’s that are correlated to detect alerts in Tanium? *

14. Once you are done with the analysis part, what are the changes that you will be making in the Tanium console with respect to that alert? *

Name *

Email *