diff --git a/Solutions/Tanium/Data/Solution_Tanium.json b/Solutions/Tanium/Data/Solution_Tanium.json index a8cfeab3ec..964b85a9d0 100644 --- a/Solutions/Tanium/Data/Solution_Tanium.json +++ b/Solutions/Tanium/Data/Solution_Tanium.json @@ -23,7 +23,7 @@ "Analytic Rules/TaniumThreatResponseAlerts.yaml" ], "BasePath": "Solutions/Tanium", - "Version": "3.2.0", + "Version": "3.2.1", "Metadata": "SolutionMetadata.json", "TemplateSpec": true, "Is1PConnector": false diff --git a/Solutions/Tanium/Package/3.2.1.zip b/Solutions/Tanium/Package/3.2.1.zip new file mode 100644 index 0000000000..125b667810 Binary files /dev/null and b/Solutions/Tanium/Package/3.2.1.zip differ diff --git a/Solutions/Tanium/Package/mainTemplate.json b/Solutions/Tanium/Package/mainTemplate.json index 7a52ff5a20..69b7e5f4de 100644 --- a/Solutions/Tanium/Package/mainTemplate.json +++ b/Solutions/Tanium/Package/mainTemplate.json @@ -41,7 +41,7 @@ "email": "support@tanium.com", "_email": "[variables('email')]", "_solutionName": "Tanium", - "_solutionVersion": "3.2.0", + "_solutionVersion": "3.2.1", "solutionId": "taniuminc1646329360287.tanium_sentinel_connector", "_solutionId": "[variables('solutionId')]", "workbookVersion1": "2.0", @@ -78,7 +78,7 @@ "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]", "Tanium-QuarantineHosts": "Tanium-QuarantineHosts", "_Tanium-QuarantineHosts": "[variables('Tanium-QuarantineHosts')]", - "playbookVersion4": "2.4", + "playbookVersion4": "2.4.1", "playbookContentId4": "Tanium-QuarantineHosts", "_playbookContentId4": "[variables('playbookContentId4')]", "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]", @@ -102,7 +102,7 @@ "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]", "Tanium-UnquarantineHosts": "Tanium-UnquarantineHosts", "_Tanium-UnquarantineHosts": "[variables('Tanium-UnquarantineHosts')]", - "playbookVersion7": "2.3", + "playbookVersion7": "2.3.1", "playbookContentId7": "Tanium-UnquarantineHosts", "_playbookContentId7": "[variables('playbookContentId7')]", "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]", @@ -136,7 +136,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "TaniumWorkbook Workbook with template version 3.2.0", + "description": "TaniumWorkbook Workbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -264,7 +264,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-ComplyFindings Playbook with template version 3.2.0", + "description": "Tanium-ComplyFindings Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion1')]", @@ -1315,7 +1315,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-GeneralHostInfo Playbook with template version 3.2.0", + "description": "Tanium-GeneralHostInfo Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion2')]", @@ -2318,7 +2318,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-MSDefenderHealth Playbook with template version 3.2.0", + "description": "Tanium-MSDefenderHealth Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion3')]", @@ -3317,7 +3317,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-QuarantineHosts Playbook with template version 3.2.0", + "description": "Tanium-QuarantineHosts Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion4')]", @@ -3419,7 +3419,7 @@ }, "tags": { "hidden-SentinelTemplateName": "Tanium-QuarantineHosts", - "hidden-SentinelTemplateVersion": "2.4", + "hidden-SentinelTemplateVersion": "2.4.1", "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" }, "dependsOn": [ @@ -6029,10 +6029,10 @@ "tags": [ "Remediation" ], - "lastUpdateTime": "2025-10-02T00:00:00Z", + "lastUpdateTime": "2025-10-16T00:00:00Z", "parameterTemplateVersion": "3.2.0", "releaseNotes": { - "version": "2.4", + "version": "2.4.1", "title": "[variables('blanks')]", "notes": [ "Initial version" @@ -6062,7 +6062,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-ResolveThreatResponseAlert Playbook with template version 3.2.0", + "description": "Tanium-ResolveThreatResponseAlert Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion5')]", @@ -6468,7 +6468,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-SCCMClientHealth Playbook with template version 3.2.0", + "description": "Tanium-SCCMClientHealth Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion6')]", @@ -7467,7 +7467,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-UnquarantineHosts Playbook with template version 3.2.0", + "description": "Tanium-UnquarantineHosts Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion7')]", @@ -7569,7 +7569,7 @@ }, "tags": { "hidden-SentinelTemplateName": "Tanium-UnquarantineHosts", - "hidden-SentinelTemplateVersion": "2.3", + "hidden-SentinelTemplateVersion": "2.3.1", "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]" }, "dependsOn": [ @@ -10137,10 +10137,10 @@ "tags": [ "Remediation" ], - "lastUpdateTime": "2025-10-02T00:00:00Z", + "lastUpdateTime": "2025-10-16T00:00:00Z", "parameterTemplateVersion": "3.2.0", "releaseNotes": { - "version": "2.3", + "version": "2.3.1", "title": "[variables('blanks')]", "notes": [ "Initial version" @@ -10170,7 +10170,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Tanium-SecurityPatches Playbook with template version 3.2.0", + "description": "Tanium-SecurityPatches Playbook with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('playbookVersion8')]", @@ -11604,7 +11604,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "TaniumThreatResponseAlerts_AnalyticalRules Analytics Rule with template version 3.2.0", + "description": "TaniumThreatResponseAlerts_AnalyticalRules Analytics Rule with template version 3.2.1", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -11636,8 +11636,8 @@ "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "TaniumUrl" + "columnName": "TaniumUrl", + "identifier": "Url" } ] }, @@ -11645,8 +11645,8 @@ "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "Computer_IP_s" + "columnName": "Computer_IP_s", + "identifier": "Address" } ] }, @@ -11654,8 +11654,8 @@ "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "Computer_Name_s" + "columnName": "Computer_Name_s", + "identifier": "HostName" } ] }, @@ -11663,8 +11663,8 @@ "entityType": "Malware", "fieldMappings": [ { - "identifier": "Name", - "columnName": "TaniumTHRLabel" + "columnName": "TaniumTHRLabel", + "identifier": "Name" } ] } @@ -11673,8 +11673,8 @@ "aggregationKind": "AlertPerResult" }, "customDetails": { - "IntelId": "Intel_Id_d", - "TaniumAlertId": "Alert_Id_g" + "TaniumAlertId": "Alert_Id_g", + "IntelId": "Intel_Id_d" }, "alertDetailsOverride": { "alertDisplayNameFormat": "{{TaniumTHRLabel}}", @@ -11684,9 +11684,9 @@ "createIncident": true, "groupingConfiguration": { "reopenClosedIncident": false, - "enabled": false, "matchingMethod": "AllEntities", - "lookbackDuration": "PT5H" + "lookbackDuration": "PT5H", + "enabled": false } } } @@ -11738,7 +11738,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.2.0", + "version": "3.2.1", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Tanium", @@ -11821,7 +11821,7 @@ ] }, "firstPublishDate": "2022-05-16", - "lastPublishDate": "2025-07-03", + "lastPublishDate": "2025-10-16", "providers": [ "Tanium" ], diff --git a/Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json b/Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json index 8545d12eaa..d813ce8399 100644 --- a/Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json +++ b/Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json @@ -13,7 +13,7 @@ ], "entities": [ "host" ], "tags": [ "Remediation" ], - "lastUpdateTime": "2025-10-02T00:00:00.000Z", + "lastUpdateTime": "2025-10-16T00:00:00.000Z", "support": { "tier": "developer", "link": "https://www.tanium.com" @@ -116,7 +116,7 @@ }, "tags": { "hidden-SentinelTemplateName": "Tanium-QuarantineHosts", - "hidden-SentinelTemplateVersion": "2.4" + "hidden-SentinelTemplateVersion": "2.4.1" }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', parameters('AzureSentinelConnectionName'))]" diff --git a/Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json b/Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json index 9eaa2ac2a9..a37bf589c7 100644 --- a/Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json +++ b/Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json @@ -13,7 +13,7 @@ ], "entities": [ "host" ], "tags": [ "Remediation" ], - "lastUpdateTime": "2025-10-02T00:00:00.000Z", + "lastUpdateTime": "2025-10-16T00:00:00.000Z", "support": { "tier": "developer", "link": "https://www.tanium.com" @@ -116,7 +116,7 @@ }, "tags": { "hidden-SentinelTemplateName": "Tanium-UnquarantineHosts", - "hidden-SentinelTemplateVersion": "2.3" + "hidden-SentinelTemplateVersion": "2.3.1" }, "dependsOn": [ "[resourceId('Microsoft.Web/connections', parameters('AzureSentinelConnectionName'))]" diff --git a/Solutions/Tanium/SolutionMetadata.json b/Solutions/Tanium/SolutionMetadata.json index dd7778371e..bbe8eb9e72 100644 --- a/Solutions/Tanium/SolutionMetadata.json +++ b/Solutions/Tanium/SolutionMetadata.json @@ -2,7 +2,7 @@ "publisherId": "taniuminc1646329360287", "offerId": "tanium_sentinel_connector", "firstPublishDate": "2022-05-16", - "lastPublishDate": "2025-07-03", + "lastPublishDate": "2025-10-16", "providers": ["Tanium"], "categories": { "domains" : ["Security - Network", "Security - Threat Protection"],