The Global Hunt (Tanium)

Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company.

Open Tanium Interact: Click the nine-dot menu and select Interact.
The Search Bar: Use the big bar in the middle that says “Ask a Question.”
Type the Command: Get Index Query File Details contains [PASTE_YOUR_HASH]
The “Enhanced” Link: Look below the bar for the words that say “Use enhanced search…” and click that link. 5. The Launch: Click the blue Ask Question button.
The Result: Wait for the blue bar to finish.
- High Count (Lots of hits): The file is a common company tool.
- Low Count (1 or 2 hits): The file is rare and needs a closer look.

The “Checklist”

[ ] Did I find the computer name?
[ ] Did I find the file path?
[ ] Did I check if it’s on 1 machine or 1,000 machines?

History | Knowledge Base

The Architects of Thought: Babbage, Lovelace, and the Birth of Computing
By

Introduction Long before the first transistor or the first line of code, the blueprint for the digital age was etched into brass gears and Victorian imagination. At New World Intelligence, we look forward—but to understand where technology is going, we must look back at the duo who first realized that machines could do more than…

Read More The Architects of Thought: Babbage, Lovelace, and the Birth of Computing
Analysis | Techniques | Tools

Splunk “Audit”
By

Read More Splunk “Audit”
Knowledge Base | Tools

Axonius — Tool Overview
By

What is Axonius? Axonius is a Cyber Asset Attack Surface Management (CAASM) platform that aggregates and correlates device and user data from across the organization’s existing security and IT tools. Rather than replacing existing tools, Axonius continuously normalizes, deduplicates, and enriches aggregated asset data to provide a complete and accurate picture of the entire technology…

Read More Axonius — Tool Overview
Analysis | Concepts | Knowledge Base | Platforms | Techniques | Threat Intelligence | Tools

The Triple Punch
By

Standard Endpoint Investigation Workflow Objective: To determine if a file is safe or malicious, find out who has it, and confirm if security controls (Antivirus) took action. Punch 1: The Inventory Hunt (Scope & Presence) Punch 2: The Reputation Check (Global Intel) Punch 3: The Log Audit (Security Action) Investigation Summary Checklist

Read More The Triple Punch
Analysis | Knowledge Base | Operations | Platforms | Techniques | Threat Intelligence | Tools

Standard Endpoint Investigation
By

Objective: Determine the distribution of a specific file across the environment to establish a baseline for the investigation. Exercise Note: For this instructional walkthrough, a Standard Reference MD5 Hash is utilized. This allows the Analyst to practice the workflow using a known, high-incidence file to ensure the system and parameters are responding as expected. Step…

Read More Standard Endpoint Investigation
Analysis | Knowledge Base

Cyber Analysis 101
By

To look for hashes in your environment, you should check devices using an enterprise EDR or a similar solution with visibility into each connected device. But first, it is recommended to research the hash via a reputation tool such as VirusTotal – Home. To find IP addresses in your environment, use an enterprise SIEM solution…

Read More Cyber Analysis 101

The “Checklist”

Similar Posts