Vendor: Tanium

Product: Threat Response

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
37	11	5	1	1

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	process-alert ↳tanium-process-alert	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools TA0002 - TA0002	7 Rules 2 Models
Malware	process-alert ↳tanium-process-alert	T1053.003 - T1053.003 T1190 - Exploit Public Fasing Application T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002	32 Rules 10 Models

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Exploit Public Fasing Application	Scheduled Task/Job	Scheduled Task/Job	Scheduled Task/Job	Impair Defenses Obfuscated Files or Information: Indicator Removal from Tools Impair Defenses: Disable or Modify System Firewall Obfuscated Files or Information