Manually Caching Files on BigFix or TEM
To use Tivoli Endpoint Manager to update files that require a password to download from the vendor. You need to download the file manually and put it in the right folder on the BigFix/TEM server and rename it to the sha1 hash.
Here are some steps to get this done.
- Download the file to the server.
Calculate the SHA1. You can do this using sha1.exe that can be downloaded directly here or from the support site. Run it like so:
C:\Downloads>Sha1.exe -r {nameoffiletocalculate.exe} -c-c puts the result string onto your paste buffer.
Drop the file in C:\Program Files\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\sha1and rename the file with the sha1 that you had calculated.
The fixlet should run fine after that.
You actually don’t have to rename the file, but the fixlets from IBM are written like that by default.
Tanium Systems Management
Tanium is systems management software that delivers information on your endpoints within seconds. Enabled by its revolutionary architecture, Tanium will answer your plain English questions in seconds – even if you have 400,000 endpoints all over the world.
Sign up for a one-on-one demo.
What can Tanium do for me?
Tanium provides a simple interface that allows you to ask questions in plain English, hit Enter, and get real-time answers back in seconds.
What kind of questions can I ask?
Which users are runing Excel on computers in the finance department right now? What are the MAC addresses from computers in Tokyo that are generating network traffic on port 18234? What are the versions of Flash player on laptops with Windows 7? What are the user names and IP addresses of computers where a local administrator is logged in?
Again, you can watch a demo here or register for a one-on-one demo.
What am I going to do with all this information?
Well, check out our use cases, but in short, you are only limited by your imagination. Anything you could do at the command line, you can do across your entire enterprise in seconds. Tanium gives you access to instant answers, coupled with the ability to take remedial actions makes it possible for you to find and terminate threats and manage outages like never before.
Tanium Architecture
You may still be skeptical that Tanium can deliver on these promises. Give us a call at (888) 299-3718 to set up a demo or fill out this form and we’ll get back to you. If you set up a demo, we’ll also give you an ROI calculator and a free evaluation copy to try out on your systems.
I wanna try!
Of course, contact us now to get a demo and and evaluation going on your site.
Tanium Use Cases
These anecdotes show how Tanium customers have been using Tanium to improve security and systems management.
1) Inconsistent Environment Causing Application Outage
A customer is experiencing an application outage on a client-server based application, and suspects that older versions of the client application have been reintroduced into the environment in the last hour that are causing the outage, perhaps because of build revisions or an old package in a deployment tool. How can they instantly determine exactly which versions of the client application are in use currently in the environment?
In Tanium, assuming the customer is looking for an application named “AppX”, they could simply type in a question like:
What are the versions of running applications with names that contain AppX
Within 15 seconds, Tanium would return a list of the versions of the application, as well as the counts for each version, that are in use in the environment.
With existing systems in use today, the process to determine the existing versions would take hours or days, and would require advanced knowledge of the toolsets, rather than a simple question in English.
2) Monitoring for Advanced Persistent Threat/Data Leakage
A customer is concerned that they have a data leakage issue that stems from an APT, but they are unaware which machines might be affected, or even the APT’s application name. As such, they wish to know the names of every applications that currently have an established network connection to a location outside of the corporate network.
In Tanium, assuming that they wanted to know those from only the machines in the “Development” Organizational Unit, the customer could ask question like:
What are the externally communicating applications on computers where the organizational unit is Development
Within 15 seconds, a list of the applications, as well as the target hosts that they are communicating with, is presented. The commonly found applications are likely IE and other approved applications, but the bottom of the list are likely applications whose names are unknown to the administrators, and represent likely APT risks.
With existing systems, the best information available often would come from network monitoring tools, which can tell you which ports are in use, and perhaps what the contents of the traffic look like, but cannot accurately distinguish the client-side applications generating the traffic. As such, an HTTPS connection to an external location looks exactly the same, regardless of whether it is APT sucking data out of the network or someone buying shoes from an online vendor. In contrast, from the application level, Internet Explorer is easily distinguishable from an unknown named application that the organization has not approved, allowing the organization to far more effectively distinguish dangerous traffic.
Please see the next example for how to kill those applications within seconds using Tanium.
3) Kill a New Worm or Blacklisted App
A customer wishes to kill all instances of a disallowed application within 30 seconds across every machine in the environment that has it.
In Tanium, the customer would first define an action to kill AppX. Tanium packages are specified with exactly the same command as the customer would type into the command prompt if they were going to kill the application on one machine. For example:
taskkill /F /IM AppX.exe
Then, the customer would ask a question like:
What are the computer names of computers running AppX
The customer then can fix all, or a subset of the computers, by simply clicking a button to target the action to those machines – Tanium can execute that action on any subset of machines, in networks up to 400,000 computers, in about 20 seconds, and confirm success.
The customer can then use Tanium to monitor in real-time if the Blacklisted app ever returns, and get notifications within 15 seconds if it does so. Furthermore, the customer can create another action to delete/remove AppX, update AV, or perform any other actions that might be required, again in 20 seconds.
In existing systems, finding and fixing those assets would likely take hours or days at best, and would require substantial knowledge of those systems to accomplish.
4) Un-managed Assets
A customer wishes to know every asset that is connected to the network which is not actively managed by the enterprise.
Its often common for up to 15% of the assets in the environment to fall into this category, and they represent the most dangerous security threats to the network, since often they are not properly patches, do not have AV/DLP/Management Agents, and do not have AD/GPO policies enforced.
In Tanium, each Tanium agent can scan the area between it and the next Tanium agent every minute to determine if a new asset has been added to the network which is un-managed by the corporate environment. Since all traffic for the scan is in the local subnet, it will not be blocked by firewalls, NAT devices, or routers. Unlike scanners, which can often take hours or even days to traverse the network, Tanium can scan each minute with no impact on the WAN, and minimal impact on the LAN. As a result, rather than learning about a new device days or even weeks after it was introduced (particularly if it is a laptop which transitions on and off the network), Tanium can find it within an average of 30 seconds of connection.
5) Real-Time Property Collection
A customer wishes to determine the values for a particular fast-changing registry key across all machines that are using the new Windows 7 build.
In Tanium, the customer would ask a question like:
Registry Key Value from computers with Windows 7 Operating Systems
Tanium would then prompt the user to supply the value and key name, and would collect all values from those machines across the environment in 15 seconds. The user could then save that question to have it track the history of that registry key over time, monitoring changes with real-time accuracy across up to 400,000 assets.
In existing systems, collecting that Registry Key value would take hours or days at large scale, and would require substantial knowledge of those systems. Since the registry key is expected to change, administrators never have a solid idea of the current state of the environment – instead, they’re always days behind.
6) Real-time Patch Requirements
A customer is concerned that they are not able to confirm that patches were successfully applied during their maintenance windows – instead, information about success and failure is coming back hours later, often after the machines are outside of maintenance windows. The customer wants minute by minute status on the state of their assets for all patches that are required, or have been deployed.
In Tanium, the customer could simply ask:
What are the Required Microsoft Patches from computers which have a Maintenance Window now
Tanium would return every patch that is required, as well as the patch’s severity, date of release, and a variety of other information, for all machines currently in maintenance window. Since that data is 15 seconds old, the user can see exactly what is happening now, rather than hours ago. And since Tanium uses the Windows Search WSUS API to do the diagnosis of patch state, the information is 100% consistent with the Microsoft standard patch validation parameters.
In existing systems, the data would likely be days latent in most environments. By the time that the customer learned that a patch had failed, the maintenance window would be long closed.
You can watch a demo here or register for a one-on-one demo.