Tanium Solution: Security Hardening for Playbook API Authentication and Alert Management

What Changed

Tanium solution version 3.2.0 updates all playbook templates with Azure Key Vault integration for secure API token storage and fixes analytic rule alert grouping and naming issues.

Security Impact (Visibility & Fidelity)

Previous playbooks stored Tanium API credentials as plaintext parameters, creating security risks for bad actors accessing deployment templates. The updated templates use Key Vault SecureString parameters and require “Key Vaults Secret User” role assignment. Additionally, the analytic rule fix ensures 1:1 mapping between Tanium Threat Response alerts and Microsoft Sentinel alerts, preventing alert aggregation that could mask individual security events.

Affected Files

Solutions/Tanium/Analytic Rules/TaniumThreatResponseAlerts.yaml
Solutions/Tanium/Playbooks/Tanium-ComplyFindings/azuredeploy.json
Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json
Solutions/Tanium/Playbooks/Tanium-ResolveThreatResponseAlert/azuredeploy.json
(packaging artefacts: mainTemplate.json, Solution_Tanium.json)

What Changed#

Security Impact (Visibility & Fidelity)#

Affected Files#

What Changed

Security Impact (Visibility & Fidelity)

Affected Files