What Changed
Fixed URL encoding bug in Tanium-QuarantineHosts and Tanium-UnquarantineHosts playbooks where package names containing square brackets and special characters were causing 400 API response errors.
Security Impact (Visibility & Fidelity)
Quarantine Operations Failure: Host quarantine and unquarantine operations were failing when Tanium package names contained special characters (particularly square brackets). The manual space replacement with ‘%20’ was insufficient — packages with names like “Deploy Agent [Windows]” would generate malformed API requests, causing complete quarantine operation failures.
Incident Response Degradation: Security teams using automated quarantine workflows through Microsoft Sentinel incidents experienced silent failures when attempting to isolate compromised endpoints. This created a false sense of containment while threats remained active on the network.
API Integration Restored: Replaced manual string manipulation with proper uriComponent() encoding function, ensuring all special characters in package names are correctly encoded for URL-safe API calls to Tanium.
Affected Files
Solutions/Tanium/Playbooks/Tanium-QuarantineHosts/azuredeploy.json Solutions/Tanium/Playbooks/Tanium-UnquarantineHosts/azuredeploy.json (packaging artefacts: mainTemplate.json, etc.)