Elastic Clusters Pull master branch master branch dev branch Tanium Server 1 Tanium Server 2 Tanium Server n Slack API calls Caldera Attacker Simulation Alerting Orchestration JIRA Ticketing
C2 Actions Anatomy of a Cyber Attack Cyber kill chain methodology Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Network Forensics Network Forensics Target an organization or industry Craft malicious payload Payload sent to Target Compromise System Installation of malware/post exploitation tools Command and Control Ultimate goals achieved Host Forensics
Windows/DNS Enumerate Administrators Initial Access Malicious Excel Macro Spear phishing Persis tence Create HKLM Run Key Execution Download Netcat via Powershell Launch Netcat via Advpack.dll Listen for commands in shell Host B Initial Access Remote execution of RAT Discovery Enumerate Computers Enumerate Windows/DNS Enumerate Administrators etc. Dump passwords with Mimikatz
signals per endpoint, comparisons across estate • Automatic Tanium Signal suppression from the platform • Real-time lookup and correlation with other data sources: • Network: Iceberg, SonarShock • Endpoint: Tanium, Winlogbeat, Auditbeat