Get Logged In User Retrieves the user that is currently logged into an endpoint
Requires Tanium Core Platform |
Using Tanium, return the user currently logged into the endpoint with the hostname hostname so that I can investigate possible unauthorized endpoint use. Return a Tanium Console Question Results URL so that I can view more real-time information for this endpoint. |
Get Real-time Data from Endpoints Retrieves real-time data from endpoints based on a Tanium sensor. For more information on supported sensors
Requires Tanium Core Platform, sensor-dependent |
Using Tanium, return the computer name and IP address of endpoints. Display the results in a table, alphabetically sorted by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
Count Endpoints Having Package Version Retrieves the total count of endpoints that have the given software package
Requires Asset, SBOM |
Using Tanium, return the total number of endpoints with a software package for software-name, so that I can start cataloging which computers have the software installed. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Endpoints Having Package Retrieves up to 10 endpoints that have the given software package
Requires Asset, SBOM |
Using Tanium, return the endpoints with a software package for software-name so that I can start cataloguing which computers might have an out-of-date version. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Process SHA-256 Hashes and Versions Retrieves the SHA-256 file hash and version for a given process
Requires Asset, SBOM, Threat Response |
Using Tanium, return the SHA-256 hash value and process version for the running process process-name, so that I can find other instances of this process based on the hash value. |
Get Vulnerability Test Results Returns whether an endpoint is vulnerable to a given CVE, and the reason why it is vulnerable
Requires Tanium Comply |
Using Tanium, examine whether endpoint <hostname> is vulnerable to <cve-id>, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion. |
List Endpoints Vulnerable To CVE Retrieves up to 10 endpoints vulnerable to a given CVE ID
Requires Tanium Comply |
Using Tanium, return the endpoints vulnerable to cve-id, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
View Endpoint Processes Retrieves a URL to the Threat Response Live Connection page for the requested endpoint, which contains a list of running processes
Requires Direct Connect, Threat Response |
Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname hostname, so that I can review the running processes and identify potential vulnerabilities. |
List Service Module Details Retrieves running service module information for an endpoint, including name, caption, and image path
Requires Incident Response |
Using Tanium, return information for the service modules running on the endpoint with the hostname hostname, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules. |
List Service Process Details Retrieves running service process information for an endpoint, including name, process ID, and file path
Requires Incident Response |
Using Tanium, return information for the service processes running on the endpoint with the hostname hostname, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes. |
List WMI Event Consumers Retrieves Windows Management Instrumentation (WMI) event consumers running on an endpoint
Requires Incident Response |
Using Tanium, return the WMI event consumers running on the endpoint with the hostname hostname so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers. |
List File Details Retrieves details for a file by name, including the endpoints on which it is installed, the file path, and file size
Requires Index |
Using Tanium, return information for the file named file-name so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.
or
Using Tanium, return information for the file named file-name installed on the endpoint with the hostname hostname, so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view real-time information. |
List Child Processes for Process File Returns all child processes running on an endpoint based on a given process file name
Requires Threat Response |
Using Tanium, list the child processes of process-name so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
or
Using Tanium, list the child processes of process-name that are running on the computer with the hostname hostname, so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Endpoints with Process Command Retrieves up to 10 endpoints running the given command line command
Requires Threat Response |
Using Tanium, return the endpoints running the command line command process-command, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Endpoints with Process Name Retrieves up to 10 endpoints running the given process
Requires Threat Response |
Using Tanium, return the endpoints running a process called process-name, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Endpoints with Process MD5 Hash Retrieves up to 10 endpoints running the given process matching the provided MD5 hash value
Requires Threat Response |
Using Tanium, return all endpoints that are running a process with the MD5 hash value md5-hash-value, so that I can ensure this process is not running under a different file name. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List File Operations Retrieves historical file operation information from endpoints, including endpoint name, file path, and the file operation type, such as create or delete
Requires Threat Response |
Using Tanium, return file operation information for the endpoint named hostname running on the file path "_partial-file-path" over the past time-frame so that I can determine if any malicious file behavior is occuring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.
or
Using Tanium, return file operation information for files running on the file path "_partial-file-path" over the past time-frame so that I can determine if there is any malicious file creation or deletion. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. |
List Processes Connected To IPv4 Address Retrieves the processes running on an endpoint with the given IPv4 address
Requires Threat Response |
Using Tanium, return the processes running on the endpoint with the IPv4 address ipv4-address, so that I can analyze any potential security intrusions and resource usage. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
List Process Ran As User Retrieve the processes running on an endpoint as a given user
Requires Threat Response |
Using Tanium, return the processes running as the user user-name, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
or
Using Tanium, return the processes running as the user user-name on the endpoint with the hostname hostname, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |