使用英语阅读

通过


Tanium

Tanium 提供聚合终结点管理 (XEM) 参考平台来管理复杂的安全和技术环境。 Tanium 通过将跨 IT、风险、合规性和安全性的工作流集成到单个平台中,保护终结点免受网络威胁。 Tanium 提供跨设备的全面可见性、一组统一的控制措施、实时修正和通用分类,以大规模保护关键信息和基础结构。

备注

本文包含有关第三方插件的信息。 这是为了帮助完成集成方案而提供的。 但是,Microsoft不提供对第三方插件的故障排除支持。 请联系第三方供应商获取支持。

在开始之前了解

与 Microsoft Security Copilot 集成需要 Tanium 实例 URL 和 API 令牌。 在使用插件之前,需要执行以下步骤。

  1. 登录到 Tanium 控制台以检索配置 Tanium 插件所需的信息。

  2. 选择“模块>连接>概述”。 此时会显示“连接概述”页。

  3. 选择“设置”,然后选择“Microsoft Security Copilot”。 然后,按照以下步骤操作:

    1. 选择“Tanium 实例 URL 复制”,将 Tanium 实例 URL 复制到剪贴板。 将其粘贴到文本编辑器(如记事本)中。

    2. 选择“生成”以生成 API 令牌,并将令牌值复制到剪贴板。 将其粘贴到文本编辑器中。

  4. 登录到 Microsoft Security Copilot

  5. 通过从提示栏中选择“插件”按钮来访问“管理插件”。

  6. 在“其他”部分中,选择“Tanium”旁边的“设置”。

  7. 在“”字段中,粘贴 Tanium 实例 URL 和 API 令牌。 然后保存你所做的更改。

示例 Tanium 提示

配置 Tanium 插件后,可以使用它来检索有关组织中的终结点(设备)的信息。 下表列出了可以尝试的一些功能和示例提示:

功能 示例提示
获取已登录用户
检索当前登录到终结点的用户

需要 Tanium Core Platform
Using Tanium, return the user currently logged into the endpoint with the hostname hostname so that I can investigate possible unauthorized endpoint use. Return a Tanium Console Question Results URL so that I can view more real-time information for this endpoint.
从终结点获取实时数据
基于 Tanium 传感器从终结点检索实时数据。 有关支持的传感器的详细信息

需要 Tanium Core Platform,依赖于传感器
Using Tanium, return the computer name and IP address of endpoints. Display the results in a table, alphabetically sorted by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
对具有包版本的终结点进行计数
检索具有给定软件包的终结点的总计数

需要资产、SBOM
Using Tanium, return the total number of endpoints with a software package for software-name, so that I can start cataloging which computers have the software installed. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出具有包的终结点
检索最多 10 个具有给定软件包的终结点

需要资产、SBOM
Using Tanium, return the endpoints with a software package for software-name so that I can start cataloguing which computers might have an out-of-date version. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出进程 SHA-256 哈希和版本
检索给定进程的 SHA-256 文件哈希和版本

需要资产、SBOM 和威胁响应
Using Tanium, return the SHA-256 hash value and process version for the running process process-name, so that I can find other instances of this process based on the hash value.
获取漏洞测试结果
返回终结点是否容易受到给定 CVE 攻击,以及它易受攻击的原因

需要 Tanium Comply
Using Tanium, examine whether endpoint <hostname> is vulnerable to <cve-id>, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion.
列出易受 CVE 影响的终结点
检索最多 10 个易受给定 CVE ID 攻击的终结点

需要 Tanium Comply
Using Tanium, return the endpoints vulnerable to cve-id, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
查看终结点进程
检索所请求终结点的“威胁响应实时连接”页的 URL,其中包含正在运行的进程列表

需要直接连接、威胁响应
Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname hostname, so that I can review the running processes and identify potential vulnerabilities.
列出服务模块详细信息
检索终结点的正在运行的服务模块信息,包括名称、描述文字和映像路径

需要事件响应
Using Tanium, return information for the service modules running on the endpoint with the hostname hostname, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules.
列出服务进程详细信息
检索终结点的正在运行的服务进程信息,包括名称、进程 ID 和文件路径

需要事件响应
Using Tanium, return information for the service processes running on the endpoint with the hostname hostname, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes.
列出 WMI 事件使用者
检索在终结点上运行的 Windows Management Instrumentation (WMI) 事件使用者

需要事件响应
Using Tanium, return the WMI event consumers running on the endpoint with the hostname hostname so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers.
列出文件详细信息
按名称检索文件的详细信息,包括安装该文件的终结点、文件路径和文件大小

需要索引
Using Tanium, return information for the file named file-name so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.



Using Tanium, return information for the file named file-name installed on the endpoint with the hostname hostname, so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view real-time information.
列出进程文件的子进程
返回基于给定进程文件名在终结点上运行的所有子进程

需要威胁响应
Using Tanium, list the child processes of process-name so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.



Using Tanium, list the child processes of process-name that are running on the computer with the hostname hostname, so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
使用 Process 命令列出终结点
检索最多 10 个运行给定命令行命令的终结点

需要威胁响应
Using Tanium, return the endpoints running the command line command process-command, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
使用进程名称列出终结点
检索最多 10 个运行给定进程的终结点

需要威胁响应
Using Tanium, return the endpoints running a process called process-name, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
使用进程 MD5 哈希列出终结点
检索与提供的 MD5 哈希值匹配的最多 10 个运行给定进程的终结点

需要威胁响应
Using Tanium, return all endpoints that are running a process with the MD5 hash value md5-hash-value, so that I can ensure this process is not running under a different file name. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出文件操作
从终结点检索历史文件操作信息,包括终结点名称、文件路径和文件操作类型,例如创建或删除

需要威胁响应
Using Tanium, return file operation information for the endpoint named hostname running on the file path "_partial-file-path" over the past time-frame so that I can determine if any malicious file behavior is occuring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.



Using Tanium, return file operation information for files running on the file path "_partial-file-path" over the past time-frame so that I can determine if there is any malicious file creation or deletion. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.
列出连接到 IPv4 地址的进程
检索在具有给定 IPv4 地址的终结点上运行的进程

需要威胁响应
Using Tanium, return the processes running on the endpoint with the IPv4 address ipv4-address, so that I can analyze any potential security intrusions and resource usage. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出以用户身份运行的进程
检索以给定用户身份在终结点上运行的进程

需要威胁响应
Using Tanium, return the processes running as the user user-name, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.



Using Tanium, return the processes running as the user user-name on the endpoint with the hostname hostname, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.

排查 Tanium 插件问题

发生错误

如果遇到错误(例如 无法完成请求发生未知错误),请确保插件已打开。 如果问题仍然存在,请注销Security Copilot,然后重新登录。

提示未调用正确的功能

如果提示未调用正确的功能,或者提示调用其他一些功能集,则可能具有与要使用的功能集类似的自定义插件或其他插件。

提供反馈

若要提供反馈,请联系 Tanium

另请参阅

用于Microsoft Security Copilot的非Microsoft插件

在 Microsoft Security Copilot 中管理插件