閱讀英文

共用方式為


Tanium

Tanium 提供交集端點管理 (XEM) 參考平臺,以管理複雜的安全性和技術環境。 Tanium 藉由將跨IT、風險、合規性和安全性的工作流程整合到單一平臺,來保護端點免於遭受網路威脅。 Tanium 提供裝置的完整可見度、一組統一的控件、即時補救,以及一般分類法,以大規模保護重要資訊和基礎結構。

注意

本文包含第三方外掛程式的相關信息。 這是為了協助完成整合案例而提供。 不過,Microsoft不提供第三方外掛程式的疑難解答支援。 請連絡第三方廠商以取得支援。

開始之前的須知事項

與 Microsoft Security Copilot整合需要Tanium實例URL和 API 令牌。 使用外掛程式之前,您必須先採取下列步驟。

  1. 登入 您的 Tanium 控制台 ,以擷取設定 Tanium 外掛程式所需的資訊。

  2. 取 [模組連線>>概觀]。 [連線概觀] 頁面隨即出現。

  3. 取 [設定],然後選取 [Microsoft Security Copilot]。 然後遵循下列步驟:

    1. 選取 [Tanium 實例 URL 複製 ],將Tanium實例 URL 複製到剪貼簿。 將它貼到文本編輯器中,例如記事本。

    2. 取 [產生 ] 以產生 API 令牌,並將令牌值複製到剪貼簿。 將它貼到文字編輯器中。

  4. 登入 Microsoft Security Copilot

  5. 從提示欄選取 [外掛程式] 按鈕,以存取 [管理外掛程式]

  6. 在 [ 其他 ] 區段的 Tanium旁邊,選取 [ 設定]

  7. 在 [ 值] 字段中,貼上您的Tanium實例URL和 API 令牌。 然後儲存您的變更。

範例 Tanium 提示

設定 Tanium 外掛程式之後,您可以使用它來擷取組織中裝置) (端點的相關信息。 下表列出您可以嘗試的一些功能和範例提示:

功能 範例提示
取得登入使用者
擷取目前登入端點的使用者

需要Tanium Core平臺
Using Tanium, return the user currently logged into the endpoint with the hostname hostname so that I can investigate possible unauthorized endpoint use. Return a Tanium Console Question Results URL so that I can view more real-time information for this endpoint.
從端點取得實時數據
根據Tanium感測器,從端點擷取實時數據。 如需支援感測器的詳細資訊

需要Tanium Core平臺,感測器相依
Using Tanium, return the computer name and IP address of endpoints. Display the results in a table, alphabetically sorted by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
計算具有套件版本的端點
擷取具有指定軟體套件的端點總數

需要資產、SBOM
Using Tanium, return the total number of endpoints with a software package for software-name, so that I can start cataloging which computers have the software installed. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出具有套件的端點
擷取最多10個具有指定軟體套件的端點

需要資產、SBOM
Using Tanium, return the endpoints with a software package for software-name so that I can start cataloguing which computers might have an out-of-date version. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出進程 SHA-256 哈希和版本
擷取指定進程的SHA-256檔案哈希和版本

需要資產、SBOM、威脅回應
Using Tanium, return the SHA-256 hash value and process version for the running process process-name, so that I can find other instances of this process based on the hash value.
取得弱點測試結果
傳回端點是否容易受到指定 CVE 的影響,以及其易受攻擊的原因

要求 Tanium 合規
Using Tanium, examine whether endpoint <hostname> is vulnerable to <cve-id>, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion.
列出容易受到 CVE 攻擊的端點
擷取最多 10 個容易受到指定 CVE 標識符攻擊的端點

要求 Tanium 合規
Using Tanium, return the endpoints vulnerable to cve-id, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
檢視端點進程
擷取要求端點之 [威脅回應即時連線] 頁面的 URL,其中包含執行中的進程清單

需要直接連線、威脅回應
Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname hostname, so that I can review the running processes and identify potential vulnerabilities.
列出服務模組詳細數據
擷取端點的執行中服務模組資訊,包括名稱、標題和映射路徑

需要事件回應
Using Tanium, return information for the service modules running on the endpoint with the hostname hostname, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules.
列出服務程序詳細數據
擷取端點的執行中服務進程資訊,包括名稱、進程標識碼和檔案路徑

需要事件回應
Using Tanium, return information for the service processes running on the endpoint with the hostname hostname, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes.
列出 WMI 事件取用者
擷取在端點上執行的 Windows Management Instrumentation (WMI) 事件取用者

需要事件回應
Using Tanium, return the WMI event consumers running on the endpoint with the hostname hostname so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers.
列出檔案詳細數據
依名稱擷取檔案的詳細數據,包括其安裝所在的端點、檔案路徑和檔案大小

需要索引
Using Tanium, return information for the file named file-name so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.



Using Tanium, return information for the file named file-name installed on the endpoint with the hostname hostname, so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view real-time information.
列出進程檔案的子進程
根據指定的進程檔名,傳回在端點上執行的所有子進程

需要威脅回應
Using Tanium, list the child processes of process-name so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.



Using Tanium, list the child processes of process-name that are running on the computer with the hostname hostname, so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
使用處理命令列出端點
擷取最多 10 個執行指定命令行命令的端點

需要威脅回應
Using Tanium, return the endpoints running the command line command process-command, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出具有進程名稱的端點
擷取最多10個執行指定進程的端點

需要威脅回應
Using Tanium, return the endpoints running a process called process-name, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
使用進程 MD5 哈希列出端點
擷取最多 10 個執行指定進程且符合所提供 MD5 哈希值的端點

需要威脅回應
Using Tanium, return all endpoints that are running a process with the MD5 hash value md5-hash-value, so that I can ensure this process is not running under a different file name. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
列出檔案作業
從端點擷取歷程記錄檔案作業資訊,包括端點名稱、檔案路徑和檔案作業類型,例如建立或刪除

需要威脅回應
Using Tanium, return file operation information for the endpoint named hostname running on the file path "_partial-file-path" over the past time-frame so that I can determine if any malicious file behavior is occuring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.



Using Tanium, return file operation information for files running on the file path "_partial-file-path" over the past time-frame so that I can determine if there is any malicious file creation or deletion. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.
列出連線到IPv4位址的進程
擷取在具有指定IPv4位址的端點上執行的進程

需要威脅回應
Using Tanium, return the processes running on the endpoint with the IPv4 address ipv4-address, so that I can analyze any potential security intrusions and resource usage. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.
以使用者身分執行清單程式
以指定的使用者身分擷取在端點上執行的進程

需要威脅回應
Using Tanium, return the processes running as the user user-name, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.



Using Tanium, return the processes running as the user user-name on the endpoint with the hostname hostname, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints.

針對 Tanium 外掛程式進行疑難解答

發生錯誤

如果您遇到無法 完成要求發生未知錯誤等錯誤,請確定外掛程式已開啟。 如果問題持續發生,請註銷 Security Copilot,然後重新登入。

提示 未叫用正確的功能

如果提示未叫用正確的功能,或提示正在叫用一些其他功能集,您可能會有自定義外掛程式或其他外掛程式,其功能與您想要使用的功能集類似。

提供意見反應

若要提供意見反應,請連 絡Tanium

另請參閱

Microsoft Security Copilot 的非Microsoft外掛程式

管理 Microsoft Security Copilot 中的外掛程式