Tanium 提供融合端點管理 (XEM) 參考平台,用於管理複雜的安全與技術環境。 Tanium 透過整合 IT、風險、合規與安全等工作流程於單一平台,保護端點免受網路威脅。 Tanium 提供跨裝置的全面可視化、統一的控制系統、即時修復,以及統一的分類法,以大規模保護關鍵資訊與基礎設施。
注意事項
本文包含有關第三方外掛的資訊。 此功能旨在協助完成整合情境。 然而,Microsoft 並未提供第三方外掛的故障排除支援。 請聯絡第三方供應商尋求支援。
開始之前的須知事項
與 Microsoft Security Copilot 整合需要 Tanium 實例 URL 與 API 令牌。 在使用外掛前,你需要先完成以下步驟。
登入 Tanium 控制台 以取得設定 Tanium 外掛所需的資訊。
選擇模組 > 連接 > 概覽。 Connect 總覽頁面會出現。
選擇設定,然後導覽到 Microsoft Copilot 的安全選項。
選擇 Tanium 實例 URL 複製 以將 Tanium 實例 URL 複製到剪貼簿。 將網址貼上文字編輯器,例如記事本。
選擇 「生成 」以產生 API 標記,並將標記值複製到剪貼簿。 將代幣值貼到文字編輯器中。
登入 Microsoft Security Copilot。
從提示欄選擇 「來源 」。 「 管理來源 」模態會出現。
進入 Tanium 插件,然後選擇設定。
在 Tanium 設定中,複製 Tanium 實例 URL,並貼上到 Tanium 實例 URL。
複製代幣值並貼上到 Value。
選取 [儲存]。
Tanium 範例提示
Tanium 外掛設定完成後,你可以用它來取得組織中) 端點 (裝置的資訊。 下表列出了一些你可以嘗試的功能和範例提示:
| 功能 | 範例提示 |
|---|---|
|
登入使用者 擷取目前登入端點的使用者 需要 Tanium Core 平台 |
Using Tanium, return the user currently logged into the endpoint with the hostname hostname so that I can investigate possible unauthorized endpoint use. Return a Tanium Console Question Results URL so that I can view more real-time information for this endpoint. |
|
從端點取得即時資料 根據 Tanium 感測器從端點即時擷取資料。 欲了解更多支援感測器資訊 需要 Tanium Core 平台,感測器依賴 |
Using Tanium, return the computer name and IP address of endpoints. Display the results in a table, alphabetically sorted by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
計算端點有套件版本 檢索擁有該軟體套件的端點總數 需要資產、SBOM |
Using Tanium, return the total number of endpoints with a software package for software-name, so that I can start cataloging which computers have the software installed. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
List 擁有 Package 的端點 可擷取最多 10 個擁有該軟體套件的端點 需要資產、SBOM |
Using Tanium, return the endpoints with a software package for software-name so that I can start cataloguing which computers might have an out-of-date version. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
列表流程 SHA-256 雜湊值與版本 取得特定程序的 SHA-256 檔案雜湊值與版本 需要資產、SBOM、威脅應對 |
Using Tanium, return the SHA-256 hash value and process version for the running process process-name, so that I can find other instances of this process based on the hash value. |
|
取得漏洞測試結果 回傳端點是否對特定 CVE 有漏洞,以及為何會受到攻擊的原因 要求 Tanium 合規 |
Using Tanium, examine whether endpoint <hostname> is vulnerable to <cve-id>, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion. |
|
列出易受 CVE 影響的端點 可擷取最多 10 個對特定 CVE ID 易受威脅的端點 要求 Tanium 合規 |
Using Tanium, return the endpoints vulnerable to cve-id, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
查看端點程序 取得請求端點的威脅回應即時連線頁面,該頁面包含正在執行的程序清單 需要直接連線,威脅回應 |
Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname hostname, so that I can review the running processes and identify potential vulnerabilities. |
|
服務模組列表詳情 取得端點的執行中服務模組資訊,包括名稱、標題及圖片路徑 需要事件回應 |
Using Tanium, return information for the service modules running on the endpoint with the hostname hostname, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules. |
|
名單服務流程細節 取得端點的執行中服務程序資訊,包括名稱、程序 ID 及檔案路徑 需要事件回應 |
Using Tanium, return information for the service processes running on the endpoint with the hostname hostname, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes. |
|
列表 WMI 活動消費者 從 WMI () 端點執行的事件消費者中取得 Windows 管理儀器 需要事件回應 |
Using Tanium, return the WMI event consumers running on the endpoint with the hostname hostname so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers. |
|
列表檔案詳情 依名稱檢索檔案的詳細資訊,包括安裝端點、檔案路徑及檔案大小 需要索引 |
Using Tanium, return information for the file named file-name so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. 或 Using Tanium, return information for the file named file-name installed on the endpoint with the hostname hostname, so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view real-time information. |
|
程序檔案中的子程序列表 根據特定程序檔名稱,回傳所有在端點上運行的子程序 需要威脅回應 |
Using Tanium, list the child processes of process-name so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. 或 Using Tanium, list the child processes of process-name that are running on the computer with the hostname hostname, so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
以程序指令列出端點 可檢索最多 10 個執行指定命令列指令的端點 需要威脅回應 |
Using Tanium, return the endpoints running the command line command process-command, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
列出具有程序名稱的端點 可檢索最多 10 個執行該程序的端點 需要威脅回應 |
Using Tanium, return the endpoints running a process called process-name, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
列出具有程序MD5雜湊的端點 可檢索最多 10 個執行該程序且符合 MD5 雜湊值的端點 需要威脅回應 |
Using Tanium, return all endpoints that are running a process with the MD5 hash value md5-hash-value, so that I can ensure this process is not running under a different file name. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
清單檔案操作 從端點取得歷史檔案操作資訊,包括端點名稱、檔案路徑及檔案操作類型,例如建立或刪除 需要威脅回應 |
Using Tanium, return file operation information for the endpoint named hostname running on the file path "_partial-file-path" over the past time-frame so that I can determine if any malicious file behavior is occuring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list.或 Using Tanium, return file operation information for files running on the file path "_partial-file-path" over the past time-frame so that I can determine if there is any malicious file creation or deletion. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. |
|
連接至 IPv4 位址的程序列表 取得在特定 IPv4 位址端點上執行的程序 需要威脅回應 |
Using Tanium, return the processes running on the endpoint with the IPv4 address ipv4-address, so that I can analyze any potential security intrusions and resource usage. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
|
列表流程以使用者身份執行 以特定使用者身份檢索端點上執行的程序 需要威脅回應 |
Using Tanium, return the processes running as the user user-name, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. 或 Using Tanium, return the processes running as the user user-name on the endpoint with the hostname hostname, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
排除 Tanium 外掛問題
錯誤時有發生
如果你遇到錯誤,例如 「無法完成你的請求」或 「發生未知錯誤」,請確保外掛已開啟。 如果問題依舊,請登出 Security Copilot,然後再登入。
提示沒有呼叫正確的功能
如果提示詞沒有呼叫正確的能力,或是提示詞呼叫其他能力集,你可能會使用自訂外掛或其他功能與你想用的能力集類似的外掛。
提供意見反應
如需回饋,請聯絡 Tanium。