Tanium
Tanium 提供交集端點管理 (XEM) 參考平臺,以管理複雜的安全性和技術環境。 Tanium 藉由將跨IT、風險、合規性和安全性的工作流程整合到單一平臺,來保護端點免於遭受網路威脅。 Tanium 提供裝置的完整可見度、一組統一的控件、即時補救,以及一般分類法,以大規模保護重要資訊和基礎結構。
注意
本文包含第三方外掛程式的相關信息。 這是為了協助完成整合案例而提供。 不過,Microsoft不提供第三方外掛程式的疑難解答支援。 請連絡第三方廠商以取得支援。
與 Microsoft Security Copilot整合需要Tanium實例URL和 API 令牌。 使用外掛程式之前,您必須先採取下列步驟。
登入 您的 Tanium 控制台 ,以擷取設定 Tanium 外掛程式所需的資訊。
選取 [模組連線>>概觀]。 [連線概觀] 頁面隨即出現。
選取 [設定],然後選取 [Microsoft Security Copilot]。 然後遵循下列步驟:
選取 [Tanium 實例 URL 複製 ],將Tanium實例 URL 複製到剪貼簿。 將它貼到文本編輯器中,例如記事本。
選 取 [產生 ] 以產生 API 令牌,並將令牌值複製到剪貼簿。 將它貼到文字編輯器中。
從提示欄選取 [外掛程式] 按鈕,以存取 [管理外掛程式]。
在 [ 其他 ] 區段的 Tanium旁邊,選取 [ 設定]。
在 [ 值] 字段中,貼上您的Tanium實例URL和 API 令牌。 然後儲存您的變更。
設定 Tanium 外掛程式之後,您可以使用它來擷取組織中裝置) (端點的相關信息。 下表列出您可以嘗試的一些功能和範例提示:
功能 | 範例提示 |
---|---|
取得登入使用者 擷取目前登入端點的使用者 需要Tanium Core平臺 |
Using Tanium, return the user currently logged into the endpoint with the hostname hostname so that I can investigate possible unauthorized endpoint use. Return a Tanium Console Question Results URL so that I can view more real-time information for this endpoint. |
從端點取得實時數據 根據Tanium感測器,從端點擷取實時數據。 如需支援感測器的詳細資訊 需要Tanium Core平臺,感測器相依 |
Using Tanium, return the computer name and IP address of endpoints. Display the results in a table, alphabetically sorted by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
計算具有套件版本的端點 擷取具有指定軟體套件的端點總數 需要資產、SBOM |
Using Tanium, return the total number of endpoints with a software package for software-name, so that I can start cataloging which computers have the software installed. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
列出具有套件的端點 擷取最多10個具有指定軟體套件的端點 需要資產、SBOM |
Using Tanium, return the endpoints with a software package for software-name so that I can start cataloguing which computers might have an out-of-date version. Display the results in a table, alphabetically sorted by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
列出進程 SHA-256 哈希和版本 擷取指定進程的SHA-256檔案哈希和版本 需要資產、SBOM、威脅回應 |
Using Tanium, return the SHA-256 hash value and process version for the running process process-name, so that I can find other instances of this process based on the hash value. |
取得弱點測試結果 傳回端點是否容易受到指定 CVE 的影響,以及其易受攻擊的原因 要求 Tanium 合規 |
Using Tanium, examine whether endpoint <hostname> is vulnerable to <cve-id>, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion. |
列出容易受到 CVE 攻擊的端點 擷取最多 10 個容易受到指定 CVE 標識符攻擊的端點 要求 Tanium 合規 |
Using Tanium, return the endpoints vulnerable to cve-id, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
檢視端點進程 擷取要求端點之 [威脅回應即時連線] 頁面的 URL,其中包含執行中的進程清單 需要直接連線、威脅回應 |
Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname hostname, so that I can review the running processes and identify potential vulnerabilities. |
列出服務模組詳細數據 擷取端點的執行中服務模組資訊,包括名稱、標題和映射路徑 需要事件回應 |
Using Tanium, return information for the service modules running on the endpoint with the hostname hostname, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules. |
列出服務程序詳細數據 擷取端點的執行中服務進程資訊,包括名稱、進程標識碼和檔案路徑 需要事件回應 |
Using Tanium, return information for the service processes running on the endpoint with the hostname hostname, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes. |
列出 WMI 事件取用者 擷取在端點上執行的 Windows Management Instrumentation (WMI) 事件取用者 需要事件回應 |
Using Tanium, return the WMI event consumers running on the endpoint with the hostname hostname so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers. |
列出檔案詳細數據 依名稱擷取檔案的詳細數據,包括其安裝所在的端點、檔案路徑和檔案大小 需要索引 |
Using Tanium, return information for the file named file-name so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. 或 Using Tanium, return information for the file named file-name installed on the endpoint with the hostname hostname, so that I can determine if it is running on unintended endpoints. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view real-time information. |
列出進程檔案的子進程 根據指定的進程檔名,傳回在端點上執行的所有子進程 需要威脅回應 |
Using Tanium, list the child processes of process-name so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. 或 Using Tanium, list the child processes of process-name that are running on the computer with the hostname hostname, so that I can analyze resource usage. Display the results in a table, alphabetically sorted by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
使用處理命令列出端點 擷取最多 10 個執行指定命令行命令的端點 需要威脅回應 |
Using Tanium, return the endpoints running the command line command process-command, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
列出具有進程名稱的端點 擷取最多10個執行指定進程的端點 需要威脅回應 |
Using Tanium, return the endpoints running a process called process-name, so that I can ensure this process is not running on unexpected endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
使用進程 MD5 哈希列出端點 擷取最多 10 個執行指定進程且符合所提供 MD5 哈希值的端點 需要威脅回應 |
Using Tanium, return all endpoints that are running a process with the MD5 hash value md5-hash-value, so that I can ensure this process is not running under a different file name. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
列出檔案作業 從端點擷取歷程記錄檔案作業資訊,包括端點名稱、檔案路徑和檔案作業類型,例如建立或刪除 需要威脅回應 |
Using Tanium, return file operation information for the endpoint named hostname running on the file path "_partial-file-path" over the past time-frame so that I can determine if any malicious file behavior is occuring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. 或 Using Tanium, return file operation information for files running on the file path "_partial-file-path" over the past time-frame so that I can determine if there is any malicious file creation or deletion. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. |
列出連線到IPv4位址的進程 擷取在具有指定IPv4位址的端點上執行的進程 需要威脅回應 |
Using Tanium, return the processes running on the endpoint with the IPv4 address ipv4-address, so that I can analyze any potential security intrusions and resource usage. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
以使用者身分執行清單程式 以指定的使用者身分擷取在端點上執行的進程 需要威脅回應 |
Using Tanium, return the processes running as the user user-name, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by computer name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. 或 Using Tanium, return the processes running as the user user-name on the endpoint with the hostname hostname, so that I can determine whether there are issues with unauthorized access. Display the results in a table, sorted alphabetically by process name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. |
如果您遇到無法 完成要求或 發生未知錯誤等錯誤,請確定外掛程式已開啟。 如果問題持續發生,請註銷 Security Copilot,然後重新登入。
如果提示未叫用正確的功能,或提示正在叫用一些其他功能集,您可能會有自定義外掛程式或其他外掛程式,其功能與您想要使用的功能集類似。
若要提供意見反應,請連 絡Tanium。