Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Tanium Manifest and README #177

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update Tanium Manifest and README #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c7de54c
Update Tanium plugin Manifest and README
Feb 5, 2025
d7ef4ec
fix: in the Tanium README, use Security Copilot instead of Copilot fo…
Feb 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions Plugins/Published Plugins/Tanium/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ Establish communication between a Tanium instance and Security Copilot using:
1. In a browser window, navigate to the Microsoft Security Copilot home page.

2. Click Security Copilot plugin. The Manage plugins modal window appears.
![image](https://github.com/shuhblam/copilot-for-security/assets/745064/ec05f712-7489-46a5-a2be-7576bca0b2f1)
![image](https://github.com/user-attachments/assets/c9699e79-272c-4b9b-be69-f7ed2141ad3e)

3. In the Custom section, click Add plugin. The Add a plugin modal window appears.
![image](https://github.com/shuhblam/copilot-for-security/assets/745064/5254358d-8e71-4a9d-ab11-3d39e4a88fb6)
![image](https://github.com/user-attachments/assets/6fd67b98-e4e5-4aa8-b238-e2a4ff1e6854)

4. Select Who can use this plugin?.

Expand All @@ -27,14 +27,14 @@ Establish communication between a Tanium instance and Security Copilot using:
8. Select Modules > Connect > Overview. The Connect Overview page appears.

9. Click Settings. Then click Microsoft Security Copilot.
![image](https://github.com/shuhblam/copilot-for-security/assets/745064/4c7c8e0d-6efc-48e2-874a-b6e6e022cde2)
![image](https://github.com/user-attachments/assets/7c3c9e50-38ea-46c6-be4e-d7cc48456be8)

10. Click Tanium Plugin Manifest URL Copy to copy the plugin manifest URL to the clipboard.

11. In Security Copilot, select Upload as a link. Then paste the Tanium Plugin Manifest URL.

12. Click Add. The Set up Tanium Skills modal window appears.
![image](https://github.com/shuhblam/copilot-for-security/assets/745064/82e9ad22-5031-4494-98dc-bafb4dc8971b)
![image](https://github.com/user-attachments/assets/446cea24-f86b-4c22-85df-30cc93a6c2b8)

13. In Tanium Console, click Tanium Instance URL Copy to copy the Tanium instance URL to the clipboard.

Expand All @@ -61,6 +61,7 @@ Establish communication between a Tanium instance and Security Copilot using:
| Comply | Get Vulnerability Test Results | Return whether an endpoint is vulnerable to a given CVE, and the reason why it is vulnerable | Using Tanium, examine whether endpoint _hostname_ is vulnerable to _cve-id_, and return the reasons that this endpoint is vulnerable, along with a suggested plan of action to remediate the intrusion. Thank you. |
| Comply | List Endpoints Vulnerable To CVE | Retrieve up to 10 endpoints vulnerable to a given CVE ID | Using Tanium, return the endpoints vulnerable to _cve-id_, so that I can remediate the vulnerability on these endpoints. Display the results in a table, sorted alphabetically by host name, and return a Tanium Console Question Results URL so that I can view the real-time list of endpoints. Thank you. |
| Direct Connect, Threat Response | View Endpoint Processes | Retrieve a URL to the Threat Response Live Connection page for the requested endpoint, which contains a list of running processes | Using Tanium, return a Threat Response Live Connection URL for the endpoint with the hostname _hostname_, so that I can review the running processes and identify potential vulnerabilities. Thank you. |
| Incident Response | List Hashes of File | Retrieve the SHA-256 and MD5 file hashes for a given file. | Using Tanium, retrieve the MD5 and SHA-256 hashes for the file at the file path _full-file-path_ so that I, a junior security operations center member, can determine if any malicious file behavior is occurring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. Thank you. OR Using Tanium, retrieve the MD5 and SHA-256 hashes for the file at the file path _full-file-path_ on the endpoint named _hostname_ so that I, a junior security operations center member, can determine if any malicious file behavior is occurring on the endpoint. Display the results in a table, alphabetically sorted, and return a Tanium Console Question Results URL so that I can view the real-time list. Thank you. |
| Incident Response | List Service Module Details | Retrieve running service module information for an endpoint, including name, caption, and image path | Using Tanium, return information for the service modules running on the endpoint with the hostname _hostname_, so that I can review the list for unexpected service modules. Display the results in a table, alphabetically sorted by service module name, and return a Tanium Console Question Results URL so that I can view the real-time list of service modules. Thank you. |
| Incident Response | List Service Process Details | Retrieve running service process information for an endpoint, including name, process ID, and file path | Using Tanium, return information for the service processes running on the endpoint with the hostname _hostname_, so that I can review the list for unexpected service processes. Display the results in a table, alphabetically sorted by service process name, and return a Tanium Console Question Results URL so that I can view the real-time list of service processes. Thank you. |
| Incident Response | List WMI Event Consumers | Retrieve Windows Management Instrumentation (WMI) event consumers running on an endpoint | Using Tanium, return the WMI event consumers running on the endpoint with the hostname _hostname_ so that I can ensure only expected event consumers are running, and return a Tanium Console Question Results URL so that I can view the real-time list of event consumers. Thank you. |
Expand Down
49 changes: 30 additions & 19 deletions Plugins/Published Plugins/Tanium/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
"Name": "Tanium",
"DisplayName": "Tanium (Preview)",
"Icon": "https://www.tanium.com/wp-content/uploads/Tanium-LogoBug-FullColor-Positive.png",
"Description": "Provide analysts of all skill levels tools to make informed decisions and confidently take decisive actions using Tanium’s real-time endpoint data.",
"Description": "Provide analysts of all skill levels tools to make informed decisions and confidently take decisive actions using Tanium's real-time endpoint data.",
"DescriptionDisplay": "Provide analysts of all skill levels tools to make informed decisions and confidently take decisive actions using Tanium's real-time endpoint data.",
"Settings": [
{
"Name": "TaniumInstanceUrl",
Expand All @@ -20,125 +21,135 @@
"Key": "session",
"Location": "Header",
"AuthScheme": ""
}
},
"Category": "Other",
"PublishStatus": "Public",
"Version": "1.0.0"
},
"SkillGroups": [
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_child_processes_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_child_processes_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/count_endpoints_having_package_version_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/count_endpoints_having_package_version_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/get_vulnerability_test_results_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/get_vulnerability_test_results_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_endpoints_having_package_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_endpoints_having_package_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_endpoints_having_process_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_endpoints_having_process_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_endpoints_vulnerable_to_cve_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_endpoints_vulnerable_to_cve_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_process_hashes_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_process_hashes_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_processes_connected_to_ip_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_processes_connected_to_ip_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_processes_ran_as_user_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_processes_ran_as_user_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/fetch_sensor_results_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/fetch_sensor_results_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_file_operations_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_file_operations_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_hashes_of_file_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_service_module_details_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_service_module_details_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_service_process_details_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_service_process_details_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/get_logged_in_user_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/get_logged_in_user_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_wmi_event_consumers_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_wmi_event_consumers_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/get_process_view_url_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/get_process_view_url_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
},
{
"Format": "API",
"Settings": {
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-03-26_14-59-14_1.1.2.0000/security-copilot/list_file_details_v1.json",
"OpenApiSpecUrl": "https://content.tanium.com/files/published/partner-integration/2024-11-19_14-33-44_1.4.32.0000/security-copilot/list_file_details_v2.json",
"EndpointUrlSettingName": "TaniumInstanceUrl"
}
}
Expand Down