This documentation includes content for releases that might not be available on-premises. For the latest on-premises Interact documentation, see the PDF version of Tanium™ Interact User Guide version 2.15.133.
Reference: Example questions
Review the following examples to learn about the kinds of questions that Tanium Interact enables you to issue to endpoints.
Example starter questions
The following examples show common questions.
How can I get a list of running services on all endpoints or a specific endpoint?
Get Running Service from all machines
Get Service Details from all machines
Get Running Service from all machines with Computer Name containing "<hostname>"
How can I get a list of running processes on all endpoints or a specific endpoint?
Get Running Processes from all machines
Get Running Processes from machines where Computer Name contains "<hostname>"
Get Running Processes and Computer Name contains "<hostname>" from all machines
How can I display Windows Registry keys and values?
Get Registry Value Data[registry key path, value-name] from all machines
Get Registry Value Data[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, CommonFilesDir] from all machines
Get Registry Key Value Exists[registry key path, value-name] from all machines
Get Registry Key Exists[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, CommonFilesDir] from all machines
How can I get a list of open ports?
Get Computer Name and Open Port from all machines
Get Open Port from machines where Computer Name contains "<hostname>"
Get Open Port from all machines with Computer Name containing "<hostname>"
How can I get user authentication information?
Get Logged In Users contains "<user name>" from all machines
Get Logged In Users containing "BABOON08D9ANGUI\Administrator" from all machines
Get Logged In Users and Computer Name from all machines
Get Local User Login Dates from all machines
Get Logged In Users and Client Date from all machines
Get Last Logged In User and Client Date from all machines
Get Local Administrators from all machines
How can I see the current logged on user?
Get User Sessions from all machines
How can I see when users last logged in?
Get local User Login Dates from all machines
How can I get the Service Account logins?
Get Service Login Names from all machines
How can I get certificate information?
Get Machine Certificates[authroot] from all machines
Get Machine Certificates[disallowed] from all machines
Get Machine Certificates[root] from all machines
For Intermediate Certs:
Get Machine Certificates[CA] from all machines (Intermediate Certs)
How can I detect all running Oracle instances within a Linux environment?
Get computer name and running processes that contains "ora_pmon" from machines with running processes contains "ora_pmon"
How can I get asset information?
Get Cpu and Cpu Details and Chassis and Architecture and Serial Number and Computer Name and Bios and IP Address and Mac Address and serial number from all machines
Example dashboard questions
Reviewing the list of predefined saved questions in dashboards and categories is a good way to learn how to use questions to get meaningful results. The following examples illustrate a few such predefined questions that are organized by <category> > <dashboard>.
Security > Data Leakage
Get Computer Name and Non-Approved Established Connections from all machines with Non-Approved Established Connections containing ":"
Security > Wireless Network Security
Get Wireless Networks Visible from all machines
Get Hosted Wireless Ad-Hoc Networks from all machines with Hosted Wireless Ad-Hoc Networks containing "started"
Get Unencrypted Wireless Networks from all machines with Unencrypted Wireless Networks containing "open"
Get Wireless Networks Using WEP from all machines with Wireless Networks Using WEP containing "wep"
Security > Proactive Security
Get Firewall Status containing "disabled" from all machines with Firewall Status containing "disabled"
Get Computer Name and Open Share Details from all machines with Open Share Details not containing "No shares"
Security > Workstation USB Write Protection
Get USB device details from all machines
Get Computer Name and Username from all machines with ( Operating System not containing "server" and USB Write Protected containing "False" )
Get Computer Name and Username from all machines with ( Operating System not containing "server" and USB Write Protected containing "True" )
Last updated: 9/26/2023 2:48 PM | Feedback