AgentSkillsCN

Endpoint Security

端点安全

SKILL.md

Endpoint Security

Monitor and analyze endpoint protection status, agent deployment, and endpoint inventory using Trend Micro Vision One. This skill provides visibility into workstations, servers, and their security posture.

Instructions

  1. When the user asks about endpoints, workstations, servers, or agent status, use this skill to query endpoint data.

  2. List endpoints: Start with list_endpoints to get an overview of all managed endpoints.

  3. Check agent status: Use list_endpoint_agents to review agent deployment and health across the environment.

  4. Get endpoint details: Use get_endpoint to retrieve comprehensive information about a specific endpoint.

  5. Filter by criteria: Use filtering capabilities to focus on specific OS types, agent versions, or protection status.

  6. Identify gaps: Look for endpoints with outdated agents, disabled protection, or missing security components.

  7. Correlate with alerts: Cross-reference endpoint data with Workbench alerts for affected systems.

Tools

This skill uses the following Vision One MCP tools (all read-only):

ToolPurpose
list_endpointsList all managed endpoints with status
get_endpointGet detailed endpoint information
list_endpoint_agentsList endpoint agent deployments
get_endpoint_agentGet specific agent details
list_endpoint_agent_versionsList available and deployed agent versions
get_endpoint_protection_statusGet protection status for endpoints

Common Workflows

Endpoint Inventory Review

  1. List all endpoints
  2. Group by OS type (Windows, macOS, Linux)
  3. Check protection status for each group
  4. Identify unprotected or partially protected endpoints
  5. Summarize coverage metrics

Agent Health Assessment

  1. List endpoint agents
  2. Check agent versions against current release
  3. Identify outdated agents requiring updates
  4. Check agent connectivity status
  5. Generate update priority list

Protection Gap Analysis

  1. List endpoints with protection status
  2. Filter for disabled or degraded protection
  3. Identify endpoints missing security components
  4. Cross-reference with critical asset lists
  5. Prioritize remediation by risk

Incident Response Support

  1. Get details for affected endpoint(s)
  2. Check current protection status
  3. Review agent version and capabilities
  4. Identify available response actions
  5. Document endpoint context for investigation

Compliance Reporting

  1. List all endpoints
  2. Calculate protection coverage percentage
  3. Identify non-compliant endpoints
  4. Check agent version compliance
  5. Generate compliance summary

Output Format

Endpoint Inventory

code
## Endpoint Summary

**Total Endpoints**: [count]
- Protected: [count] ([%])
- Partially Protected: [count] ([%])
- Unprotected: [count] ([%])

### By Operating System
| OS | Count | Protected | Issues |
|----|-------|-----------|--------|
| Windows 11 | [count] | [count] | [count] |
| Windows 10 | [count] | [count] | [count] |
| Windows Server | [count] | [count] | [count] |
| macOS | [count] | [count] | [count] |
| Linux | [count] | [count] | [count] |

### By Protection Status
- Full protection: [count]
- Missing component(s): [count]
- Agent offline: [count]
- Protection disabled: [count]

Endpoint Details

code
## Endpoint: [Hostname]

**IP Address**: [IP]
**MAC Address**: [MAC]
**Operating System**: [OS Name] [Version]
**Last Seen**: [Timestamp]

### Agent Information
- Agent Version: [Version]
- Agent Status: [Online/Offline]
- Last Check-in: [Timestamp]

### Protection Status
- Real-time scan: [Enabled/Disabled]
- Behavior monitoring: [Enabled/Disabled]
- Web reputation: [Enabled/Disabled]
- Firewall: [Enabled/Disabled]

### Security Posture
- Open vulnerabilities: [count]
- Recent detections: [count]
- Risk score: [score]

Agent Status Report

code
## Agent Deployment Status

**Current Version**: [Version]
**Total Agents**: [count]

### Version Distribution
| Version | Count | Status |
|---------|-------|--------|
| [Version] | [count] | Current |
| [Version] | [count] | Outdated |
| [Version] | [count] | Critical Update Needed |

### Connectivity
- Online: [count]
- Offline (< 24h): [count]
- Offline (> 24h): [count]
- Offline (> 7d): [count]

### Update Priority
1. [count] endpoints require critical updates
2. [count] endpoints have outdated agents
3. [count] endpoints need attention (offline)

Security Considerations

  • This skill provides read-only access to endpoint inventory data
  • Endpoint names, IPs, and configurations are sensitive infrastructure information
  • Unprotected endpoints represent significant security risk
  • Offline agents may indicate compromised or isolated systems
  • Agent version gaps should be addressed to maintain protection efficacy
  • Coordinate with IT operations for agent deployments and updates
  • Use endpoint data to prioritize patching and incident response