Vulnerabilities that have an exploit available in MetaSploit by device
CVE With Meta Sploit Exploit Device Total
Query
let MetaSploitExploitsWithAssignedCVE = externaldata(cveid: string)[@"https://feeds.ecrimelabs.net/data/metasploit-cve"] with (format="txt", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| where CveId in~ (MetaSploitExploitsWithAssignedCVE)
| summarize
TotalVulnerabilities = dcount(CveId),
Vulnerabilities = make_set(CveId)
by DeviceName
| sort by TotalVulnerabilitiesAbout this query
Vulnerabilities that have an exploit available in MetaSploit by device
Defender XDR
Explanation
This query is designed to identify and summarize vulnerabilities on devices that have known exploits available in MetaSploit. Here's a simple breakdown of what it does:
-
Data Source: It pulls a list of CVE IDs (Common Vulnerabilities and Exposures) that have exploits available in MetaSploit from an external source.
-
Filter Vulnerabilities: It then checks the
DeviceTvmSoftwareVulnerabilitiestable to find vulnerabilities on devices that match the CVE IDs from the MetaSploit list. -
Summarize Data: For each device, it counts the total number of unique vulnerabilities (CVE IDs) and creates a list of these vulnerabilities.
-
Sort Results: Finally, it sorts the devices by the total number of vulnerabilities in ascending order.
In summary, the query identifies devices with vulnerabilities that can be exploited using MetaSploit, counts these vulnerabilities per device, and lists them, sorted by the number of vulnerabilities.
Details

Bert-Jan Pals
Released: December 1, 2024
Tables
Keywords
Operators