Query Details
CVE With Meta Sploit Exploit Device Total
Query
# Vulnerabilities that have an exploit available in MetaSploit by device
----
### Defender For Endpoint
```
let MetaSploitExploitsWithAssignedCVE = externaldata(cveid: string)[@"https://feeds.ecrimelabs.net/data/metasploit-cve"] with (format="txt", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| where CveId in~ (MetaSploitExploitsWithAssignedCVE)
| summarize
TotalVulnerabilities = dcount(CveId),
Vulnerabilities = make_set(CveId)
by DeviceName
| sort by TotalVulnerabilities
```
Explanation
This query retrieves information about vulnerabilities that have an exploit available in MetaSploit, categorized by device. It uses data from the MetaSploit CVE feed and the Defender For Endpoint device software vulnerabilities. The query counts the total number of vulnerabilities and creates a set of unique vulnerability IDs for each device. The results are sorted by the total number of vulnerabilities.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
DeviceTvmSoftwareVulnerabilities
Keywords
Device,MetaSploitExploitsWithAssignedCVE,DeviceTvmSoftwareVulnerabilities,CveId,TotalVulnerabilities,Vulnerabilities,DeviceName
Operators
externaldatawithformatignoreFirstRecordwherein~summarizedcountmake_setbysort by