KQL Search

Query Details

HomeAI ToolsDevice Query

CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability

Query

// https://securityonline.info/9-8-cvss-score-rockwell-automation-impacted-by-high-severity-log4net-vulnerability/
// https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1728.html

DeviceInfo
| where Vendor has "rockwell"
| summarize arg_max(TimeGenerated, *) by DeviceId

Explanation

This KQL (Kusto Query Language) query is designed to analyze data related to devices from Rockwell Automation. Here's a simple breakdown of what the query does:

  1. Data Source: The query is pulling data from a table or dataset named DeviceInfo.

  2. Filter: It filters the data to only include entries where the Vendor field contains the word "rockwell". This means it is specifically looking for devices associated with Rockwell Automation.

  3. Summarize: The query then summarizes the data by finding the most recent entry (based on TimeGenerated) for each unique DeviceId. The arg_max(TimeGenerated, *) function is used to achieve this, which selects the row with the maximum TimeGenerated value for each DeviceId.

In summary, this query retrieves the latest information for each Rockwell Automation device from the dataset.

Details

Steven Lim profile picture

Steven Lim

Released: May 22, 2025

Tables

DeviceInfo

Keywords

DeviceInfoRockwellDeviceId

Operators

hassummarizearg_maxbywhere

Actions