KQL Search

Query Details

HomeAI ToolsDevice Query

Cve Lookup

Query

# Lookup vulnerability information based on a CveID
----
### Defender For Endpoint
```
let CVE = "CVE-2022-3602"; // Add your CVEid here
DeviceTvmSoftwareVulnerabilities
| where CveId == CVE
| summarize VulnerableDevices = make_set(DeviceName) by CveId
| join DeviceTvmSoftwareVulnerabilitiesKB on CveId
| extend TotalDevices = array_length(VulnerableDevices)
| project TotalDevices, CveId, VulnerabilitySeverityLevel, CvssScore, VulnerabilityDescription, VulnerableDevices
```

Explanation

This query looks up vulnerability information based on a specific CVE ID (Common Vulnerabilities and Exposures ID). It retrieves data from the Defender for Endpoint system and returns the total number of devices affected by the vulnerability, along with details such as severity level, CVSS score, description, and the names of the vulnerable devices.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: February 14, 2023

Tables

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB

Keywords

DeviceTvmSoftwareVulnerabilities,CveId,DeviceName,VulnerableDevices,DeviceTvmSoftwareVulnerabilitiesKB,TotalDevices,VulnerabilitySeverityLevel,CvssScore,VulnerabilityDescription

Operators

letwheresummarizemake_setbyjoinextendarray_lengthproject

Actions