Device Tvm Software Vulnerabilities Vulnerabilities By Device

DeviceTvmSoftwareVulnerabilities //| where SoftwareName has_any ("chrome", "edge", "cortex", "windows") //| where CveId has_any ("CVE-2021-29358", "CVE-2021-29359") //| where VulnerabilitySeverityLevel has_any ("Low", "Medium", "High", "Critical") | summarize CveIdList = make_list(bag_pack("CveId", CveId, "VulnerabilitySeverityLevel", VulnerabilitySeverityLevel, "RecommendedSecurityUpdate", RecommendedSecurityUpdate)), take_any(DeviceName, OSPlatform, OSVersion, OSArchitecture) by DeviceId, SoftwareName, SoftwareVersion | summarize Vulnerabilities = make_list(bag_pack("SoftwareName", SoftwareName, "SoftwareVersion", SoftwareVersion, "CVEs", CveIdList)), take_any(DeviceName, OSPlatform, OSVersion, OSArchitecture) by DeviceId | project DeviceName, Vulnerabilities, OSPlatform, OSVersion, OSArchitecture, DeviceId //| mv-expand Vulnerabilities //| limit 100

Explanation

This query retrieves information about software vulnerabilities on devices. It filters the data based on specific software names, CVE IDs, and severity levels. It then groups the data by device ID, software name, and software version, and creates a list of CVE IDs with their severity levels and recommended security updates. Finally, it summarizes the data by device ID and includes the device name, vulnerabilities, operating system platform, version, and architecture. The last two lines are commented out and not part of the query.

Details

Jose Sebastián Canós

Released: November 10, 2022

Tables

DeviceTvmSoftwareVulnerabilities

Keywords

DeviceTvmSoftwareVulnerabilities,SoftwareName,CveId,VulnerabilitySeverityLevel,CveIdList,DeviceName,OSPlatform,OSVersion,OSArchitecture,SoftwareVersion,Vulnerabilities,DeviceId

Operators

wherehas_anysummarizemake_listbag_packtake_anybyprojectmv-expandlimit

KQL Search