Device Tvm Software Vulnerabilities Vulnerabilities By Device
Query
DeviceTvmSoftwareVulnerabilities
//| where SoftwareName has_any ("chrome", "edge", "cortex", "windows")
//| where CveId has_any ("CVE-2021-29358", "CVE-2021-29359")
//| where VulnerabilitySeverityLevel has_any ("Low", "Medium", "High", "Critical")
| summarize CveIdList = make_list(bag_pack("CveId", CveId, "VulnerabilitySeverityLevel", VulnerabilitySeverityLevel, "RecommendedSecurityUpdate", RecommendedSecurityUpdate)), take_any(DeviceName, OSPlatform, OSVersion, OSArchitecture) by DeviceId, SoftwareName, SoftwareVersion
| summarize Vulnerabilities = make_list(bag_pack("SoftwareName", SoftwareName, "SoftwareVersion", SoftwareVersion, "CVEs", CveIdList)), take_any(DeviceName, OSPlatform, OSVersion, OSArchitecture) by DeviceId
| project DeviceName, Vulnerabilities, OSPlatform, OSVersion, OSArchitecture, DeviceId
//| mv-expand Vulnerabilities
//| limit 100Explanation
This query retrieves information about software vulnerabilities on devices. It filters the data based on specific software names, CVE IDs, and severity levels. It then groups the data by device ID, software name, and software version, and creates a list of CVE IDs with their severity levels and recommended security updates. Finally, it summarizes the data by device ID and includes the device name, vulnerabilities, operating system platform, version, and architecture. The last two lines are commented out and not part of the query.
Details

Jose Sebastián Canós
Released: November 10, 2022
Tables
DeviceTvmSoftwareVulnerabilities
Keywords
DeviceTvmSoftwareVulnerabilitiesSoftwareNameCveIdVulnerabilitySeverityLevelCveIdListDeviceNameOSPlatformOSVersionOSArchitectureSoftwareVersionVulnerabilitiesDeviceId
Operators
wherehas_anysummarizemake_listbag_packtake_anybyprojectmv-expandlimit