Query Details
Device Tvm Software Vulnerabilities Vulnerabilities By Software
Query
DeviceTvmSoftwareVulnerabilities
//| where SoftwareName has_any ("chrome", "edge", "cortex", "windows")
//| where CveId has_any ("CVE-2021-29358", "CVE-2021-29359")
//| where VulnerabilitySeverityLevel has_any ("Low", "Medium", "High", "Critical")
| summarize DeviceNameList = make_set(DeviceName), DetailedDeviceList = make_set(bag_pack("DeviceName", DeviceName, "DeviceId", DeviceId)), CVEs = array_sort_asc(make_set(bag_pack("CVE", CveId, "VulnerabilitySeverityLevel", VulnerabilitySeverityLevel))) by SoftwareName, SoftwareVersion
| summarize DeviceNameList = array_sort_asc(make_set(DeviceNameList)), DetailedDeviceList = make_set(DetailedDeviceList), VersionList = array_sort_asc(make_list(bag_pack("SoftwareVersion", SoftwareVersion, "CVEs", CVEs))) by SoftwareName
| project SoftwareName, VersionList, DeviceNameList, DetailedDeviceList
//| mv-expand DeviceNameList to typeof(string)
//| limit 100
Explanation
This query retrieves information about software vulnerabilities on devices. It filters the results based on specific software names, CVE IDs, and vulnerability severity levels. The query then summarizes the data by creating sets and arrays for device names, detailed device information, and CVEs. It also sorts the data by software name and version. Finally, it projects the software name, version list, device name list, and detailed device list.
Details
Jose Sebastián Canós
Released: November 10, 2022
Tables
DeviceTvmSoftwareVulnerabilities
Keywords
Device,Software,Vulnerabilities,Chrome,Edge,Cortex,Windows,CVE,Low,Medium,High,Critical,DeviceName,DeviceId,CVEs,SoftwareVersion
Operators
wherehas_anysummarizemake_setbag_packarray_sort_ascmake_listprojectmv-expandlimit