Query Details
Top Devices Most Exploitable Vulnerabilities
Query
# Top 10 devices with the most exploitable vulnerabilities
----
### Defender For Endpoint
```
let ExploitableVulnerabilities = materialize
(DeviceTvmSoftwareVulnerabilitiesKB
| where IsExploitAvailable == 1
| project CveId);
DeviceTvmSoftwareVulnerabilities
| join ExploitableVulnerabilities on CveId
| summarize count(), ExploitableCVE = make_set(CveId) by DeviceName
| top 10 by count_
```
Explanation
This query is looking for the top 10 devices that have the most vulnerabilities that can be exploited. It uses the Defender For Endpoint data to find devices with exploitable vulnerabilities and then counts the number of vulnerabilities for each device. The result is a list of the top 10 devices with the most exploitable vulnerabilities.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
DeviceTvmSoftwareVulnerabilities
Keywords
Devices,ExploitableVulnerabilities,DefenderForEndpoint
Operators
materializewhereprojectjoinsummarizecount()make_setbytop 10 by