Query Details
Top Devices Most Vulnerabilities
Query
# Top 10 devices with the most Critical and High vulnerabilities
----
### Defender For Endpoint
```
DeviceTvmSoftwareVulnerabilities
| where VulnerabilitySeverityLevel has_any ('critical', 'High')
| summarize count(), VulnerableCVE = make_set(CveId) by DeviceName
| top 10 by count_
```
Explanation
This query is looking for the top 10 devices that have the most critical and high vulnerabilities in Defender For Endpoint. It retrieves the device names, counts the number of vulnerabilities for each device, and lists the unique CVEs (Common Vulnerabilities and Exposures) associated with each device. The results are then sorted in descending order by the vulnerability count, and only the top 10 devices are returned.
Details
Bert-Jan Pals
Released: February 14, 2023
Tables
DeviceTvmSoftwareVulnerabilities
Keywords
Devices,Intune,User,Critical,High,Vulnerabilities,Defender,Endpoint,Tvm,Software,CVE
Operators
wherehas_anysummarizecount()make_set()bytop 10 by