Skip to content

Latest commit

 

History

History
19 lines (19 loc) · 754 Bytes

CISAKnowExploitsVulnerabilitiesTotalVulnerableDevices.md

File metadata and controls

19 lines (19 loc) · 754 Bytes

Total vulnerable devices for known exploited vulnerabilities from CISA


Defender For Endpoint

let KnowExploitesVulnsCISA = externaldata(cveID: string, vendorProject: 
string, product: string, vulnerabilityName: string, dateAdded: datetime, 
shortDescription: string, requiredAction: string, dueDate: datetime, 
notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"] 
with (format="csv", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| join KnowExploitesVulnsCISA on $left.CveId == $right.cveID
| summarize
     TotalVulnerableDevices = count(),
     DeviceList = make_set(DeviceName),
     Description = make_set(shortDescription)
     by cveID
| sort by TotalVulnerableDevices