let KnowExploitesVulnsCISA = externaldata(cveID: string, vendorProject:
string, product: string, vulnerabilityName: string, dateAdded: datetime,
shortDescription: string, requiredAction: string, dueDate: datetime,
notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"]
with (format="csv", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| join KnowExploitesVulnsCISA on $left.CveId == $right.cveID
| summarize
TotalVulnerableDevices = count(),
DeviceList = make_set(DeviceName),
Description = make_set(shortDescription)
by cveID
| sort by TotalVulnerableDevices