Forum Discussion

lfk73's avatar
lfk73
Brass Contributor
Aug 05, 2025

Defender vulnerability report

I've been working with Defender threat hunting to get stats on vulnerabilities in my environment.  Once thing I wanted to do was to track total vulnerabilities over time for specific software rather than just a total.

 

Problem is there doesn't seem to be a field in the DeviceTvmSoftwareVulnerabilities that records data\time when this vulnerability was detected\last seen etc.  Without a date when it was seen for it to get a total each day.

 

Ay ideas how I can get this?  And no I don't have any other vulnerability scanning tools.

microsoft 365
microsoft 365 defender

1 Reply

  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Aug 05, 2025

    How about using DeviceTvmSoftwareVulnerabilities with joins:

    • Join with DeviceTvmSoftwareInventory
      This table includes software data with timestamp fields like LastSeenDateTime, which gives a hint on software presence changes over time. While not tied directly to vulnerabilities, it can provide contextual clues.
    • Use DeviceEvents or DeviceNetworkEvents
      These broader tables include time-stamped telemetry. If certain vulnerabilities correlate with specific event patterns (e.g., exploits), you may be able to infer time-based insights indirectly.

     

Resources