Forum Discussion
Using Advanced Hunting Query to identify Devices missing patch
Morning, Using the following scenario as an example. Microsoft recategorised CVE-2022-37958 in December 2022, it was initially patched in September 2022. I want to query my environment to dete...
Your approach is fine but if you want to be specific about the CVE, the following will do the trick:
//Amend CVE list in first line to suit
let CVEcheck = dynamic(["CVE-2022-37958","CVE-XXXX-XXXXX"]);
DeviceTvmSoftwareVulnerabilities
|where CveId in (CVEcheck)
|summarize Securitypatches= count(),make_set(CveId) by DeviceName,OSPlatform,KBID=RecommendedSecurityUpdateId