Forum Discussion
Paul Bendall
Dec 22, 2022Iron Contributor
Using Advanced Hunting Query to identify Devices missing patch
Morning, Using the following scenario as an example. Microsoft recategorised CVE-2022-37958 in December 2022, it was initially patched in September 2022. I want to query my environment to dete...
andre4000
Jan 04, 2023Copper Contributor
Your approach is fine but if you want to be specific about the CVE, the following will do the trick:
//Amend CVE list in first line to suit
let CVEcheck = dynamic(["CVE-2022-37958","CVE-XXXX-XXXXX"]);
DeviceTvmSoftwareVulnerabilities
|where CveId in (CVEcheck)
|summarize Securitypatches= count(),make_set(CveId) by DeviceName,OSPlatform,KBID=RecommendedSecurityUpdateId