Forum Discussion
dmarquesgn
Aug 21, 2023Iron Contributor
Hunting query to extract unique CVEs with only 1 device
Hi, I'm using Defender as my main vulnerability assessment platform and now I want to automate part of the process of opening tickets based on vulnerabilities, so those vulnerabities can be solved. ...
dmarquesgn
Aug 22, 2023Iron Contributor
dmarquesgn I was able to get that query running.
Here is it for reference.
DeviceTvmSoftwareVulnerabilities
| summarize count(), make_set(DeviceName) by CveId
| where count_ == 1
| join kind=leftouter DeviceTvmSoftwareVulnerabilitiesKB on CveId