Forum Discussion
Solved
Kusto Query to extract the number of exploitable vulnerabilities
Hi, I need to build up a Kusto Query to extract the total number of Exploitable Vulnerabilities. The vulnerabilities are on the DeviceTvmSoftwareVulnerabilities table with their CVEID and the Exp...
Thanks for the reference. But I found out what was the issue. Now it works as expected, like this:
$vulnUrl = '{ "query": "DeviceTvmSoftwareVulnerabilities | join (DeviceTvmSoftwareVulnerabilitiesKB) on CveId | where IsExploitable == 1 | count" }' $vulnUrlUri = "https://graph.microsoft.com/beta/security/runHuntingQuery" $vulnResponse = Invoke-WebRequest -Method Post -Uri $vulnUrlUri -Body $vulnUrl -Headers $headers -ErrorAction StopThe difference was the " surrounding the 1 value. So I guess it doesn't deal well with multiple " on the variable.
Rod_Trent
Microsoft
MicrosoftLooking at the following: https://learningbydoing.cloud/blog/query-log-analytics-with-kql-from-powershell/
There is an Invoke-AzOperationalInsightsQuery
There is an Invoke-AzOperationalInsightsQuery
Thanks for the reference. But I found out what was the issue. Now it works as expected, like this:
$vulnUrl = '{ "query": "DeviceTvmSoftwareVulnerabilities | join (DeviceTvmSoftwareVulnerabilitiesKB) on CveId | where IsExploitable == 1 | count" }'
$vulnUrlUri = "https://graph.microsoft.com/beta/security/runHuntingQuery"
$vulnResponse = Invoke-WebRequest -Method Post -Uri $vulnUrlUri -Body $vulnUrl -Headers $headers -ErrorAction StopThe difference was the " surrounding the 1 value. So I guess it doesn't deal well with multiple " on the variable.
This now leads me to an issue. I've got other query which I would like to run, which is this:
AlertInfo | where Title == "Email reported by user as malware or phish" | where Timestamp > ago(30d) | countAnd in this case I cannot remove the " nor replace it on the variable by '.
So I don't know if there's any way to escape the ".