Dec 15 2021 08:12 AM
We came up with the following KQL but are still learning could someone double check our work?
DeviceTvmSoftwareVulnerabilities
| where CveId == 'CVE-2021-44228'
| project DeviceId, DeviceName, OSPlatform, OSVersion, SoftwareVendor, SoftwareName, SoftwareVersion, CveId
| join kind=inner
(
DeviceInfo
| project DeviceId, PublicIP, MachineGroup
)
on DeviceId
| distinct *
We're trying to use KQL to determine which of our hosts affected by log4j have public facing IP addresses...
Thanks!
Dec 15 2021 10:15 AM
Dec 16 2021 12:08 PM
Dec 17 2021 11:08 AM