Missing KBs with Advanced Hunting

%3CLINGO-SUB%20id%3D%22lingo-sub-1504901%22%20slang%3D%22en-US%22%3EMissing%20KBs%20with%20Advanced%20Hunting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1504901%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Team%2C%20I%20am%20looking%20to%20use%20Advanced%20Hunting%20to%20get%20list%20of%20Missing%20KBs%20on%20a%20Device(s).%3C%2FP%3E%3CP%3ENeed%20similar%20info%20provided%20by%20this%20API%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fget-missing-kbs-machine%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fget-missing-kbs-machine%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20I%20am%20able%20to%20use%20DeviceTvmSoftwareInventoryVulnerabilities%20table%2C%20But%20it%20provides%20list%20of%20all%20CVEs%20rather%20than%20just%20the%20name%20of%20missing%20KB%2FPatch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20leads%20would%20be%20appreciated%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello Team, I am looking to use Advanced Hunting to get list of Missing KBs on a Device(s).

Need similar info provided by this API, https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/get-missi....

 

Also, I am able to use DeviceTvmSoftwareInventoryVulnerabilities table, But it provides list of all CVEs rather than just the name of missing KB/Patch.

 

Any leads would be appreciated :)

1 Reply

@sagarsetia2225 Looking for the same thing too. Occasionally an update will get stuck and requires a reboot and some troubleshooting to get it back, but I haven't found any way yet to find out which systems those are, except that there's a loose correlation between the Health Status != "Active" & Last Seen is not updated, and yet the system is still on the network.