Find OpenSSL affected files using advanced hunting

Brass Contributor

While it's possible to view an individual devices software inventory in Defender XDR - this becomes an inefficient way of identifying and addressing vulnerable applications that use OpenSSL components. I am trying to use advanced hunting to find when an OpenSSL vulnerability exists and when a weakness is present on devices and supply the affected files.


So far my query looks like this but I cannot figure out how to get the Weaknesses where count is >=1.


| join kind=innerunique (DeviceTvmSoftwareEvidenceBeta) on DeviceId
| where SoftwareVendor contains "openssl"




0 Replies