Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Find OpenSSL affected files using advanced hunting

Brass Contributor

While it's possible to view an individual devices software inventory in Defender XDR - this becomes an inefficient way of identifying and addressing vulnerable applications that use OpenSSL components. I am trying to use advanced hunting to find when an OpenSSL vulnerability exists and when a weakness is present on devices and supply the affected files.

 

So far my query looks like this but I cannot figure out how to get the Weaknesses where count is >=1.

 

DeviceTvmSoftwareVulnerabilities
| join kind=innerunique (DeviceTvmSoftwareEvidenceBeta) on DeviceId
| where SoftwareVendor contains "openssl"

 

DannyGrasso_0-1703021936225.png

 

0 Replies