Find out number of closed vulnerabilities

dmarquesgn · ‎Aug 22 2023

Hi,

I'm using MS Defender TVM to find and manage vulnerabilities in my infrastructure. I already have some powershell scripts to extract some TVM data for reporting each month, like number of Critical, High, Medium and Low vulns, as well as some other metrics.

But what I would really like to know is the number of closed vulns. For example, I have a server with 100 vulns in which I apply the patch tuesday from MS, which fixes 40 of those vulns, so the server will have 60 vulns after a new scan.

Is there any way to extract information about the closed vulnerabilities?
Thanks

AntR07 · ‎Dec 11 2023

I too have been looking for a solution to this. There is an 'event timeline' in Defender TVM section that tracks changes but I dont think this data is available via API or Advanced Hunting schema. And it is more device related rather than total vulns remediated.

My thought was to try a KQL query to take all CVE's that existed on the first of the month (or what ever time period you want) and compare against the CVE's that exist now (current date/time). I can't figure out the KQL query though..

dmarquesgn · ‎Dec 18 2023

@AntR07

Hi,

Yeah, I think for new the best option is to extract the all the vulns in Powershell, then dump it into a CSV, and then make a second dump and compare both to find out what vulns have "disappeared".
I'll try to develop something like this as soon as I got sime time.

Thanks

Find out number of closed vulnerabilities

Find out number of closed vulnerabilities

Re: Find out number of closed vulnerabilities

Re: Find out number of closed vulnerabilities

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Find out number of closed vulnerabilities

Find out number of closed vulnerabilities

Re: Find out number of closed vulnerabilities

Re: Find out number of closed vulnerabilities