Forum Discussion
Find out number of closed vulnerabilities
Hi,
I'm using MS Defender TVM to find and manage vulnerabilities in my infrastructure. I already have some powershell scripts to extract some TVM data for reporting each month, like number of Critical, High, Medium and Low vulns, as well as some other metrics.
But what I would really like to know is the number of closed vulns. For example, I have a server with 100 vulns in which I apply the patch tuesday from MS, which fixes 40 of those vulns, so the server will have 60 vulns after a new scan.
Is there any way to extract information about the closed vulnerabilities?
Thanks
- AntR07Brass ContributorI too have been looking for a solution to this. There is an 'event timeline' in Defender TVM section that tracks changes but I dont think this data is available via API or Advanced Hunting schema. And it is more device related rather than total vulns remediated.
My thought was to try a KQL query to take all CVE's that existed on the first of the month (or what ever time period you want) and compare against the CVE's that exist now (current date/time). I can't figure out the KQL query though..- dmarquesgnIron Contributor
Hi,
Yeah, I think for new the best option is to extract the all the vulns in Powershell, then dump it into a CSV, and then make a second dump and compare both to find out what vulns have "disappeared".
I'll try to develop something like this as soon as I got sime time.Thanks