let NewThreshold = 1d;
let KnowExploitesVulnsCISA = externaldata(cveID: string, vendorProject: string, product: string, vulnerabilityName: string, dateAdded: datetime, shortDescription: string, requiredAction: string, dueDate: datetime, notes: string)[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"] with (format="csv", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| join kind=inner (KnowExploitesVulnsCISA
| where dateAdded > ago(NewThreshold))
on $left.CveId == $right.cveID
| project-reorder DeviceName, CveId, vendorProject, vulnerabilityName, dateAdded, shortDescription
| join kind=inner (DeviceProcessEvents
| where Timestamp > ago(30d)
| summarize arg_max(Timestamp, Timestamp, DeviceId, ReportId))
on $left.DeviceId == $right.DeviceId
Conçu avec WordPress
Laisser un commentaire