{"id":81,"date":"2024-01-12T09:47:47","date_gmt":"2024-01-12T09:47:47","guid":{"rendered":"https:\/\/cyber-resilience.mobi\/?p=81"},"modified":"2024-01-12T10:03:40","modified_gmt":"2024-01-12T10:03:40","slug":"cve-cisa","status":"publish","type":"post","link":"https:\/\/cyber-resilience.mobi\/?p=81","title":{"rendered":"KQL CVE CISA"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code>let NewThreshold = 1d;\r\nlet KnowExploitesVulnsCISA = externaldata(cveID: string, vendorProject: string, product: string, vulnerabilityName: string, dateAdded: datetime, shortDescription: string, requiredAction: string, dueDate: datetime, notes: string)&#91;@\"https:\/\/www.cisa.gov\/sites\/default\/files\/csv\/known_exploited_vulnerabilities.csv\"] with (format=\"csv\", ignoreFirstRecord=True);\r\nDeviceTvmSoftwareVulnerabilities\r\n| join kind=inner (KnowExploitesVulnsCISA \r\n    | where dateAdded > ago(NewThreshold)) \r\n    on $left.CveId == $right.cveID\r\n| project-reorder DeviceName, CveId, vendorProject, vulnerabilityName, dateAdded, shortDescription\r\n| join kind=inner (DeviceProcessEvents\r\n    | where Timestamp > ago(30d)\r\n    | summarize arg_max(Timestamp, Timestamp, DeviceId, ReportId))\r\n    on $left.DeviceId == $right.DeviceId<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,20],"tags":[21,18,19,22],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-kql","category-kql-sentinel","tag-defender","tag-kql","tag-kusto","tag-sentinel"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=81"}],"version-history":[{"count":2,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/81\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/81\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}