EXPLORE
Sign In
← Back to Explore
kqlHunting

Top 10 devices with the most exploitable vulnerabilities

This query lists the 10 devices in your tenant with the most exploitable vulnerabilities.

Detection Query

let ExploitableVulnerabilities = DeviceTvmSoftwareVulnerabilitiesKB
     | where IsExploitAvailable == 1
     | project CveId;
DeviceTvmSoftwareVulnerabilities
| where CveId in (ExploitableVulnerabilities)
| summarize TotalExploitableVulns = dcount(CveId), ExploitableCVE = make_set(CveId) by DeviceId
| top 10 by TotalExploitableVulns

Platforms

microsoft-defender

Tags

vulnerability-management
Raw Content
# Top 10 devices with the most exploitable vulnerabilities

## Query Information

#### Description
This query lists the 10 devices in your tenant with the most exploitable vulnerabilities.

## Defender XDR
```KQL
let ExploitableVulnerabilities = DeviceTvmSoftwareVulnerabilitiesKB
     | where IsExploitAvailable == 1
     | project CveId;
DeviceTvmSoftwareVulnerabilities
| where CveId in (ExploitableVulnerabilities)
| summarize TotalExploitableVulns = dcount(CveId), ExploitableCVE = make_set(CveId) by DeviceId
| top 10 by TotalExploitableVulns
```