EXPLORE
Sign In
← Back to Explore
kqlHunting

Lookup vulnerability information based on a CveID

----

Detection Query

let CVE = "CVE-2022-3602"; // Add your CVEid here
DeviceTvmSoftwareVulnerabilities
| where CveId == CVE
| summarize VulnerableDevices = make_set(DeviceName) by CveId
| join kind=innerunique DeviceTvmSoftwareVulnerabilitiesKB on CveId
| extend TotalDevices = array_length(VulnerableDevices)
| project TotalDevices, CveId, VulnerabilitySeverityLevel, CvssScore, VulnerabilityDescription, VulnerableDevices

Platforms

microsoft-defender

Tags

vulnerability-management
Raw Content
# Lookup vulnerability information based on a CveID
----
## Defender XDR
```KQL
let CVE = "CVE-2022-3602"; // Add your CVEid here
DeviceTvmSoftwareVulnerabilities
| where CveId == CVE
| summarize VulnerableDevices = make_set(DeviceName) by CveId
| join kind=innerunique DeviceTvmSoftwareVulnerabilitiesKB on CveId
| extend TotalDevices = array_length(VulnerableDevices)
| project TotalDevices, CveId, VulnerabilitySeverityLevel, CvssScore, VulnerabilityDescription, VulnerableDevices
```