Microsoft-365-Defender-Hunting-Queries
Microsoft-365-Defender-Hunting-Queries copied to clipboard
Add Health State and Date last seen
Can you add Health state and Date last seen to the query? I added onto your query but it doesnt work and it also only queries 1 machine and not all the machines with this CVE.
DeviceTvmSoftwareVulnerabilities
| where CveId contains "CVE-2021-26897"
| join kind =inner(DeviceInfo) on DeviceId
| join kind =inner(DeviceNetworkInfo) on DeviceId
| project DeviceId, DeviceName, OSPlatform, OSVersion, SoftwareVendor, SoftwareName, SoftwareVersion, PublicIP, DnsAddresses, IPv4Dhcp, IPAddresses, CveId, MachineGroup, VulnerabilitySeverityLevel
| limit 100