Microsoft-365-Defender-Hunting-Queries icon indicating copy to clipboard operation
Microsoft-365-Defender-Hunting-Queries copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add Health State and Date last seen

Open johnB007 opened this issue 3 years ago • 0 comments

Can you add Health state and Date last seen to the query? I added onto your query but it doesnt work and it also only queries 1 machine and not all the machines with this CVE.

DeviceTvmSoftwareVulnerabilities | where CveId contains "CVE-2021-26897" | join kind =inner(DeviceInfo) on DeviceId
| join kind =inner(DeviceNetworkInfo) on DeviceId
| project DeviceId, DeviceName, OSPlatform, OSVersion, SoftwareVendor, SoftwareName, SoftwareVersion, PublicIP, DnsAddresses, IPv4Dhcp, IPAddresses, CveId, MachineGroup, VulnerabilitySeverityLevel | limit 100

johnB007 avatar Apr 06 '21 13:04 johnB007