Vulnerabilities Year To Date CISA KEV
CISAKEV Year To Date Vulnerabilities
Query
let KnowExploitesVulnsCISA = externaldata(CVEId: string, Vendor:
string, Product: string, VulnerabilityName: string, DateAdded: datetime,
Description: string, RequiredAction: string, DueDate: datetime,
Notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"]
with (format="csv", ignoreFirstRecord=True);
KnowExploitesVulnsCISA
| where DateAdded between (startofyear(now()) .. startofweek(endofyear(now())))
| summarize Total = dcount(CVEId) by VendorAbout this query
Vulnerabilities Year To Date CISA KEV
Query Information
Description
This query uses the CISA Known Exploited Vulnerabilities Catalog to list the vulnerabilities year to date by vendor. This can be used to analyze how many vulnerabilities have been added for each vendor and their products.
References
Defender XDR
Sentinel
let KnowExploitesVulnsCISA = externaldata(CVEId: string, Vendor:
string, Product: string, VulnerabilityName: string, DateAdded: datetime,
Description: string, RequiredAction: string, DueDate: datetime,
Notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"]
with (format="csv", ignoreFirstRecord=True);
KnowExploitesVulnsCISA
| where DateAdded between (startofyear(now()) .. startofweek(endofyear(now())))
| summarize Total = dcount(CVEId) by Vendor
Explanation
This query is designed to analyze vulnerabilities from the CISA Known Exploited Vulnerabilities Catalog for the current year. It retrieves data from an external CSV file provided by CISA, which includes details about various vulnerabilities such as their ID, vendor, product, and the date they were added to the catalog.
The query specifically focuses on vulnerabilities that have been added since the beginning of the current year up to the start of the last week of the year. It then counts the distinct number of vulnerabilities (using their CVE IDs) for each vendor and summarizes this information to show how many vulnerabilities have been reported for each vendor's products so far this year. This helps in understanding which vendors have had more vulnerabilities reported and may require more attention or action.
Details

Bert-Jan Pals
Released: December 30, 2025
Tables
Keywords
Operators