Vulnerabilities Year To Date CISA KEV Release Year
CISAKEV Year To Date Vulnerabilities Release Year
Query
let KnowExploitesVulnsCISA = externaldata(CVEId: string, Vendor:
string, Product: string, VulnerabilityName: string, DateAdded: datetime,
Description: string, RequiredAction: string, DueDate: datetime,
Notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"]
with (format="csv", ignoreFirstRecord=True);
KnowExploitesVulnsCISA
| where DateAdded between (startofyear(now()) .. startofweek(endofyear(now())))
| extend Year = toint((split(CVEId, "-")[1]))About this query
Vulnerabilities Year To Date CISA KEV Release Year
Query Information
Description
This query uses the CISA Known Exploited Vulnerabilities Catalog to list the vulnerabilities year to date by year when the vulnerability was released.
References
Defender XDR
Sentinel
let KnowExploitesVulnsCISA = externaldata(CVEId: string, Vendor:
string, Product: string, VulnerabilityName: string, DateAdded: datetime,
Description: string, RequiredAction: string, DueDate: datetime,
Notes: string)
[@"https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv"]
with (format="csv", ignoreFirstRecord=True);
KnowExploitesVulnsCISA
| where DateAdded between (startofyear(now()) .. startofweek(endofyear(now())))
| extend Year = toint((split(CVEId, "-")[1]))
Explanation
This query is designed to extract and list vulnerabilities from the CISA Known Exploited Vulnerabilities Catalog that have been added in the current year. It does this by:
- Accessing an external CSV file from the CISA website, which contains information about known exploited vulnerabilities.
- Filtering the data to include only those vulnerabilities that were added to the catalog from the beginning of the current year up to the start of the last week of the year.
- Extracting the year when each vulnerability was originally released by parsing the CVE ID, which typically follows the format "CVE-Year-Number".
- The result is a list of vulnerabilities added this year, along with the year they were initially released.
This query is useful for security analysts who want to track and analyze vulnerabilities that have been recognized as exploited within the current year.
Details

Bert-Jan Pals
Released: December 30, 2025
Tables
KnowExploitesVulnsCISA
Keywords
VulnerabilitiesCISAYearDateVendorProductDescriptionActionNotes
Operators
externaldatawithwherebetweenstartofyearnowstartofweekendofyearextendtointsplit