Query Details

Vulnerabilities that have an exploit available in MetaSploit by device

CVE With Meta Sploit Exploit Device Total

Query

let MetaSploitExploitsWithAssignedCVE = externaldata(cveid: string)[@"https://feeds.ecrimelabs.net/data/metasploit-cve"] with (format="txt", ignoreFirstRecord=True);
DeviceTvmSoftwareVulnerabilities
| where CveId in~ (MetaSploitExploitsWithAssignedCVE)
| summarize
     TotalVulnerabilities = dcount(CveId),
     Vulnerabilities = make_set(CveId)
     by DeviceName
| sort by TotalVulnerabilities

About this query

Vulnerabilities that have an exploit available in MetaSploit by device


Defender XDR

Explanation

This query is designed to identify and summarize vulnerabilities on devices that have known exploits available in MetaSploit. Here's a simple breakdown of what it does:

  1. Data Source: It pulls a list of CVE IDs (Common Vulnerabilities and Exposures) that have exploits available in MetaSploit from an external source.

  2. Filter Vulnerabilities: It then checks the DeviceTvmSoftwareVulnerabilities table to find vulnerabilities on devices that match the CVE IDs from the MetaSploit list.

  3. Summarize Data: For each device, it counts the total number of unique vulnerabilities (CVE IDs) and creates a list of these vulnerabilities.

  4. Sort Results: Finally, it sorts the devices by the total number of vulnerabilities in ascending order.

In summary, the query identifies devices with vulnerabilities that can be exploited using MetaSploit, counts these vulnerabilities per device, and lists them, sorted by the number of vulnerabilities.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: December 1, 2024

Tables

MetaSploitExploitsWithAssignedCVEDeviceTvmSoftwareVulnerabilities

Keywords

VulnerabilitiesDevicesMetaSploitDefenderXDR

Operators

letexternaldatawithwherein~summarizedcountmake_setbysort by

Actions

GitHub