Query Details

Lookup vulnerability information based on a CveID

Cve Lookup

Query

let CVE = "CVE-2022-3602"; // Add your CVEid here
DeviceTvmSoftwareVulnerabilities
| where CveId == CVE
| summarize VulnerableDevices = make_set(DeviceName) by CveId
| join kind=innerunique DeviceTvmSoftwareVulnerabilitiesKB on CveId
| extend TotalDevices = array_length(VulnerableDevices)
| project TotalDevices, CveId, VulnerabilitySeverityLevel, CvssScore, VulnerabilityDescription, VulnerableDevices

About this query

Lookup vulnerability information based on a CveID


Defender XDR

Explanation

This query is designed to find information about a specific software vulnerability identified by a CVE ID (Common Vulnerabilities and Exposures ID) using Microsoft Defender XDR data. Here's a simple breakdown of what the query does:

  1. Define the CVE ID: It starts by setting a specific CVE ID (in this case, "CVE-2022-3602") to search for.

  2. Filter Vulnerabilities: It looks through the DeviceTvmSoftwareVulnerabilities table to find entries that match the specified CVE ID.

  3. Identify Vulnerable Devices: It collects a list of device names that are vulnerable to this CVE and groups them by the CVE ID.

  4. Join with Knowledge Base: It combines this information with additional details from the DeviceTvmSoftwareVulnerabilitiesKB table, which contains more comprehensive information about each vulnerability.

  5. Calculate Total Devices: It calculates the total number of unique devices that are vulnerable to this CVE.

  6. Select Relevant Information: Finally, it selects and displays the total number of vulnerable devices, the CVE ID, the severity level of the vulnerability, its CVSS score (a standard for assessing the severity of vulnerabilities), a description of the vulnerability, and the list of vulnerable devices.

In summary, this query helps you understand how many devices are affected by a specific vulnerability, along with detailed information about the vulnerability itself.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: January 18, 2026

Tables

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB

Keywords

DeviceTvmSoftwareVulnerabilitiesCveIdNameVulnerabilitySeverityLevelCvssScoreDescription

Operators

letwheresummarizemake_setbyjoinkind=inneruniqueonextendarray_lengthproject

Actions

GitHub