Devices With High Severity CV Es With Exploits Available
Query
DeviceTvmSoftwareVulnerabilities
| join DeviceTvmSoftwareVulnerabilitiesKB on CveId //join gives us isexploitavailable column
| where VulnerabilitySeverityLevel == "High" and IsExploitAvailable == "1" //we want to know where there is a high vulnerability CVE with an exploit available
| summarize make_set(CveId) by DeviceName //create set of cves by deviceExplanation
This query is designed to identify devices with high-severity software vulnerabilities that have known exploits available. Here's a simple breakdown of what it does:
-
Data Source: It starts by looking at two tables:
DeviceTvmSoftwareVulnerabilitiesandDeviceTvmSoftwareVulnerabilitiesKB. -
Joining Tables: It combines these tables based on a common column,
CveId, to access additional information, specifically theIsExploitAvailablecolumn. -
Filtering: It filters the results to only include vulnerabilities that are classified as "High" severity and have an exploit available (
IsExploitAvailableis "1"). -
Summarizing: Finally, it groups the results by
DeviceNameand creates a set of uniqueCveIds (vulnerability identifiers) for each device.
In summary, the query identifies devices that have high-severity vulnerabilities with known exploits and lists the specific vulnerabilities for each device.
Details

Jay Kerai
Released: May 19, 2025
Tables
Keywords
Operators