Query Details

List all the vulnerable devices for the OpenSSL critical vulnerability (nov 2022)

Open SSL Vulnerable Devices

Query

DeviceTvmSoftwareInventory
| where SoftwareName contains "openssl"
| where SoftwareName contains "3.0" or SoftwareVersion contains "3.0"
| project DeviceName, SoftwareName, SoftwareVersion

About this query

List all the vulnerable devices for the OpenSSL critical vulnerability (nov 2022)


Defender XDR

Explanation

This query is designed to identify devices that are potentially vulnerable to a critical OpenSSL vulnerability from November 2022. Here's a simple breakdown of what the query does:

  1. Data Source: It uses data from the DeviceTvmSoftwareInventory table, which contains information about software installed on devices.

  2. Filter Criteria:

    • It looks for software with the name "openssl".
    • It further filters this to find versions that include "3.0" in either the software name or version number.
  3. Output:

    • The query lists the device names along with the specific OpenSSL software name and version installed on them.

In summary, this query helps identify devices running OpenSSL version 3.0, which may be affected by the critical vulnerability, allowing for further investigation or remediation.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: December 1, 2024

Tables

DeviceTvmSoftwareInventory

Keywords

DeviceTvmSoftwareInventoryDeviceNameSoftwareNameSoftwareVersion

Operators

DeviceTvmSoftwareInventorycontainswhereorproject

Actions

GitHub