List all the vulnerable devices for the OpenSSL critical vulnerability (nov 2022)
Open SSL Vulnerable Devices
Query
DeviceTvmSoftwareInventory
| where SoftwareName contains "openssl"
| where SoftwareName contains "3.0" or SoftwareVersion contains "3.0"
| project DeviceName, SoftwareName, SoftwareVersionAbout this query
List all the vulnerable devices for the OpenSSL critical vulnerability (nov 2022)
Defender XDR
Explanation
This query is designed to identify devices that are potentially vulnerable to a critical OpenSSL vulnerability from November 2022. Here's a simple breakdown of what the query does:
-
Data Source: It uses data from the
DeviceTvmSoftwareInventorytable, which contains information about software installed on devices. -
Filter Criteria:
- It looks for software with the name "openssl".
- It further filters this to find versions that include "3.0" in either the software name or version number.
-
Output:
- The query lists the device names along with the specific OpenSSL software name and version installed on them.
In summary, this query helps identify devices running OpenSSL version 3.0, which may be affected by the critical vulnerability, allowing for further investigation or remediation.
Details

Bert-Jan Pals
Released: December 1, 2024
Tables
DeviceTvmSoftwareInventory
Keywords
DeviceTvmSoftwareInventoryDeviceNameSoftwareNameSoftwareVersion
Operators
DeviceTvmSoftwareInventorycontainswhereorproject