Consulta de muestra: informes de vulnerabilidad de CVE

La vista SecurityControls proporciona acceso a los datos de la base de datos de Security Controls de Ivanti pero no está disponible en los informes predefinidos. Esta sección proporciona consultas de muestra que describen cómo hacer referencia a una vista SecurityControls.

Consulta

Este es un informe de vulnerabilidad de CVE que mostrará el nombre de CVE y el número de equipos que se ven afectados debido a un parche ausente en el último análisis de parches.

Copiar
SELECT
    cve.[Name] AS [CVE Name],
    cve.[Id] AS [CVE ID],
    patch.[Bulletin] AS [Bulletin Id],
    patch.[QNumber] AS QNumber,
COUNT( DISTINCT machine.[Id]) AS [Machines Missing Count]
FROM
    [Reporting2].[Machine] AS machine
INNER JOIN
    [Reporting2].[AssessedMachineState] AS latestAssessedMachineState ON
    latestAssessedMachineState.[machineId] = machine.[Id] AND
    latestAssessedMachineState.[Id] = machine.[LastAssessedMachineStateId]
INNER JOIN
    [Reporting2].[DetectedPatchState] AS detectedPatchState ON
    detectedPatchState.[AssessedMachineStateId] = latestAssessedMachineState.[Id]
INNER JOIN
    [Reporting2].[InstallState] AS installState ON
    installState.[Id] = detectedPatchState.[InstallStateId]
INNER JOIN
    [Reporting2].[Patch] AS patch ON
    patch.[Id] = detectedPatchState.[PatchId]
INNER JOIN
    [Reporting2].[PatchAppliesTo] AS patchAppliesTo ON
    patchAppliesTo.[PatchId] = patch.[Id]
INNER JOIN
    [Reporting2].[Cve] AS cve ON
    cve.[Id] = patchAppliesTo.[CveId]
WHERE
    /* Id 4 indicates a missing patch */
    installState.[Id] = 4
GROUP BY
    cve.[Name],
    cve.[Id],
    patch.[Bulletin],
    patch.[QNumber];