Consulta de muestra: informes de vulnerabilidad de CVE
La vista SecurityControls proporciona acceso a los datos de la base de datos de Security Controls de Ivanti pero no está disponible en los informes predefinidos. Esta sección proporciona consultas de muestra que describen cómo hacer referencia a una vista SecurityControls.
Consulta
Este es un informe de vulnerabilidad de CVE que mostrará el nombre de CVE y el número de equipos que se ven afectados debido a un parche ausente en el último análisis de parches.
Copiar
SELECT
cve.[Name] AS [CVE Name],
cve.[Id] AS [CVE ID],
patch.[Bulletin] AS [Bulletin Id],
patch.[QNumber] AS QNumber,
COUNT( DISTINCT machine.[Id]) AS [Machines Missing Count]
FROM
[Reporting2].[Machine] AS machine
INNER JOIN
[Reporting2].[AssessedMachineState] AS latestAssessedMachineState ON
latestAssessedMachineState.[machineId] = machine.[Id] AND
latestAssessedMachineState.[Id] = machine.[LastAssessedMachineStateId]
INNER JOIN
[Reporting2].[DetectedPatchState] AS detectedPatchState ON
detectedPatchState.[AssessedMachineStateId] = latestAssessedMachineState.[Id]
INNER JOIN
[Reporting2].[InstallState] AS installState ON
installState.[Id] = detectedPatchState.[InstallStateId]
INNER JOIN
[Reporting2].[Patch] AS patch ON
patch.[Id] = detectedPatchState.[PatchId]
INNER JOIN
[Reporting2].[PatchAppliesTo] AS patchAppliesTo ON
patchAppliesTo.[PatchId] = patch.[Id]
INNER JOIN
[Reporting2].[Cve] AS cve ON
cve.[Id] = patchAppliesTo.[CveId]
WHERE
/* Id 4 indicates a missing patch */
installState.[Id] = 4
GROUP BY
cve.[Name],
cve.[Id],
patch.[Bulletin],
patch.[QNumber];