範例查詢: CVE 弱點報告

SecurityControls 檢視會提供對 Ivanti Security Controls 資料庫中資料的存取權,但是在預先定義的報告中無法使用。 本節將以範例查詢說明如何參考 SecurityControls 檢視。

查詢

這份 CVE 弱點報告將顯示 CVE 名稱,以及有多少部電腦的最近一次修補程式掃描發現缺少修補程式而受影響。

複製
SELECT
    cve.[Name] AS [CVE Name],
    cve.[Id] AS [CVE ID],
    patch.[Bulletin] AS [Bulletin Id],
    patch.[QNumber] AS QNumber,
COUNT( DISTINCT machine.[Id]) AS [Machines Missing Count]
FROM
    [Reporting2].[Machine] AS machine
INNER JOIN
    [Reporting2].[AssessedMachineState] AS latestAssessedMachineState ON
    latestAssessedMachineState.[machineId] = machine.[Id] AND
    latestAssessedMachineState.[Id] = machine.[LastAssessedMachineStateId]
INNER JOIN
    [Reporting2].[DetectedPatchState] AS detectedPatchState ON
    detectedPatchState.[AssessedMachineStateId] = latestAssessedMachineState.[Id]
INNER JOIN
    [Reporting2].[InstallState] AS installState ON
    installState.[Id] = detectedPatchState.[InstallStateId]
INNER JOIN
    [Reporting2].[Patch] AS patch ON
    patch.[Id] = detectedPatchState.[PatchId]
INNER JOIN
    [Reporting2].[PatchAppliesTo] AS patchAppliesTo ON
    patchAppliesTo.[PatchId] = patch.[Id]
INNER JOIN
    [Reporting2].[Cve] AS cve ON
    cve.[Id] = patchAppliesTo.[CveId]
WHERE
    /* Id 4 indicates a missing patch */
    installState.[Id] = 4
GROUP BY
    cve.[Name],
    cve.[Id],
    patch.[Bulletin],
    patch.[QNumber];