A Useful Field For Identifying Critical CVEs
Security teams are working hard to identify devices/assets with vulnerable software in order to remove those and maintain cyber hygiene. Axonius collects information on vulnerable software from various sources and allows you to get this information efficiently.
Query should show the assets with relevant CVE IDs that were recently identified. The obvious way is using the designated field: "Vulnerable Software: CVE Severity" and required it equals CRITICAL and Last Seen in Last 7 days:
However, this way may make it a bit tricky to identify which CVEs are the critical ones within each asset, since also if you filter "Vulnerable Software: CVE Severity" column for CRITICAL values, you still see all the CVEs IDs that exits on this asset (not all are necessarily Critical):
>> The secret is using "Vulnerable Software" field, which details various properties of the malicious softwares, among them is the severity.
Next steps would be:
- Add to our previous query a query statement for: "Vulnerable Software" exists.
- Add this field as a new column.
- Now if we use the column filter to add a general "Critical" filter to Vulnerable Software Column:
>> We get ONLY the relevant CVEs list per asset (all are CVE Severity: CRITICAL):
Last step may be exporting CSV of this query, which yields a convenient-to-work-with table:
Thanks for reading and Good Luck!