Assets with the most Risk due to a certain software

Hi there. I believe I have posted about this before, but just want to see if anyone had any ideas on this again. What I am looking for is a SQL query that will allow me to determine the amount of risk posed to a device (or all devices) due to a specific software that has vulnerabilities associated with it in IVM. More than likely, this would be used for pieces of software like Adobe Acrobat, Chrome, Edge, etc. We are currently patching all of these software, but of course there are devices that miss the updates/updates fail/etc. What I would like to be able to do is look at a report and see which devices I should be paying the most attention to, or paying my attention to first, because they have the most risk associated with those certain software. Doing this manually is really frustrating, and honestly is a lot of guess-work.

If a device is missing 3 months worth of Chrome Updates, that will contribute significantly more to the risk score of the device than a device that may have only missed one month. Basically a report saying “Hey, this device has 32,000 risk score associated with it due to only vulnerabilities in Java” (not including any other missed patches or vulnerabilities).

Is anyone aware of if this is possible, or am I dreaming of something unrealistic here. Thanks in advance for anyone who may be able to provide some insight!

you should be able to do this in the TOP 25 REPORT PDF, or the TOP 10 HOST by RISK, are you wanting that TOP 25 Remediation or TOP 10 Hosts by RISK converted to a SQL query for a CSV export in the same TOP 25 manner?

Natively the Top 10 Assets by Vulnerability Risk PDF report can do this, then you just go in to your vulnerability filters and select or unselect what you want.

Thank you so much… I cannot believe I spent this much time looking around and never had noticed the “Include Specific” filter in the “Top 10 Assets By Vulnerability Risk” PDF report…

Once again, thank you!

1 Like