Hi there. I believe I have posted about this before, but just want to see if anyone had any ideas on this again. What I am looking for is a SQL query that will allow me to determine the amount of risk posed to a device (or all devices) due to a specific software that has vulnerabilities associated with it in IVM. More than likely, this would be used for pieces of software like Adobe Acrobat, Chrome, Edge, etc. We are currently patching all of these software, but of course there are devices that miss the updates/updates fail/etc. What I would like to be able to do is look at a report and see which devices I should be paying the most attention to, or paying my attention to first, because they have the most risk associated with those certain software. Doing this manually is really frustrating, and honestly is a lot of guess-work.
If a device is missing 3 months worth of Chrome Updates, that will contribute significantly more to the risk score of the device than a device that may have only missed one month. Basically a report saying “Hey, this device has 32,000 risk score associated with it due to only vulnerabilities in Java” (not including any other missed patches or vulnerabilities).
Is anyone aware of if this is possible, or am I dreaming of something unrealistic here. Thanks in advance for anyone who may be able to provide some insight!