Easiest way to pull a list of Obsolete Software and OS's

tpeters · February 22, 2024, 8:27pm

Hello!

I was just curious if anyone has an easy way to find and export a list of Obsolete Software. I am able to create a report of assets that have obsolete software, but it also exports the list of other vulnerabilities those assets have.

Thanks!

sgroeneveld · February 23, 2024, 8:46pm

Same joys here; I have a task in place to do this through ICON and https://endoflife.date/ API

Including a workflow to inform the owners that something becomes EOL so they can prepare. This is impossible with Kafka, but better something than nothing of course.

rrdias · February 27, 2024, 6:37pm

There is an Obsolete OS and Obsolete Software SQL query that maybe of use to you on the Rapid7 GitHub

mmusgrove · February 28, 2024, 8:43pm

Most of the queries in that repo have not worked for me. Some won’t even validate which is fine, I won’t try them but some of them do validate (like the two you mentioned) and then they end up failing with no indication of what is wrong. You simply get this error:

Error: The query is invalid.

Character: 0

For the two you mentioned, it turned out to be fairly simple to figure out but only because I have used PostgreSQL for a while now. Just remove the spaces around the :: cast operator. Now to figure out why the Obsolete Software query returns results but the Obsolute OS query does not…

rrdias · February 28, 2024, 8:58pm

So Iran into that and the mistake I was making was including the description text. only include the query text

example - exclude the comment text above the select statment
– Two column report with OS and asset count
– Copy the SQL query below
select
dos.name || ’ - ’ || version os_version,
count(distinct favf.asset_id)
from
fact_asset_vulnerability_finding favf
JOIN dim_vulnerability_category dvc using (vulnerability_id)
JOIN dim_asset da USING (asset_id)
JOIN dim_asset_operating_system daos using (asset_Id)
JOIN dim_operating_system dos on dos.operating_system_Id = daos.operating_system_id
where
dvc.category_name = ‘Obsolete OS’
group by
dos.name || ’ - ’ || version
order by
count(distinct favf.asset_id) desc

bobsledtedd · February 29, 2024, 8:54pm

This is intriguing. Can you provide more technical details around your approach?

aahuja · February 29, 2024, 9:14pm

There is an inbuilt-dashboard card that I use and then expand out of there if it helps.