The below Surface Command query can highlight critical, exploitable, but fixable CVE findings on your Assets:
MATCH (a:Machine)-->(v:Vulnerability)-->(c:CisaKnownExploitedVulnerability)
WHERE SINCE(a.endpoint_last_seen, "DAYS") <= 30
AND v.severity = "Critical"
AND v.`FirstEpssVulnerability:epss_number` >= 0.7
AND c.has_resolution = True
RETURN DISTINCT
a.name,
a.asset_class,
a.operating_system AS OS,
c.id AS CVE,
c.shortDescription,
v.severity,
v.`FirstEpssVulnerability:epss_number`,
SPLIT(TOSTRING(DATE(c.published)), "T")[0] AS Published,
SPLIT(TOSTRING(DATE(c.duedate)), "T")[0] AS Due,
c.requiredAction
Tuning the values in the WHERE clause to match your organization’s needs will help identify assets/CVEs that are fixable today.
You can then use the output to generate a dashboard like this:
