Is there a SQL query for not scanned with in 30 days

vanessa_villalpando · September 1, 2020, 1:36pm

Just simple query of an asset not scanned with in 30 days or 30 days +

brandon_mcclure · September 1, 2020, 2:48pm

I’m not sure about a SQL query, but this article (https://blog.rapid7.com/2017/07/11/cleaning-house-maintaining-an-accurate-and-relevant-vulnerability-management-program/) talks about creating an Asset Group of devices not scanned in a timeframe, then you could just pull the Assets in that grroup

holly_wilsey · September 1, 2020, 4:24pm

If you just want a query to get assets that haven’t been scanned for vulnerabilities in the past 30 days, you could do something like this:

SELECT host_name, ip_address, mac_address, last_assessed_for_vulnerabilities
FROM dim_asset
WHERE last_assessed_for_vulnerabilities < (current_date - 30)
ORDER BY last_assessed_for_vulnerabilities

If you want all the dim_asset fields rather than just a subset you’d do SELECT * instead.

vanessa_villalpando · September 1, 2020, 5:11pm

Holley YES! Thank you so much this is what i was looking for. I didnt even think about the “assessed” I was thinking last scan date. Thanks again!!