looking for already posted answers about queries can be difficult, so if the answer is out there i apologize.
I am looking for newly discovered assets <16 days and have a critical finding. I have a query that i believe works for the most part except -
the query takes a long time to run > 15 min
i can’t figure out how to detect if the asset itself is newly discovered. which date field would i use
Any guidance is much appreciated. My query -
SELECT da.ip_address AS “IP Address”, dv.title AS “Vuln Title”, dv.description AS “Vuln Description”,
dv.severity_score AS “Severity Score”, dv.date_published AS “Vulnerability Date Published”,
dv.severity AS “Vuln Severity”, dv.exploits AS “Vuln Expoit Count”,fasvi.proof
FROM dim_vulnerability dv
JOIN fact_asset_scan_vulnerability_instance fasvi ON fasvi.vulnerability_id = dv.vulnerability_id
JOIN dim_asset da ON da.asset_id = fasvi.asset_id
JOIN dim_asset_group_asset daga1 ON da.asset_id = daga1.asset_id
where 1=1
AND daga1.asset_group_id = 90
AND dv.cvss_score >= 7
AND “date” > (CURRENT_DATE - INTERVAL ‘15 days’)
limit 40