Is there a way to create a SLA and or a Query in Query buildewr for a solution? Something similiar to 2025-02 Cumulative Update for Microsoft Windows** ? We are in the process of building SLAs within our organization and we have a seperate team who manages patch management when it comes to monthly cummaltive updates. However, when you query something like this:
vulnerability.datePublished BETWEEN 2025-02-11T00:00:00 AND 2025-02-11T23:59:59 && vulnerability.categories IN [‘microsoft’] . This gives to much technology like IE, SQL server, Edge, Office products, out of bands etc. We attempted to perform && vulnerability.categories NOT IN [‘microsoft edge’, ‘microsoft office’, ‘microsoft internet explorer’, ‘microsoft out-of-band’] but still it gets messy.
Ideally it would be ideal to be explicit to be able to run a query that states published date (patch tuesday), Publisher is microsoft, and the solution is 2025-02 Cumulative Update for Microsoft Window**. This would be ideal. Any thoughts
Try this, has been working for me:
vulnerability.datePublished BETWEEN 2025-02-11T00:00:00 AND 2025-02-11T23:59:59 && vulnerability.categories IN [‘microsoft’] && vulnerability.categories NOT IN [‘microsoft out-of-band’] && asset.os.vendor = ‘microsoft’
Great let me try this. I did try something similiar because i want to make sure not to include office, ie, edge, net, office and other patches that do not come down from the monthly cummatlive then branch out to the monthly sub microsoft products. The main SLA we got approved is for the Microsoft operating system cummatlive so i need the numbers defined to just the cummative
This query will still give you office products, but that is an easy one to query out. We do all our SLA in the same query so that is why it is still included. Just an FYI
Hi,
currently there is no way to search for a secific solution in query builder.
We had a similar challenge and we opened a case to find a solution with Rapid7 support. The result is, that it is not possible to search for a specific solution, but our case was linked to an existing engineering ticket.
Perhaps it would be a good idea to also open a case and show that the search for specific solution is an important function.
I am happy to understand others have experienced this scenario/workflow when running SLAs. You would think this would be possible for thisi exact scenario. Due to our patching SLAs especially with Cummaltive zero days we need to be able to perform this query for executive leadership. I can continue down this road vulnerability.categories NOT IN [‘microsoft edge’, ‘microsoft office’, ‘microsoft internet explorer’, ‘microsoft out-of-band’] butif there is a new category or things change it would affect the compliance.