Hello all. I’m working to export a csv with critical vulns to be imported into automox. I’ve taken the suggested sql and modified a bit so I can ensure accuracy first. One thing I’m noticing is that the query is only pulling Windows assets from a site that contains Windows and Linux assets. Why would that be? I’m filtering for OS related criticals only, so Microsoft and RHEL related patches on the vulnerability filter. I know for a fact by going into the site and looking at a couple of rhel assets that they have at least one critical out there, yet they do not dump into the sql.
select dim_operating_system.description as OS, da.host_name as hostname, dvf.reference as “cve id”, dv.severity as “Severity”
FROM fact_asset_vulnerability_finding favf
JOIN dim_vulnerability_reference dvf ON dvf.vulnerability_id = favf.vulnerability_id
JOIN dim_vulnerability dv ON favf.vulnerability_id = dv.vulnerability_id
JOIN dim_asset da ON da.asset_id = favf.asset_id
JOIN dim_asset_operating_system daos ON daos.asset_id = da.asset_id
JOIN dim_operating_system ON dim_operating_system.operating_system_id = daos.operating_system_id
WHERE dvf.source = ‘CVE’ and dv.severity = ‘Critical’
I would assume if the others aren’t filtering in it has something to do with the below portion.
While that doesn’t specifically ONLY include Windows vulnerabilities, it’s possible for those other assets you’re trying to get that their critical vulns don’t have a CVE reference or something to that nature. You can certainly play with some other queries to specifically target those assets and the applicable vulnerabilities to see what all references they have. Typically speaking, a Linux asset could have all kinds of references for a vulnerability in regards to the source.
Interesting. So it is an automox problem then for giving a bad query? The basics came from this page, I just added to it because I saw something wasn’t right
No, the query itself is fine. I’m referring to the Linux vulnerabilities on the assets that you’re specifying. I would assume the assets themselves don’t have any vulnerabilities that have a CVE reference if you’re looking at a small scope.