Hi,
I’m trying to get an export of vulnerabilities with extra info like cvss, proof, remediation steps, etc using the query below, and i have tested it with one asset and it doesn’t give me the same vulnerabilities i see when i go on the asset page in the console. I have no fiters applied when i run the query so i’m not sure what can be failing. Anyone seen anything like this before? (i added a big number on the topN remediations just to make sure --there aren’t really 10000 solutions)
SELECT distinct
ds.summary AS “Solution Summary”,
proofAsText(ds.fix) AS “Solution Steps”,
da.host_name AS “Host Name”,
da.ip_address AS “IP Address”,
dos.description as “operating system”,
dv.cvss_v3_score as “CVSS V3”,
dv.cvss_score AS “CVSS”,
dv.severity AS “Severity”,
fr.vulnerabilities_with_malware_kit as “Vulnerabilities that can be exploited with malware kit”,
fr.vulnerabilities_with_exploit as “Vulnerabilities that can be exploited with a published exploit module”,
round(fr.riskscore) as Risk,
dvr.vulnerability_id AS “Vulnerability ID”,
proofastext(fasv.proof) as “proof”,
cast(to_char((last_assessed_for_vulnerabilities)::TIMESTAMP, ‘dd/mm/yyyy’) as varchar) as last_assessed_for_vulnerabilities
FROM
fact_remediation(10000, ‘riskscore DESC’) AS fr
JOIN dim_solution AS ds ON fr.solution_id = ds.solution_id
JOIN dim_asset_vulnerability_solution davs ON fr.solution_id = davs.solution_id
JOIN dim_vulnerability dv USING (vulnerability_id)
JOIN dim_asset AS da ON davs.asset_id = da.asset_id
JOIN dim_vulnerability_category dvc USING (vulnerability_id)
JOIN dim_vulnerability_reference dvr USING (vulnerability_id)
JOIN dim_operating_system dos USING (operating_system_id)
join fact_asset_scan_vulnerability_instance fasv using (vulnerability_id)
thanks