Is it possible to pull a report with vulnerabilities and proof but also the software that is affected?
I know there is the ‘proof’ option, which lists the path of the vulnerable files, but my team is looking specifically for the software & version that is affected in the vulnerability. I.E. VMware for example.
I read about the software_id under dim_asset_software, but was not sure if it was doable when pulling vulnerabilites. I hope this makes sense.
To add to this, I am trying to pull all assets that are vulnerable to Spring4shell CVE-2022-22965 and also pull what specific software on the machine is showing vulnerable.
@timtekk as far as I’m aware there is no link between the vulnerability and the software that is vulnerable to show in a table. So for example there is no link between dim_vulnerability and dim_asset_software where only the applicable software would be displayed in line with vulnerability.
Technically speaking though the Vulnerability itself should tell you what software it applies to.
SELECT
da.ip_address,
da.host_name,
dv.title,
favi.proof
FROM dim_asset da
JOIN fact_asset_vulnerability_instance favi ON da.asset_id=favi.asset_id
JOIN dim_vulnerability dv ON favi.vulnerability_id=dv.vulnerability_id
@timtekk the above query is essentially what you were referring to just without the software component. However the proof itself should tell you the software that is vulnerable which should achieve what you are looking for.