Vulnerability Exceptions

We are being asked by our internal audit department to provide a count of how many vulnerabilities have been excepted by various asset groups. For instance we have an asset group for workstations. Is there a query that would provide a list of what vulnerabilities have been excpepted on this asset group and a count for the number of instances for each vulnerability.

There doesn’t seem to be a good dashboard or way to view what vulnerability exceptions have been applied to what system aside from viewing the asset page of each device

Hopefully this question make some sense.

As a concrete example we have vulnerability exceptions in place for any workstation for the following vulnerabilities but not all workstations will have these vulnerabilities.

Obsolete version of Microsoft MSXML 4

Cisco AnyConnect: CVE-2021-1366: Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability]

Is there a way to get a count of the instances that each of these vulnerabilities have exceptions for on this asset group?

Anyone have any ideas on how to do this? All I really need to do is figure out how many systems have a particular exception applied to them. There has to be some way to get this either via a SQL query or from within the data warehouse.

If I’m correctly understanding the data you need, I think you could do this just by using the dim_vulnerability_exception table. It contains every instance of an exception and you can sort by asset ID or group.

select count(dve.vulnerability_exception_id)
from dim_vulnerability_exception dve
join dim_asset_group dag on dve.group_id = dag.asset_group_id
where dag.name = 'Asset Group Name'