List of Vulnerabilities resource/widget

This is a custom query that will list the vulnerabilities matched against the currently viewed node.
The CVE is linked to /apps/secobs/vulnerability/cve/, from where you can navigate to NVD on NIST to see additional vulnerability details.
Scoring is based on CVSS 3.0.

Requirements:

You need HCO Advanced, which includes Security Observability. You will also need to setup CVE Data and Node matching settings found under hco_url/.../settings

Custom SWQL Query:

SELECT TOP 1000
    CveId AS [CVE]
    ,CveLink AS [_LinkFor_CVE]
    ,Score
    ,CASE Severity
        WHEN 4 THEN 'Critical'
        WHEN 3 THEN 'High'
        WHEN 2 THEN 'Medium'
        WHEN 1 THEN 'Low'
        WHEN 0 THEN 'None'
        ELSE ToString(Severity)
    END AS [Severity]
    ,Description
FROM Orion.SecObs.Vulnerabilities.LastMatching.Result
WHERE NodeID = '${NodeID}'
ORDER BY Score DESC

Search SWQL Query:

SELECT TOP 1000
    CveId AS [CVE]
    ,CveLink AS [_LinkFor_CVE]
    ,Score
    ,CASE Severity
        WHEN 4 THEN 'Critical'
        WHEN 3 THEN 'High'
        WHEN 2 THEN 'Medium'
        WHEN 1 THEN 'Low'
        WHEN 0 THEN 'None'
        ELSE ToString(Severity)
    END AS [Severity]
    ,Description
FROM Orion.SecObs.Vulnerabilities.LastMatching.Result
WHERE NodeID = '${NodeID}'
AND CveId LIKE '%${SEARCH_STRING}%'
ORDER BY Score DESC

Find more posts tagged with

secobs

List of Vulnerabilities

List of Vulnerabilities resource

Comments

Jovetic1981

Thanks for this.