Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available
| Attribute | Value |
|---|---|
| Category | MDE |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✓ Yes |
| Azure Monitor Tables Reference | View Documentation |
| Defender XDR Advanced Hunting Schema | View Documentation |
| Azure Monitor Logs Ingestion API | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AffectedSoftware | dynamic | List of all software products affected by the vulnerability. |
| CveId | string | Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system. |
| CvssScore | real | Severity score assigned to the security vulnerability under the Common Vulnerability Scoring System (CVSS). |
| IsExploitAvailable | bool | Indicates whether exploit code for the vulnerability is publicly available. |
| LastModifiedTime | datetime | Date and time the item or related metadata was last modified. |
| PublishedDate | datetime | Date vulnerability was disclosed to the public. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time when the record was generated. |
| Timestamp | datetime | Date and time when the record was generated |
| Type | string | The name of the table |
| VulnerabilityDescription | string | Description of the vulnerability and associated risks. |
| VulnerabilitySeverityLevel | string | Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape. |
This table is used by the following solutions:
In solution Microsoft Defender XDR:
| Hunting Query | Selection Criteria |
|---|---|
| Detect CISA Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities |
GitHub Only:
| Hunting Query | Selection Criteria |
|---|---|
| Detect CISA Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities | |
| fireeye-red-team-tools-CVEs [Nobelium] |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊