Rapid 7 InsightVM does not allow few filters to access directly. One of such filters is solution ID. A typical solution ID for a Microsoft patch would look like 'msft-kbXXXXXXX-alphanumeric text'. As we all are aware, patch Tuesday for June month was on 11th. Now, if I want to know the assets missing May month Microsoft patches then I have no option to get this list using standard filters (Why would I want to know this? Because I want to improve my patch compliance).
In such scenarios, SQL queries come to our rescue. There is a specific report template in InsightVM which is based on SQL queries. I can write a SQL query to fetch the list of assets missing a specific KB.
You might be wondering, why can't we just apply filter on 'Vulnerability Solution' column (in report) and get the list? No, we cannot, because for one particular OS, the solution contains all the recently released KBs for all versions of Microsoft OSes. Does not make sense right? Neither to me, I am trying to find out the rationale though.
Please note: You should know the basic concepts of DBMS like fact and dimension table, variety of joins, primary and foreign keys etc. This is where Vulnerability Management overlaps with SQL. Surprised? Remember, we live in a small world :)
Please find the below URL:
https://discuss.rapid7.com/t/sql-query-listing-systems-that-require-specific-kb/27579/2
Happy Learning !!
vulnerabilitymanagement cybersecurity Rapid7
No comments:
Post a Comment