SQL示例-新的和修复的漏洞
这个示例查询显示了漏洞和趋势数据,并提供了一种简单的方法来比较最近两次扫描(当前的和以前的)的漏洞级别。
结果包括两种类型的漏洞:新漏洞(存在于当前扫描,但未在以前扫描)和修复漏洞(存在于以前扫描,但未在当前扫描)。
列包括:IP地址,主机名,状态(补救或新的),以前的扫描日期/时间,当前扫描日期/时间,漏洞ID,漏洞标题,CVSS,风险评分,恶意软件套件的#,Metasploit模块的#和ExploitDB模块的#。
sql
1与assets_vulns作为(23.选择45fasv.asset_id,67fasv.vulnerability_id,89baselineComparison(fasv.scan_id,current_scan)作为基线,1011年代.baseline_scan,1213年代.current_scan1415从1617fact_asset_scan_vulnerability_instance fasv1819加入(20.21选择2223asset_id,2425previousScan(asset_id)作为baseline_scan,2627lastScan(asset_id)作为current_scan2829从30.31dim_asset3233)年代在年代.asset_id=fasv.asset_id3435和(3637fasv.scan_id=年代.baseline_scan3839或fasv.scan_id=年代.current_scan4041)4243集团通过4445fasv.asset_id,4647fasv.vulnerability_id,4849年代.baseline_scan,5051年代.current_scan5253有5455(5657baselineComparison(fasv.scan_id,current_scan)=“相同”5859)6061或(6263baselineComparison(fasv.scan_id,current_scan)=“新”6465)6667或(6869baselineComparison(fasv.scan_id,current_scan)=“老”7071)7273),7475baseline_scan_date作为(7677选择7879av.asset_id,8081完成了8283从assets_vulns av8485左加入dim_scan ds在ds.scan_id=av.baseline_scan8687集团通过av.asset_id,完成了8889),90919293current_scan_date作为(9495选择9697av.asset_id,9899完成了One hundred.101从assets_vulns av102103左加入dim_scan ds在ds.scan_id=av.current_scan104105集团通过av.asset_id,完成了106107),108109new_vulns作为(110111选择112113av.asset_id,114115av.vulnerability_id,116117数(av.vulnerability_id)作为new_vulns118119从120121assets_vulns作为av122123在哪里124125av.基线=“新”126127集团通过128129av.asset_id,130131av.vulnerability_id132133),134135remediated_vulns作为(136137选择138139av.asset_id,140141av.vulnerability_id,142143数(av.vulnerability_id)作为remediated_vulns144145从146147assets_vulns作为av148149在哪里150151av.基线=“老”152153集团通过154155av.asset_id,156157av.vulnerability_id158159160161),162163vuln_exploit_count作为(164165选择166167情况下当ec1.vulnerability_id是不零然后ec1.vulnerability_id其他的ec2.vulnerability_id结束作为vulnerability_id,metasploit,exploitdb168169从170171(选择172173av.vulnerability_id,174175数(dve.源)作为metasploit176177从assets_vulns av178179加入dim_vulnerability_exploit dve在av.vulnerability_id=dve.vulnerability_id180181在哪里dve.源=Metasploit的182183集团通过184185av.vulnerability_id186187)ec1188189190191完整的加入192193194195(选择196197av.vulnerability_id,198199数(dve.源)作为exploitdb200201从assets_vulns av202203加入dim_vulnerability_exploit dve在av.vulnerability_id=dve.vulnerability_id204205在哪里dve.源=利用数据库的206207集团通过208209av.vulnerability_id210211)ec2212213214215在ec2.vulnerability_id=ec1.vulnerability_id216217)218219220221选择222223“矫正”作为状态,224225da1.ip_address作为ip_address,226227da1.host_name作为主机名,228229bsd.完成了作为baseline_scan_datetime,230231csd.完成了作为current_scan_datetime,232233dv1.vulnerability_id,234235dv1.标题,236237投(dv1.cvss_score作为小数(10,2))作为cvss_score,238239投(dv1.riskscore作为小数(10,0))作为riskscore,240241dv1.malware_kits,242243情况下当vec.metasploit是零然后0其他的vec.metasploit结束作为metasploit,244245情况下当vec.exploitdb是零然后0其他的vec.exploitdb结束作为exploitdb246247从248249remediated_vulns房车250251加入dim_asset da1在da1.asset_id=房车.asset_id252253左加入baseline_scan_date bsd在bsd.asset_id=da1.asset_id254255左加入current_scan_date csd在csd.asset_id=da1.asset_id256257加入dim_vulnerability dv1在dv1.vulnerability_id=房车.vulnerability_id258259左加入vuln_exploit_count vec在vec.vulnerability_id=房车.vulnerability_id260261262263联盟所有264265266267选择268269“新”作为状态,270271da2.ip_address作为ip_address,272273da2.host_name作为主机名,274275bsd.完成了作为baseline_scan_datetime,276277csd.完成了作为current_scan_datetime,278279dv2.vulnerability_id,280281dv2.标题,282283投(dv2.cvss_score作为小数(10,2))作为cvss_score,284285投(dv2.riskscore作为小数(10,0))作为riskscore,286287dv2.malware_kits,288289情况下当vec.metasploit是零然后0其他的vec.metasploit结束作为metasploit,290291情况下当vec.exploitdb是零然后0其他的vec.exploitdb结束作为exploitdb292293从294295new_vulns nv296297加入dim_asset作为da2在da2.asset_id=nv.asset_id298299左加入baseline_scan_date bsd在bsd.asset_id=da2.asset_id300301左加入current_scan_date csd在csd.asset_id=da2.asset_id302303加入dim_vulnerability dv2在dv2.vulnerability_id=nv.vulnerability_id304305左加入vuln_exploit_count vec在vec.vulnerability_id=nv.vulnerability_id306307订单通过状态DESC,ip_address,主机名,标题
这个页面对你有帮助吗?