How to query for Vulnerability Assessment Data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to query for Vulnerability Assessment Data

L1 Bithead

I would like to query XDR externally for the data stored in the Host Insights > Vulnerability Assessment page. 

 

I looked through all of the available APIs, but none of them seem to have data related to CVEs. I would not be opposed to writing a custom XQL query for this data, but I do not see fields related to CVE's in the xdr_data schema either.. is it in there somewhere and I just missed it? 

 

I know I can manually export the data to file on the page, but I need to accomplish this programmatically. 

 

Any tips on how I could go about extracting this data?

3 REPLIES 3

L3 Networker

Hi @JamesWiggins ,

 

Thanks for posting to our Live Community discussion board. At the moment information about CVE is only available inside the UI (via export function). As an alternative you can create a custom dataset containing the vulnerabilities in the CSV format and be able to map it against other datasets.

 

Let me know if you got any questions or concerns!

 

Thanks,

Silviu

 

Thanks,

Silviu

Silviu-Mihail Dascalu

Thanks for the reply! Can you elaborate on what you mean by "create a custom dataset"?

Are you talking about just using the export function to create a CSV? 

I think he means you can upload it as a lookup.  

 

https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dtrh-finding-new-xql-fields-and-joining-...

 

BR

 

Rob

  • 2992 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!