03-06-2025 04:05 PM
I want to remove all information related to the endpoint "ABC". However, with the following xql query, it only removes cves that are exclusively associated with this endpoint. If a cves is associated with multiple endpoints, the affected_products, affected_hosts, and affected_hosts_count fields still display information related to "ABC".
How should I modify the query so that no information about"ABC" appears in the cves, even if the cves affects multiple endpoints?
MY xql QUERY:
dataset = va_cves
| filter affected_hosts != "ABC"
| filter severity >=low
| filter affected_hosts_count >=1
| fields name as CVE, severity , severity_score ,type as APPLICATION_OPERATINGSYSTEM,description ,affected_products, affected_hosts ,affected_hosts_count,publication_date
|sort desc publication_date
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
