total noob question that much Googling/Perplexitying/Slack searching hasn't been able to answer: is there any way to write a query in Fleet that returns a list of hosts with software that matches the following conditions: • software has vulnerabilities that can be exploited over the network (

AV:N

in CVSS speak) • said vulnerabilities are actively exploited • software is running as a process • process is listening on a network port on 0.0.0.0 from what i can tell, there isn't a Vulnerabilities-related osquery table to query. so i'd have to run queries for

running processes with listening ports

and then use the Vulnerabilities API to correlate actively exploited vulns with a CVSS metric of

AV:N

to the underlying software basically, trying to create a query for

Emergency vulnerabilities, drop everything you're doing and patch now

You're correct in that there isn't a way to query host's vulnerability data. What I would likely do here is set up a tool (like Tines) to accept the vulnerability webhook and then trigger a set of live queries based on the incoming reports.

Gotcha, thanks!