Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey all, great improvements in the latest Fleet version :tada::partyparrot: I was wondering is there a way at this moment to search based on CVE? I saw that future versions might hold this feature but I was wondering if there is a workaround I can use at this moment.

Hi SK! Let me check with the team and I'll get back to you.

&gt;  I was wondering is there a way at this moment to search based on CVE?
Do you mean to filter the vulnerable detected software by some CVE entered by the user?

E.g. "of all the vulnerable software only list those affected by CVE-X-Y"

Hey SK, the ability to search by CVE is tracked in the following GitHub issue here: <https://github.com/fleetdm/fleet/issues/2814>

The ability to search for a specific CVE is planned for an upcoming release of Fleet.

Hey <@U02J4JCKDL2> Yes the idea is, to filter the vulnerable software based on CVE that is detected

Hey <@U01DUNSE2AU> I indeed saw this one but was not clear for me what the timeframe would be, that is why I was thinking on a workaround for now

&gt; was not clear for me what the timeframe would be
Ah. This improvement will likely be added in early to late Feb 2022 (~1.5-2 months)

One way to workaround this is to use the `fleetctl get hosts`  and some script to process the JSON (or YAML) data.

In my local test I did:
```fleetctl get hosts $my_test_hostname &gt; test.txt

# In test.txt I found the following (the test host has a sqlite version that has a CVE):

  - generated_cpe: cpe:2.3:a:sqlite:sqlite:3.36.0:*:*:*:*:*:*:*
    id: 398
    name: sqlite
    source: homebrew_packages
    version: 3.36.0
    vulnerabilities:
    - cve: CVE-2021-36690
      details_link: <https://nvd.nist.gov/vuln/detail/CVE-2021-36690>```

Ow that is a great idea <@U02J4JCKDL2> thanks.

It seems to only work when querying individual hosts and not all at once...

Figured it out, not host based but if I retrieve the software list in json format I also get all the CVE's