Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home KQL

KQL to Help Identify Systems Patched for CVE-2020-1350

Azure Sentinel News Editor by Azure Sentinel News Editor
December 30, 2020
in KQL
0
Microsoft is quietly becoming a cybersecurity powerhouse
4.9kViews
723 Shares Share on Facebook Share on Twitter

On Tuesday, July 14th, we released an alert and guidance on a potentially impactful Windows DNS Server Remote Code Execution Vulnerability. See: CVE-2020-1350

If you’re using Azure Sentinel, Intune, or any other service that can take advantage of KQL to sift through a Log Analytics Workspace (LAW), the following KQL query can help identify those systems that have been patched against CVE-2020-1350.

Don’t have the Update table? The Update table that is being queried gets exposed through Azure Automation. Read about that here: Azure Automation Docs

//Looking for Installed KBIDs
Update
| where KBID == "4565511" or KBID == "4558998" or KBID == "4565483" or KBID == "4565503"
| distinct Computer, Product, KBID

Download the query from GitHub: https://github.com/rod-trent/SentinelKQL/blob/master/LookingforInstalledKBIDs.txt

This particularly query looks for current Windows systems, i.e., Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server, version 1909 (Server Core installation), and Windows Server, version 2004 (Server Core installation).

If you need to identify other OS’s and OS versions, replace the KBID filter strings with your own specific content using the table in the advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

This query requires that the OMS/Log Analytics agent is installed on the system and configured to deliver data to the specific LAW you are querying against. All of my Azure VMs and on-premises systems point to the LAW for my Azure Sentinel instance.

Reference:https://azurecloudai.blog/2020/07/15/kql-to-help-identify-systems-patched-for-cve-2020-1350/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
KQL

New Azure Sentinel Learning Modules Released

February 1, 2021
What’s new: Microsoft Teams connector in Public Preview
KQL

How to Connect the New Intune Devices Log Azure Sentinel

January 26, 2021
What’s new: Microsoft Teams connector in Public Preview
KQL

How to Create a Backup Notification in the Event an Unauthorized User Accesses Azure Sentinel

January 11, 2021
Next Post
Vectra AI and Microsoft partner on security integration

Visualizing Azure Sentinel Billable Data by Solution and Data Type

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

Locate all the Preview Goodies in Your Azure Sentinel Console

RiskIQ Joins Microsoft Intelligent Security Association

New Reference Workbooks for Azure Sentinel

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Mimecast® Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

The Insight and Microsoft partnership offers clients access to powerful IoT solutions, cloud capabilities and managed services

3 months ago
What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

5 months ago
odix joins MISA program and integrates its FileWall with Microsoft Azure Sentinel

odix joins MISA program and integrates its FileWall with Microsoft Azure Sentinel

3 months ago
New Azure VMware Solution now generally available in Asia

Azure Sentinel Sigma and SOC Prime Integration (Part 1): Convert Sigma rules to Azure Sentinel

3 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Replay Now Available – Microsoft Security Insights 036: Azure Sentinel with Rod Trent

Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

Trending

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
IR

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

by Azure Sentinel News Editor
February 22, 2021
0

The Azure Sentinel product group continues to crank out new Data Connector after new Data Connector. There...

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021
What’s new: Microsoft Teams connector in Public Preview

New Search Capability for Azure Sentinel Incidents

February 16, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

February 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021
  • New Items of Note on the Azure Sentinel GitHub Repo February 18, 2021
  • Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation February 17, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News