can I start a query in AssetView to find all active vulnerabilities? And can I combine this search with the date when the QID had been found?
Here is a sample query that you may find useful:
Put this query in AssetView:
vulnerabilities.vulnerability.cveIds:CVE-2017-13077 or vulnerabilities.vulnerability.cveIds:CVE-2017-13078 or vulnerabilities.vulnerability.cveIds:CVE-2017-13079 or vulnerabilities.vulnerability.cveIds:CVE-2017-13080 or vulnerabilities.vulnerability.cveIds:CVE-2017-13081 or vulnerabilities.vulnerability.cveIds:CVE-2017-13082 or vulnerabilities.vulnerability.cveIds:CVE-2017-13084 or vulnerabilities.vulnerability.cveIds:CVE-2017-13086 or vulnerabilities.vulnerability.cveIds:CVE-2017-13087 or vulnerabilities.vulnerability.cveIds:CVE-2017-13088
Above are the CVEs for KRACK issue. But it is a good example and should return all assets with one or more QIDs that are attributable to any of the CVEs.
Now for the Severity 4/5 issue try:
tags.name:`REDACTED` and vulnerabilities.typeDetected:"Confirmed" and vulnerabilities.vulnerability.severity:[4 ... 5]
In this query we look for all assets with the tag name exactly; that is what the ` means according to the documentation. Then we only want the CONFIRMED vulnerabilities not the potential or informational items. Then for the severity I gave a range. You could change it too vulnerabilities.vulnerability.severity: [3 ... 5] to get the assets with a severity of 3 or greater.
Last part of your question was the date a QID was found. I think your looking for something like, show me all assets with a confirmed vulnerability of Severity 4 or greater found in the last 30 days as an example.
vulnerabilities.typeDetected:"Confirmed" and vulnerabilities.vulnerability.severity:[4 ... 5] and vulnerabilities.lastFound: [now-1M ... now]
So the last option is the lastFound date. The first time an issue is found the lastFound, FirstFound dates would be the same.
Please let me know if this helps or not and if you have questions, if you need a widget let me know and I will try to code it up for you.
In AssetView a query will return a list of Assets. Are you trying to return a list of assets that have any active vulnerabilities or a specific vulnerability? You can do either by creating a tag that looks evaluates to true for what you are trying to find. You could also create a tag that evaluates to true based on a date based query and use the two together. I would more detailed description of exactly what you expect as your results to provide any detailed explanation or examples.
Retrieving data ...