There’s a new initiative from the US CyberSecurity & Infrastructure Security Agency.
They publish a list of known exploited vulnerabilities. Nice, isn’t it?
They publish a json version of the catalog. So I wanted a PowerShell function able to get the list of recently added vulnerabilities, the same way it’s presented in this news article from bleepingcomputer.com or this one.
Let me introduce
Get-Help Get-CISAVulnerabilitiesReport
Get-CISAVulnerabilitiesReport | Measure-Object
Get-CISAVulnerabilitiesReport -Last 3
Get-CISAVulnerabilitiesReport -StartDate (Get-Date).AddDays(-15) | ogv
Here’s the full code of the function, enjoy 🙂
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-CISAVulnerabilitiesReport { | |
| <# | |
| .SYNOPSIS | |
| Get known exploited vulnerabilities | |
| .DESCRIPTION | |
| Get the known exploited vulnerabilities catalog from CISA | |
| .PARAMETER StartDate | |
| Datetime object used to filter the catalog | |
| .PARAMETER Last | |
| Last number of entries in the catalog sorted by published date | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport | |
| Get all the known exploited vulnerabilities from the catalog published by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport | Measure-Object | |
| Get the count of all the known exploited vulnerabilities published in the catalog by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport -Last 3 | |
| Get the 3 most recent known exploited vulnerabilities from the catalog published by CISA | |
| .EXAMPLE | |
| Get-CISAVulnerabilitiesReport -StartDate (Get-Date).AddDays(-15) | |
| Get the known exploited vulnerabilities from the catalog published by CISA over the last 15 days | |
| #> | |
| [CmdletBinding(DefaultParameterSetName='__AllParameterSets')] | |
| Param( | |
| [Parameter(ParameterSetName = 'ByDate')] | |
| [datetime]$StartDate, | |
| [Parameter(ParameterSetName = 'ByLast')] | |
| [int32]$Last | |
| ) | |
| Begin {} | |
| Process { | |
| $HT = @{ | |
| URI = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json' | |
| ErrorAction = 'Stop' | |
| UseBasicParsing = [switch]::Present | |
| } | |
| try { | |
| $vuln = (Invoke-RestMethod @HT).vulnerabilities | | |
| ForEach-Object -Process { | |
| [PSCustomObject]@{ | |
| CVEId = $_.cveID | |
| Vendor = $_.vendorProject | |
| ProductName = $_.product | |
| Name = $_.vulnerabilityName | |
| StartDate = ([datetime]$_.dateAdded) | |
| Description = $_.shortDescription | |
| ActionRequired = $_.requiredAction | |
| DueDate = ([datetime]$_.dueDate) | |
| } | |
| } | |
| } catch { | |
| Write-Warning -Message "Failed to get data from CISA because $($_.Exception.Message)" | |
| } | |
| if ($vuln) { | |
| Switch ($PSCmdlet.ParameterSetName) { | |
| 'ByDate' { | |
| $vuln | Where-Object { $_.StartDate -gt $StartDate } | |
| break | |
| } | |
| 'ByLast' { | |
| $vuln | Sort-Object -Property StartDate -Descending | Select-Object -First $Last | |
| break | |
| } | |
| default { | |
| $vuln | |
| } | |
| } | |
| } | |
| } | |
| End {} | |
| } |
>_ 