Anyone have the sql query to extract -
Fixlet ID, Name, CVE Id
I know i can do this via soap/web reports, but need via direct sql query if possible.
Thanks.
Anyone have the sql query to extract -
Fixlet ID, Name, CVE Id
I know i can do this via soap/web reports, but need via direct sql query if possible.
Thanks.
I’ll probably stand corrected on this but I don’t think the this data is in distinct columns in the database so it’s not going be a straight forward SQL query to get it directly through the SQL alone.
Its a bad idea to go to SQL directly as the schema can change at any time on you.
Bad idea maybe, but do you have the query
If you’re running 9.2.5 or higher, the query is much more straightforward:
SELECT t.SiteID, t.ContentID, t.Name, f.CVE
FROM EXTERNAL_FIXLET_TRANSLATIONS t INNER JOIN EXTERNAL_FIXLETS f
ON t.SiteID = f.SiteID AND t.ContentID = f.ContentID
WHERE t.LangID = 'ENU' AND t.SiteID = 2
This query is for the Patches for Windows site (SiteID 2).
awesome, thank you very much !
I know you want to get it through SQL, but this is how you would do it with session relevance, which will work through SOAP, WebReports, RESTAPI and other options:
(id of it, name of it, cve id list of it, name of site of it) of bes fixlets whose(exists cve id lists whose(it as trimmed string != "" AND it as trimmed string != "N/A" AND it as trimmed string as lowercase != "unspecified") of it)
All CVEs:
unique values of (it as trimmed string) of (substrings separated by "," of it) of (substrings separated by ";" of it) of cve id lists of bes fixlets whose(exists cve id lists whose(it as trimmed string != "" AND it as trimmed string != "N/A" AND it as trimmed string as lowercase != "unspecified") of it)
Slightly off topic, does anyone have a process to map a cve-id to cvss rating ?
I’m happy to download a file that contains this information, but struggling to find anything workable.
Even better if ibm would add cvss to their fixlet content
Thanks
I will send you my work-in-progress dashboard to display CVEs along with the CVSS base scores.
I have mailed you, let me know if you didn’t receive it … thanks !
Leewei, this process is sweet. For customers that don’t use console dashboards, is there a way to query the cvss (after your exe has completed) to extract this data directly from SQL ?
A great place to get some really nice data is on IBM’s X-Force exchange.
Just search for your CVE to get a full rundown with rich data and easy to see details including scores, vectors, impacts, affected products and dependent products here’s an example
Thanks for the info. Leewei has actually developed a fantastic dashboard with all the mitre information I require, my question is how to extract the data he pulls from his executable from the bigfix db directly ?