0

Is there a KQL query to get a list of VMs which are not patched since last month. Below is the sample I have

Update | where Classification in ("Security Updates", "Critical Updates") | where UpdateState == 'Needed' and Optional == false and Approved == true | summarize count() by Classification, Computer, _ResourceId // This query requires the Security or Update solutions

How to apply the filter to just show the ones which are due since one month

Improve this question

1 Answer 1

Reset to default
0

I was able to achieve that

Update //|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" | where Classification in ("Security Updates", "Critical Updates") | where PublishedDate <= ago(30d) | where startofday(TimeGenerated) == startofday(now()) | project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId | sort by TimeGenerated desc | summarize any(KBID) by KBID, Title, Computer
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.