Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SCCM Windows KB# and Dates

JRamirezEnosys
Explorer
‎01-01-2018 09:36 PM

Hi everybody,

We just started to ingest SCCM v1606 Logs into our Splunk, the main goal is to see the following:

-See which KB#'s (Windows Patch) are installed on a particular device.
-Use a lookup Table to know the date the KB#'s were released and its severity.
-Separate the logs by Operative System.
-Display it on a time-chart that will let us know if the device have the latest most important patches or compliance level.

I was able to achieve the first and third objective with a single SQL Query on the DB Connect

  SELECT
DisplayName0, Publisher0, S.Name0, S.User_Name0, S.Last_Logon_Timestamp0, S.Operating_System_Name_and0
FROM "CM_SFW"."dbo"."v_Add_Remove_Programs" P
Join v_R_System S on P.ResourceId = S.ResourceId
Where DisplayName0 like '%KB%'

The 4th objective is achievable but at this point in time I haven't been able to find a csv (objective 2) file with all the KB#'s that also contain the release dates (and a CVE would be also a great addition)

I wasn't able to find the KB's release dates on the SCCM, so if you could advice of a CSV file that contain these details or if it is accessible through SCCM (and the Query).

Reply
1 Solution
Solved! Jump to solution
Solution

mjeffery_splunk
Splunk Employee
Splunk Employee
‎01-02-2018 12:28 PM

MS decided that they will no longer have their KB list published so that you can just download the Excel file (to be exported to CSV) and now require that you use their API and PowerShell. At least you can programatically download the KB list periodically and import that into Splunk as JSON.

You will need to sign-in here: https://portal.msrc.microsoft.com/en-us/developer

Then download the PS package here: https://www.powershellgallery.com/packages/MsrcSecurityUpdates/1.7.2

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nychawk
Communicator
‎05-10-2018 10:41 AM

Have you gotten any further ahead in this initiive?

I am looking to build a dashboard for statistics on complianceto patching requirements, and perhaps confirm machines known by SCCM vs. our actual numbers.

Any help greatly appreciated.

0 Karma
Reply
Solved! Jump to solution
Solution

mjeffery_splunk
Splunk Employee
Splunk Employee
‎01-02-2018 12:28 PM

MS decided that they will no longer have their KB list published so that you can just download the Excel file (to be exported to CSV) and now require that you use their API and PowerShell. At least you can programatically download the KB list periodically and import that into Splunk as JSON.

You will need to sign-in here: https://portal.msrc.microsoft.com/en-us/developer

Then download the PS package here: https://www.powershellgallery.com/packages/MsrcSecurityUpdates/1.7.2

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...