DomainControllersWithTheMostVulnerabilities.md

Domain Controllers with the most vulnerabilities

---

Defender For Endpoint

let AllDomainControllers =
     DeviceNetworkEvents
     | where LocalPort == 88
     | where LocalIPType == "FourToSixMapping"
     | summarize make_set(DeviceId);
DeviceTvmSoftwareVulnerabilities
| where DeviceId has_any (AllDomainControllers)
| summarize TotalVulnerabilities = count(), VulnerabeCVE = make_set(CveId) by DeviceName
| sort by TotalVulnerabilities