Function Get-CISAVulnerabilitiesReport {
<#
.SYNOPSIS
Get known exploited vulnerabilities
.DESCRIPTION
Get the known exploited vulnerabilities catalog from CISA
.PARAMETER StartDate
Datetime object used to filter the catalog
.PARAMETER Last
Last number of entries in the catalog sorted by published date
.EXAMPLE
Get-CISAVulnerabilitiesReport
Get all the known exploited vulnerabilities from the catalog published by CISA
.EXAMPLE
Get-CISAVulnerabilitiesReport | Measure-Object
Get the count of all the known exploited vulnerabilities published in the catalog by CISA
.EXAMPLE
Get-CISAVulnerabilitiesReport -Last 3
Get the 3 most recent known exploited vulnerabilities from the catalog published by CISA
.EXAMPLE
Get-CISAVulnerabilitiesReport -StartDate (Get-Date).AddDays(-15)
Get the known exploited vulnerabilities from the catalog published by CISA over the last 15 days
#>
[CmdletBinding(DefaultParameterSetName='__AllParameterSets')]
Param(
[Parameter(ParameterSetName = 'ByDate')]
[datetime]$StartDate,
[Parameter(ParameterSetName = 'ByLast')]
[int32]$Last
)
Begin {}
Process {
$HT = @{
URI = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'
ErrorAction = 'Stop'
UseBasicParsing = [switch]::Present
}
try {
$vuln = (Invoke-RestMethod @HT).vulnerabilities |
ForEach-Object -Process {
[PSCustomObject]@{
CVEId = $_.cveID
Vendor = $_.vendorProject
ProductName = $_.product
Name = $_.vulnerabilityName
StartDate = ([datetime]$_.dateAdded)
Description = $_.shortDescription
ActionRequired = $_.requiredAction
DueDate = ([datetime]$_.dueDate)
}
}
} catch {
Write-Warning -Message "Failed to get data from CISA because $($_.Exception.Message)"
}
if ($vuln) {
Switch ($PSCmdlet.ParameterSetName) {
'ByDate' {
$vuln | Where-Object { $_.StartDate -gt $StartDate }
break
}
'ByLast' {
$vuln | Sort-Object -Property StartDate -Descending | Select-Object -First $Last
break
}
default {
$vuln
}
}
}
}
End {}
}
Just hacking around a bit