PowerShell Query CISA Known Exploited Vulnerabilities

Function Get-CISAVulnerabilitiesReport {
<#
    .SYNOPSIS
        Get known exploited vulnerabilities

    .DESCRIPTION
        Get the known exploited vulnerabilities catalog from CISA

    .PARAMETER StartDate
        Datetime object used to filter the catalog

    .PARAMETER Last
        Last number of entries in the catalog sorted by published date

    .EXAMPLE
        Get-CISAVulnerabilitiesReport

        Get all the known exploited vulnerabilities from the catalog published by CISA

    .EXAMPLE
        Get-CISAVulnerabilitiesReport | Measure-Object

        Get the count of all the known exploited vulnerabilities published in the catalog by CISA

    .EXAMPLE
        Get-CISAVulnerabilitiesReport -Last 3

        Get the 3 most recent known exploited vulnerabilities from the catalog published by CISA
    .EXAMPLE
        Get-CISAVulnerabilitiesReport -StartDate (Get-Date).AddDays(-15)

        Get the known exploited vulnerabilities from the catalog published by CISA over the last 15 days
#>
[CmdletBinding(DefaultParameterSetName='__AllParameterSets')]
Param(
    [Parameter(ParameterSetName = 'ByDate')]
    [datetime]$StartDate,

    [Parameter(ParameterSetName = 'ByLast')]
    [int32]$Last
)
Begin {}
Process {
    $HT = @{
        URI = 'https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json'
        ErrorAction = 'Stop'
        UseBasicParsing = [switch]::Present
    }
    try {
        $vuln = (Invoke-RestMethod @HT).vulnerabilities |
        ForEach-Object -Process {
            [PSCustomObject]@{
                CVEId = $_.cveID
                Vendor = $_.vendorProject
                ProductName = $_.product
                Name = $_.vulnerabilityName
                StartDate =  ([datetime]$_.dateAdded)
                Description = $_.shortDescription
                ActionRequired = $_.requiredAction
                DueDate = ([datetime]$_.dueDate)
            }
        }
    } catch {
        Write-Warning -Message "Failed to get data from CISA because $($_.Exception.Message)"
    }
    if ($vuln) {
        Switch ($PSCmdlet.ParameterSetName) {
            'ByDate' {
                $vuln | Where-Object { $_.StartDate -gt $StartDate }
                break
            }
            'ByLast' {
                $vuln | Sort-Object -Property StartDate -Descending | Select-Object -First $Last
                break
            }
            default {
                $vuln
            }
        }
    }
}
End {}
}

Leave a Reply

Your email address will not be published. Required fields are marked *