当 运行 单独查询 returns 结果时,当我将它添加到更大的查询时 returns 一个不明确的引用
Query returns results when running it individually, returns an ambiguous reference when I add it to a larger query
我正在尝试编写一个按主机名汇总漏洞并包含有关该主机的信息的查询。在 Rapid7 InsightVM
中查询是 运行
returns 资产信息的查询成功运行,除了当我将该查询附加到 return 漏洞信息时它 return 是 description 的模糊引用错误.但是 ip address、host_name 和 asset_id 值 return 就可以了。
我只是想将它们组合在一起以 return 该信息。我觉得好像缺少了一些明显的东西。
这 return 是我想要从资产 table 中得到的,包括 OS 描述(Windows、RHEL 等):
SELECT da.asset_id, da.host_name, da.ip_address, dos.description
FROM dim_asset da
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
JOIN fact_asset fa ON fa.asset_id = da.asset_id
GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description
此 return 是对描述的模糊引用,适用于 asset_id、host_name 和 ip_address:
WITH remediations AS (
SELECT DISTINCT fr.solution_id AS ultimate_soln_id, summary, fix, estimate, riskscore, dshs.solution_id AS solution_id
FROM fact_remediation(10,'riskscore DESC') fr
JOIN dim_solution ds USING (solution_id)
JOIN dim_solution_highest_supercedence dshs ON (fr.solution_id = dshs.superceding_solution_id AND ds.solution_id = dshs.superceding_solution_id)
),
assets AS (
SELECT da.asset_id, da.host_name, da.ip_address, dos.description
FROM dim_asset da
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
JOIN fact_asset fa ON fa.asset_id = da.asset_id
GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description
)
SELECT
csv(DISTINCT dv.title) AS "Vulnerability Title",
host_name AS "Asset Hostname", ip_address AS "Asset IP", description AS "OS",
round(sum(dv.riskscore)) AS "Asset Risk",
summary AS "Solution",
fix as "Fix"
FROM remediations r
JOIN dim_asset_vulnerability_solution dvs USING (solution_id)
JOIN dim_vulnerability dv USING (vulnerability_id)
JOIN assets USING (asset_id)
GROUP BY r.riskscore, host_name, ip_address, asset_id, summary, fix
ORDER BY "Asset Risk" DESC WITH remediations AS (
很可能,dim_asset_vulnerability_solution 或 dim_vulnerability 也有一个 description 字段。只需使用预期来源限定所选字段即可解决此问题。
...
a.host_name AS "Asset Hostname", a.ip_address AS "Asset IP", a.description AS "OS"
...
JOIN assets AS a USING (asset_id)
...
GROUP BY r.riskscore, a.host_name, a.ip_address, asset_id, summary, fix
注意:asset_id 不是问题,因为 USING 有一些额外的 "magic" 可以合并由它加入的引用。
评论:除非有非常具体的原因,否则 GROUP BY 不应被用作 SELECT DISTINCT 的替代品(特指资产 CTE )
我正在尝试编写一个按主机名汇总漏洞并包含有关该主机的信息的查询。在 Rapid7 InsightVM
中查询是 运行returns 资产信息的查询成功运行,除了当我将该查询附加到 return 漏洞信息时它 return 是 description 的模糊引用错误.但是 ip address、host_name 和 asset_id 值 return 就可以了。
我只是想将它们组合在一起以 return 该信息。我觉得好像缺少了一些明显的东西。
这 return 是我想要从资产 table 中得到的,包括 OS 描述(Windows、RHEL 等):
SELECT da.asset_id, da.host_name, da.ip_address, dos.description
FROM dim_asset da
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
JOIN fact_asset fa ON fa.asset_id = da.asset_id
GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description
此 return 是对描述的模糊引用,适用于 asset_id、host_name 和 ip_address:
WITH remediations AS (
SELECT DISTINCT fr.solution_id AS ultimate_soln_id, summary, fix, estimate, riskscore, dshs.solution_id AS solution_id
FROM fact_remediation(10,'riskscore DESC') fr
JOIN dim_solution ds USING (solution_id)
JOIN dim_solution_highest_supercedence dshs ON (fr.solution_id = dshs.superceding_solution_id AND ds.solution_id = dshs.superceding_solution_id)
),
assets AS (
SELECT da.asset_id, da.host_name, da.ip_address, dos.description
FROM dim_asset da
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
JOIN fact_asset fa ON fa.asset_id = da.asset_id
GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description
)
SELECT
csv(DISTINCT dv.title) AS "Vulnerability Title",
host_name AS "Asset Hostname", ip_address AS "Asset IP", description AS "OS",
round(sum(dv.riskscore)) AS "Asset Risk",
summary AS "Solution",
fix as "Fix"
FROM remediations r
JOIN dim_asset_vulnerability_solution dvs USING (solution_id)
JOIN dim_vulnerability dv USING (vulnerability_id)
JOIN assets USING (asset_id)
GROUP BY r.riskscore, host_name, ip_address, asset_id, summary, fix
ORDER BY "Asset Risk" DESC WITH remediations AS (
很可能,dim_asset_vulnerability_solution 或 dim_vulnerability 也有一个 description 字段。只需使用预期来源限定所选字段即可解决此问题。
...
a.host_name AS "Asset Hostname", a.ip_address AS "Asset IP", a.description AS "OS"
...
JOIN assets AS a USING (asset_id)
...
GROUP BY r.riskscore, a.host_name, a.ip_address, asset_id, summary, fix
注意:asset_id 不是问题,因为 USING 有一些额外的 "magic" 可以合并由它加入的引用。
评论:除非有非常具体的原因,否则 GROUP BY 不应被用作 SELECT DISTINCT 的替代品(特指资产 CTE )