# EDA Using SQL
In this notebook we shall analyse the following three tables
1. linux_server_table
2. location_table
3. owner_table





## linux_server_table
This table contains information regarding the linux servers owned by the customer.  
The primary key is the _sys_id_ column.

In [66]:
SELECT TOP 100 *
FROM linux_server_project..linux_server_table;

sys_id,distribution,kernel_ver,total_vul,vul_patched,ip4_add,owner_id,last_update_date
APP010225574,SUSE,4.12.0,318,165,172.26.47.139,eu_69372,2023-11-09 00:05:13.787
APP010532937,SUSE,4.12.0,278,111,192.168.138.252,eu_22256,2023-10-29 00:05:13.787
APP010996887,Debian,5.10.0,167,118,192.168.131.55,us_57346,2023-11-25 00:05:13.797
APP011006239,Debian,4.19.0,304,167,10.195.10.67,us_15438,2023-11-09 00:05:13.787
APP011413819,Red Hat,4.18.0,306,195,192.168.226.85,eu_51465,2023-11-22 00:05:13.800
APP011543035,SUSE,5.10.0,204,163,172.27.214.113,us_15438,2023-12-06 00:05:13.787
APP012341320,Debian,4.19.0,294,108,10.90.243.30,au_86362,2023-10-26 00:05:13.800
APP012793716,Debian,5.15.0,196,115,10.240.66.165,eu_77467,2023-11-04 00:05:13.800
APP013070535,Ubuntu,5.4.0,210,170,192.168.209.186,au_11362,2023-11-23 00:05:13.787
APP013075624,CentOS,4.18.0,308,147,10.133.136.160,au_40513,2023-10-28 00:05:13.787


## owner_table
Gives information of the owners associated with the said servers.  
Primary key is _owner_table_

In [67]:
SELECT *
FROM linux_server_project..owner_table;

owner_id,location_id,first_name,last_name
au_11362,1,Zachary,Holland
au_15315,1,Autumn,Miranda
au_16507,1,Eduardo,Chen
au_18036,1,Amber,Mccoy
au_25552,1,Stephanie,Miller
au_40513,1,Aaron,Howard
au_75432,1,Kimberly,Dominguez
au_77600,1,Sarah,Davis
au_86362,1,Dakota,Olson
au_89783,1,Shelby,Thompson


## location_table
Gives information on the location of the servers.  
Primary key is _location_id_

In [68]:
SELECT *
FROM linux_server_project..location_table;

location_id,location
1,Australia
2,European Union
3,United States


## Q1. What is the total number of vulnerabilities in all servers?

In [69]:
SELECT 
    SUM(total_vul) all_vulnerabilities
FROM
    linux_server_project..linux_server_table;

all_vulnerabilities
265737


## Q2. What is the percentage of vulnerabilities that have been patched?

In [70]:
SELECT
    ROUND(SUM(vul_patched) * 1.0 / SUM(total_vul), 2) as percent_patched
FROM
    linux_server_project..linux_server_table;

percent_patched
0.53


## Q3. For all the servers, which distribution seemed to have the most vulnerability?

In [71]:
SELECT TOP 1
    distribution
    ,SUM(total_vul) total_vulnerabilities
FROM
    linux_server_project..linux_server_table
GROUP BY
    distribution
ORDER BY 
    2 DESC;

distribution,total_vulnerabilities
CentOS,60247


## Q4. For all the servers, which kernel version seemed to be accompanied by most number of vulnerabilities?

In [72]:
SELECT TOP 1
    kernel_ver
    ,SUM(total_vul) total_vulnerabilities
FROM
    linux_server_project..linux_server_table
GROUP BY
    kernel_ver
ORDER BY 
    2 DESC;

kernel_ver,total_vulnerabilities
3.10.0,48892


## Q5. For all owner_id's, which had the most number of vulnerabilities?

In [73]:
SELECT TOP 1
    owner_id
    ,SUM(total_vul) total_vulnerabilities
FROM
    linux_server_project..linux_server_table
GROUP BY
    owner_id
ORDER BY 
    2 DESC;

owner_id,total_vulnerabilities
au_18036,13627


## Q6. Get the minimum, average, and maximum vulnerabilty for all the systems.

In [74]:
SELECT
    MIN(total_vul) min_vul
    ,AVG(total_vul) avg_vul
    ,MAX(total_vul) max_vul
FROM 
    linux_server_project..linux_server_table;

min_vul,avg_vul,max_vul
130,265,442


## Q7. Calculate the minimum, average, and maximum patching ratio.

In [75]:
SELECT
    ROUND(MIN(vul_patched * 1.0 / total_vul), 2) min_patch
    ,ROUND(AVG(vul_patched * 1.0 / total_vul), 2) avg_patch
    ,ROUND(MAX(vul_patched * 1.0 / total_vul), 2) max_patch
FROM 
    linux_server_project..linux_server_table;

min_patch,avg_patch,max_patch
0.16,0.56,0.85


## Q8. Find the linux distribution wise breakdown of the server count.

In [76]:
SELECT
    distribution,
    COUNT(*) no_of_servers
FROM
    linux_server_project..linux_server_table
GROUP BY
    distribution
ORDER BY
    2 DESC;


distribution,no_of_servers
Ubuntu,206
CentOS,205
SUSE,205
Red Hat,196
Debian,188


## Q9. Find the kernel version wise breakdown of server count.

In [77]:
SELECT
    kernel_ver
    ,COUNT(*) no_of_servers
FROM
    linux_server_project..linux_server_table
GROUP BY
    kernel_ver
ORDER BY
    2 DESC;

kernel_ver,no_of_servers
5.10.0,195
4.19.0,142
4.18.0,139
5.6.0,139
3.10.0,123
5.4.0,81
4.12.0,68
4.15.0,67
5.15.0,46


## Q10. What is the average duration since last update?


In [78]:
SELECT
    AVG(DATEDIFF(DAY, last_update_date, GETDATE())) avg_days_since_last_update
FROM
    linux_server_project..linux_server_table;

avg_days_since_last_update
38


## Q10. Find top 10 systems with most vulnerabilities, also find the names of their owners and their location.

In [79]:
SELECT TOP 10
    li.sys_id
    ,li.distribution
    ,li.kernel_ver
    ,li.total_vul
    ,li.owner_id
    ,CONCAT(ow.first_name, ' ', ow.last_name) owner_name
    ,lo.[location]
FROM
    linux_server_project..linux_server_table li
    LEFT JOIN
    linux_server_project..owner_table ow 
    ON li.owner_id = ow.owner_id
    LEFT JOIN
    linux_server_project..location_table lo
    ON ow.location_id = lo.location_id
ORDER BY li.total_vul DESC


sys_id,distribution,kernel_ver,total_vul,owner_id,owner_name,location
SYS075180175,CentOS,3.10.0,442,au_89783,Shelby Thompson,Australia
WEB097920698,CentOS,3.10.0,442,eu_56544,Peggy Morales,European Union
SYS096571912,CentOS,3.10.0,439,eu_10858,Sean Maldonado,European Union
WEB042690973,CentOS,3.10.0,431,us_52113,Tracy Williams,United States
SYS063465543,Red Hat,3.10.0,426,us_19904,Rebecca Stevens,United States
APP113938522,Red Hat,3.10.0,426,us_10113,Ashley Donovan,United States
SYS037354541,CentOS,3.10.0,424,us_10113,Ashley Donovan,United States
WEB107128474,Red Hat,3.10.0,423,eu_23263,John Howard,European Union
SYS056333129,CentOS,3.10.0,422,au_25552,Stephanie Miller,Australia
APP107848013,Red Hat,3.10.0,421,eu_69372,Isabel Miller,European Union


## Q11. Find locationwise distribution of servers.

In [80]:
SELECT
    lo.[location]
    ,COUNT(*) no_of_servers
FROM
    linux_server_project..linux_server_table li 
    LEFT JOIN
    linux_server_project..owner_table ow 
    ON li.owner_id = ow.owner_id
    LEFT JOIN
    linux_server_project..location_table lo 
    ON ow.location_id = lo.location_id
GROUP BY
    lo.[location]
ORDER BY 2 DESC

location,no_of_servers
Australia,430
European Union,295
United States,275


## Q12. Find the users who have the most number of servers under their name.

In [81]:
SELECT
    ow.owner_id
    ,CONCAT(ow.first_name, ' ', ow.last_name) full_name
    ,lo.[location]
    ,COUNT(*) no_of_servers
FROM
    linux_server_project..linux_server_table li 
    LEFT JOIN
    linux_server_project..owner_table ow 
    ON li.owner_id = ow.owner_id
    LEFT JOIN
    linux_server_project..location_table lo 
    ON ow.location_id = lo.location_id
GROUP BY
    ow.owner_id
    ,CONCAT(ow.first_name, ' ', ow.last_name)
    ,lo.[location]
ORDER BY 4 DESC

owner_id,full_name,location,no_of_servers
au_18036,Amber Mccoy,Australia,52
au_89783,Shelby Thompson,Australia,47
us_52113,Tracy Williams,United States,47
au_77600,Sarah Davis,Australia,46
au_86362,Dakota Olson,Australia,46
au_11362,Zachary Holland,Australia,44
au_40513,Aaron Howard,Australia,43
eu_77467,Megan Lee,European Union,42
au_25552,Stephanie Miller,Australia,41
eu_22256,Ryan Cruz,European Union,41


## Q13. Create a view with all the necessary info from all the tables.

In [82]:
USE linux_server_project
GO

CREATE OR ALTER VIEW server_info_view AS
(
SELECT
    li.sys_id
    ,li.distribution
    ,li.kernel_ver
    ,li.total_vul
    ,li.vul_patched
    ,li.ip4_add
    ,li.last_update_date
    ,ow.owner_id
    ,CONCAT(ow.first_name, ' ', ow.last_name) owner_name
    ,lo.location
FROM
    linux_server_project..linux_server_table li 
    LEFT JOIN
    linux_server_project..owner_table ow 
    ON li.owner_id = ow.owner_id
    LEFT JOIN
    linux_server_project..location_table lo 
    ON ow.location_id = lo.location_id
)

In [83]:
SELECT TOP 10 *
FROM linux_server_project..server_info_view;

sys_id,distribution,kernel_ver,total_vul,vul_patched,ip4_add,last_update_date,owner_id,owner_name,location
APP010225574,SUSE,4.12.0,318,165,172.26.47.139,2023-11-09 00:05:13.787,eu_69372,Isabel Miller,European Union
APP010532937,SUSE,4.12.0,278,111,192.168.138.252,2023-10-29 00:05:13.787,eu_22256,Ryan Cruz,European Union
APP010996887,Debian,5.10.0,167,118,192.168.131.55,2023-11-25 00:05:13.797,us_57346,Joseph Woodward,United States
APP011006239,Debian,4.19.0,304,167,10.195.10.67,2023-11-09 00:05:13.787,us_15438,Kristen Mosley,United States
APP011413819,Red Hat,4.18.0,306,195,192.168.226.85,2023-11-22 00:05:13.800,eu_51465,Charles Bradley,European Union
APP011543035,SUSE,5.10.0,204,163,172.27.214.113,2023-12-06 00:05:13.787,us_15438,Kristen Mosley,United States
APP012341320,Debian,4.19.0,294,108,10.90.243.30,2023-10-26 00:05:13.800,au_86362,Dakota Olson,Australia
APP012793716,Debian,5.15.0,196,115,10.240.66.165,2023-11-04 00:05:13.800,eu_77467,Megan Lee,European Union
APP013070535,Ubuntu,5.4.0,210,170,192.168.209.186,2023-11-23 00:05:13.787,au_11362,Zachary Holland,Australia
APP013075624,CentOS,4.18.0,308,147,10.133.136.160,2023-10-28 00:05:13.787,au_40513,Aaron Howard,Australia


## Q14. Find the different types of system classification.

In [84]:
SELECT
    LEFT(sys_id, 3) system_type
FROM
    linux_server_project..server_info_view
GROUP BY
    LEFT(sys_id, 3)

system_type
WEB
APP
SYS


## Q15. Count the number of systems for each type.

In [85]:
SELECT
    LEFT(sys_id, 3) system_type
    ,COUNT(*) no_of_servers
FROM
    linux_server_project..server_info_view
GROUP BY
    LEFT(sys_id, 3)

system_type,no_of_servers
WEB,319
APP,326
SYS,355


## Q 16. Find the average number of vulnerabilities for location and linux distribution.

In [88]:
SELECT
    location
    ,distribution
    ,COUNT(*) num_of_servers
    ,AVG(total_vul) avg_vul
FROM 
    linux_server_project..server_info_view
GROUP BY
    location
    ,distribution
ORDER BY
    1

location,distribution,num_of_servers,avg_vul
Australia,CentOS,96,301
Australia,Debian,87,235
Australia,Red Hat,70,290
Australia,SUSE,92,266
Australia,Ubuntu,85,232
European Union,CentOS,56,289
European Union,Debian,49,244
European Union,Red Hat,66,298
European Union,SUSE,62,259
European Union,Ubuntu,62,232


## Q17. Calculate the percentage of patched vulnerabilites for different locations.

In [93]:
SELECT
    location
    ,SUM(vul_patched) vul_patched
    ,SUM(total_vul) total_vul
    ,ROUND((SUM(vul_patched) * 1.0 / SUM(total_vul)) * 100, 2) percent_patched
FROM 
    linux_server_project..server_info_view
GROUP BY
    location


location,vul_patched,total_vul,percent_patched
United States,37678,73275,51.42
Australia,60301,114064,52.87
European Union,41805,78398,53.32


## Q18. Find all systems for which more than 80% of the vulnerabilities are not patched.

In [103]:
WITH patch_stat AS
(
    SELECT
    sys_id
    ,owner_id
    ,owner_name
    ,(vul_patched * 1.0 / total_vul) * 100 patch_percent
    FROM 
        linux_server_project..server_info_view
) 
SELECT
    *
FROM
    patch_stat
WHERE
    patch_stat.patch_percent <= 20

sys_id,owner_id,owner_name,patch_percent
SYS084064936,au_11362,Zachary Holland,18.9119170984
APP115186893,au_16507,Eduardo Chen,17.0
APP080106513,au_25552,Stephanie Miller,16.9902912621
SYS056333129,au_25552,Stephanie Miller,19.9052132701
APP121957618,au_75432,Kimberly Dominguez,15.9493670886
APP127383477,au_75432,Kimberly Dominguez,19.9481865284
SYS122145623,au_86362,Dakota Olson,19.8492462311
WEB128723434,au_86362,Dakota Olson,19.8979591836
SYS096571912,eu_10858,Sean Maldonado,17.9954441913
WEB109642356,eu_11838,Elizabeth Nichols,18.0


## Q19. Find all servers that haven't been patched since last 60 days.

In [118]:
WITH days_cte AS
(SELECT
    sys_id
    ,owner_id
    ,last_update_date
    ,MAX(last_update_date) OVER() last_day
FROM 
    linux_server_project..server_info_view)
SELECT
    days_cte.sys_id
    ,days_cte.owner_id
    ,DATEDIFF(DAY, days_cte.last_update_date, days_cte.last_day) days_since_last_update
FROM
    days_cte
WHERE
    DATEDIFF(DAY, days_cte.last_update_date, days_cte.last_day) >= 60
ORDER BY 3 DESC;

sys_id,owner_id,days_since_last_update
WEB107526775,eu_22256,78
WEB128723434,au_86362,77
SYS116846022,eu_56544,76
SYS122145623,au_86362,76
APP121957618,au_75432,75
APP107877291,us_68077,74
SYS116540519,eu_51465,74
WEB109642356,eu_11838,74
WEB011128052,us_10113,73
APP127570594,au_18036,73


## Q20. Find the user with the third most total vulnerabilities in each location.

In [127]:
WITH vul_cte AS (
    SELECT
        owner_id
        ,owner_name
        ,location
        ,SUM(total_vul) total_vulnerabilities
    FROM
        linux_server_project..server_info_view
    GROUP BY
        owner_id
        ,owner_name
        ,location
),
ranked_cte AS (
    SELECT
        owner_id
        ,owner_name
        ,location
        ,DENSE_RANK() OVER(PARTITION BY location ORDER BY total_vulnerabilities DESC) rank_by_vul
    FROM
        vul_cte
)
SELECT *
FROM ranked_cte
WHERE rank_by_vul = 3;

owner_id,owner_name,location,rank_by_vul
au_11362,Zachary Holland,Australia,3
eu_56544,Peggy Morales,European Union,3
us_15438,Kristen Mosley,United States,3


## Q21. Create a table that has users with the most and least number of patches to fix.

In [131]:
WITH least_cte AS (
    SELECT TOP 1
        owner_id
        ,owner_name
        ,location
        ,MIN(total_vul - vul_patched) as patches_remaining
    FROM 
        linux_server_project..server_info_view
    GROUP BY
        owner_id
        ,owner_name
        ,location
    ORDER BY 4
), 
most_cte AS (
    SELECT TOP 1
        owner_id
        ,owner_name
        ,location
        ,MAX(total_vul - vul_patched) as patches_remaining
    FROM 
        linux_server_project..server_info_view
    GROUP BY
        owner_id
        ,owner_name
        ,location
    ORDER BY 4 DESC
)
SELECT *
FROM least_cte
UNION
SELECT *
FROM most_cte

owner_id,owner_name,location,patches_remaining
au_16507,Eduardo Chen,Australia,27
eu_10858,Sean Maldonado,European Union,360


## Q22. Find the number of servers who have less patched vulnerabilites than the average.

In [133]:
SELECT 
    COUNT(*) servers_below_avg_patches
FROM 
    linux_server_project..server_info_view
WHERE
    vul_patched < (
        SELECT 
            AVG(vul_patched)
        FROM
            linux_server_project..server_info_view
    )
    

servers_below_avg_patches
500


## Q23. Find the most popular distro in each location.

In [137]:
WITH distro_cte AS (
    SELECT
        location
        ,distribution
        ,COUNT(*) as num_of_server
    FROM
        linux_server_project..server_info_view
    GROUP BY
        location
        ,distribution
),
ranked_cte AS (
    SELECT
        location
        ,distribution
        ,num_of_server
        ,DENSE_RANK() OVER(PARTITION BY location ORDER BY num_of_server DESC) rank
    FROM
        distro_cte
)
SELECT
    *
FROM
    ranked_cte
WHERE
    rank = 1

location,distribution,num_of_server,rank
Australia,CentOS,96,1
European Union,Red Hat,66,1
United States,Red Hat,60,1


## Q24. Find all the servers that have been patched during the last 30 days and have a patch percent of 75% or above.

In [146]:
WITH days_cte AS
(SELECT
    sys_id
    ,owner_id
    ,(vul_patched * 1.0 / total_vul) * 100 patch_percent
    ,last_update_date
    ,MAX(last_update_date) OVER() last_day
FROM
    linux_server_project..server_info_view)
SELECT
    sys_id
    ,owner_id
    ,patch_percent
    ,DATEDIFF(DAY, last_update_date, last_day) interval_in_days
FROM
    days_cte
WHERE
    (patch_percent >= 75) 
    AND 
    (DATEDIFF(DAY, last_update_date, last_day) <= 30)


sys_id,owner_id,patch_percent,interval_in_days
APP011543035,us_15438,79.9019607843,6
APP013070535,au_11362,80.9523809523,19
APP014078594,eu_56544,75.7990867579,7
APP018214862,eu_10858,77.9342723004,11
APP024770057,us_52113,75.9615384615,25
APP025851496,eu_56544,82.9787234042,18
APP026701451,eu_11838,82.6530612244,3
APP028347389,us_68077,82.5242718446,8
APP030863534,au_18036,79.7619047619,20
APP030969027,au_77600,79.8882681564,6


## Q25. Organize the servers by the day they were patched, and calculate a running sum of total vulnerabilites, and of the patched vulnerabilites

In [156]:
SELECT
    sys_id
    ,owner_id
    ,last_update_date
    ,SUM(total_vul) OVER(ORDER BY last_update_date ROWS BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW) cumsum_total_vul
    ,SUM(vul_patched) OVER(ORDER BY last_update_date ROWS BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW) cumsum_vul_patched
FROM
    linux_server_project..server_info_view
-- WHERE
--     total_vul = 0

sys_id,owner_id,last_update_date,cumsum_total_vul,cumsum_vul_patched
WEB107526775,eu_22256,2023-09-25 00:05:13.800,406,69
WEB128723434,au_86362,2023-09-26 00:05:13.787,798,147
SYS116846022,eu_56544,2023-09-27 00:05:13.787,1193,214
SYS122145623,au_86362,2023-09-27 00:05:13.787,1591,293
APP121957618,au_75432,2023-09-28 00:05:13.800,1986,356
SYS116540519,eu_51465,2023-09-29 00:05:13.787,2382,439
WEB109642356,eu_11838,2023-09-29 00:05:13.787,2782,511
APP107877291,us_68077,2023-09-29 00:05:13.800,3194,593
APP103406080,eu_22256,2023-09-30 00:05:13.787,3576,665
APP080106513,au_25552,2023-09-30 00:05:13.787,3988,735
