Hi All,
I've been using the Splunk Add-on for Tenable to import the network scans from Nessus Professional. This part works great, searches are fine. I wanted to go to the next step and create a dashboard with all my critical vulnerabilities and how many IPs are affected.
I've managed to kludge together a query to get a nice looking table - but can't seem to take the next step into:
Taking each signature and creating a panel out of it
Get the number of IPs that are affected by said signature as a sigle value in the panel for the signature
Right now my query is
sourcetype="nessus" OR sourcetype="nessus:scan" (severity="critical") | stats values(signature) as signature by dest, severity
It comes out with a table
dest severity signature
10.128.20.10 critical Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
PHP Unsupported Version Detection
Is this the best way to get to my requirement? Not sure how to integrate this into a panel.
Thanks for your help
--Dave
... View more
Hi all,
Seem to not be getting much except Network Incidents Per Hour with new Splunk 7 install and New Palo Alto Networks App and Add-on.
When I click on 'Open in Search' I get 'undefined' in the search window. Any ideas what I may be missing? Everything installed stock. Firewalls sysloging directly to Spunk UDP 520, see different logs for traffic, threat, system on the search page.
Thanks for any ideas folks may have,
... View more