Hi All!
I have following query, I want to schedule a report for this for every night.
When I export this to CSV after searching the fields get all mixed up.
Any idea on how to rewrite this to get similar results but would work well in CSV?
index=rapid7 nexpose_severity=Severe OR nexpose_severity=Critical "tag::eventtype"=vulnerability site_id=64 OR site_id=55 OR site_id=63 OR site_id=62 | eval site_info=case(site_id==63,"Public IPs: Corp IT 2", site_id==64 ,"Public IPs:3", site_id==62,"Public IPs: Corp 4",site_id==23,"Corp - Office - 1",site_id==60,"Rapid7 Insight Agents", site_id=55,"Public IPs: 5")| stats values(signature) AS "Vulnerabilities", values(cve) AS "CVE", values(nexpose_severity) AS "Severity", values(site_info) AS "Site ID", values(date_added) AS "DATE_ADDED" distinct_count(cve) AS distinct_count_vulnerabilities by ip | sort -distinct_count_vulnerabilities
Thanks in advance for your help !
... View more