I need to make a search that can list the different IP (On occasions the ip will not be in the previous month but in the current month.) and vulnerabilities of the current month and last month in two columns.
example, this correct, manual
Ip - Last month - Current Month
192.168.32.3 - 3 - 1
192.168.32.8 - 10 - 5
192.168.32.162 - 5 - 0
192.168.32.165 - 4 - 1
but the source is inconsistent
192.168.32.3 - 0 - 1
192.168.32.8 - 1 - 4
192.168.32.162 - 1 - 0
192.168.32.163 -4 - 1
192.168.32.165 -3 - 5
when a new ip data is changed, is incorrect
sourcetype=" " org_id="" earliest=-1mon@mon latest=@mon NOT vuln_risk=0 | chart count over ip by vuln_risk | addtotals fieldname="Current Month" |appendcols [search sourcetype=" " org_id="" earliest=-1mon@mon-1@mon latest=@mon-1@mon NOT vuln_risk=0 | chart count over ip by vuln_risk | addtotals fieldname="Previous Month"]|fields - 1,4,8 | rename ip as "Vulnerable Hosts" | sort - "Current Month"
Anyone have a better idea???? Please
... View more