I have scans (from nessus add-on). Some host was scanned more times. When I select severity="critical" I see old vulnerabilities. For example:
IP, plugin-id, timestamp
10.0.0.1, 90315, 1537252785
10.0.0.1, 90316, 1537252785
10.0.0.1, 90317, 1537252785
10.0.0.1, 90318, 1537252785
10.0.0.2, 90421, 1537187491
10.0.0.2, 90422, 1537187491
10.0.0.2, 90423, 1537187491
10.0.0.2, 90424, 1537187491
10.0.0.1, 90316, 1537624344
10.0.0.1, 90318, 1537624344
10.0.0.1, 90319, 1537624344
10.0.0.2, 90422, 1537538233
10.0.0.2, 90428, 1537538233
As you see, for 10.0.0.1 max timestamp is 1537624344 and for 10.0.0.2 max timestamp is 1537538233.
How to select only events with max timestamps by IP:
10.0.0.1, 90316, 1537624344
10.0.0.1, 90318, 1537624344
10.0.0.1, 90319, 1537624344
10.0.0.2, 90422, 1537538233
10.0.0.2, 90428, 1537538233
And how to select only new plugin-id for max timestamp:
10.0.0.1, 90319, 1537624344
10.0.0.2, 90428, 1537538233
Thanks!
... View more