The app says it would not need any configuration, however, upon loading the app, it returns no results in any of the multiple fields.
I am pulling vulnerability information from a Nessus scanner via the Splunk Universal Forwarder and the raw data is searchable in the "Search & Reporting" App.
i am getting "Search produced no results", but when I modify the search string for "Number of hosts with scan results reported" to
tag=vulnerability | stats distinct_count(dest) it worked and gave me results.
Similarly, for "Top 10 Reporting Hosts with Vulnerabilities" I modified the search string to
tag=vulnerability severity=* NOT severity=informational | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical
Can anyone tell me what are these reports (drop-down menu)?
Are plugin_id and report_id the same?
I'm facing lookup errors as well:
Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'nessus_vuln' and lookup table 'nessus_plugin_lookup'. The lookup table 'qualys_qid_lookup' does not exist. It is referenced by configuration 'qualys_vuln'.