I've been using the Splunk Add-on for Tenable to import the network scans from Nessus Professional. This part works great, searches are fine. I wanted to go to the next step and create a dashboard with all my critical vulnerabilities and how many IPs are affected.
I've managed to kludge together a query to get a nice looking table - but can't seem to take the next step into:
Taking each signature and creating a panel out of it
Get the number of IPs that are affected by said signature as a sigle value in the panel for the signature
Right now my query is
sourcetype="nessus" OR sourcetype="nessus:scan" (severity="critical") | stats values(signature) as signature by dest, severity
It comes out with a table
dest severity signature
10.128.20.10 critical Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
PHP Unsupported Version Detection
Is this the best way to get to my requirement? Not sure how to integrate this into a panel.