Monitoring Splunk

How to Calculate Risks score by assigning a risk score that also uses the total amount of scanned hosts and how many are are vulnerable from Nessus results?

ivan128
Explorer

Hello,

I'm quite new to splunk, and probably this can be done more efficiently. I have a search that uses Nessus reports to show a table with the vulnerabilities classified by severity, I need to apply a custom formula to assign a risk score that also uses the total amount of scanned hosts and how many are vulnerable. There are two separate searches that obtain the vulnerable and total hosts and I tried to use a Join command.

This is the formula I wrote for the risk score:

    index=XXXX sourcetype="nessus:scan" name="XXXXXX" NOT severity=informational| dedup plugin_family plugin_name host-ip ports{}.port ports{}.protocol ports{}.transport | chart count over plugin_family by severity |rename critical as Critical, high as High, medium as Medium, low as Low, plugin_family as Name | stats sum(*) as * | join userhandle [search index=XXXX sourcetype="nessus:scan" name=XXXXX NOT severity=informational | dedup host-ip | chart count as "Vuln hosts"| stats list(Vuln hosts) as VH] | join userhandle [search  index=XXXXXX sourcetype="nessus:scan" name=XXXXX  | dedup host-ip | chart count as "Total hosts" | stats list(Total hosts) as TH]|  fillnull Critical, High |eval Name="XXXXX" | eval RiskValue=/Risk value formula/ | fields Name, Critical, High, Medium, Low, RiskValue

It works, but its quite long and as a new assignment I need to be able to generate a histogram of Risk value for the past 6 months. Using append and specifying the dates ( earliest -6mon and so forth) returns incorrect data and the search itself becomes quite big and I feel this can bring performance issues in Splunk if we are to display the histogram on a dashboard. I need guidance on how to improve this search and display the histogram.

Thanks in advance.

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...