Vulnerabilities remediation over time

Splunk Enterprise Security

Ok so my data is coming from a vulnerability management system. every day i get a dump of every vulnerability in the system. Each unique vulnerability on every asset is given a UniqueAssetVulnID. That id is specific to that vulnerability on that asset day over day. Now I would like to identify when a vulnerability has been remediated IE appeared on yesterdays scan but not on todays scan by Category which is just the severity. This would all be plotted on a area chart.

Sample data would be like
_time Category UniqueAssetVulnID
05/26/2020 Low 1249+cve-2020-3948
05/27/2020 High 5239+cve-2010-4533

index=rapid7 sourcetype="VulnData" 
| streamstats current=f last(dc(UniqueAssetVulnID)) as UniqueVulnslast_count by Category
| rename UniqueAssetVulnID as current_UniqueAssetVuln
| eval delta = UniqueVulnslast_count - current_UniqueAssetVuln
| timechart span=1d delta by Category useother=f

Get Updates on the Splunk Community!

Vulnerabilities remediation over time

using Enterprise Security

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!