Vulnerabilities remediation over time

Splunk Enterprise Security

Ok so my data is coming from a vulnerability management system. every day i get a dump of every vulnerability in the system. Each unique vulnerability on every asset is given a UniqueAssetVulnID. That id is specific to that vulnerability on that asset day over day. Now I would like to identify when a vulnerability has been remediated IE appeared on yesterdays scan but not on todays scan by Category which is just the severity. This would all be plotted on a area chart.

Sample data would be like
_time Category UniqueAssetVulnID
05/26/2020 Low 1249+cve-2020-3948
05/27/2020 High 5239+cve-2010-4533

index=rapid7 sourcetype="VulnData" 
| streamstats current=f last(dc(UniqueAssetVulnID)) as UniqueVulnslast_count by Category
| rename UniqueAssetVulnID as current_UniqueAssetVuln
| eval delta = UniqueVulnslast_count - current_UniqueAssetVuln
| timechart span=1d delta by Category useother=f

Get Updates on the Splunk Community!

Vulnerabilities remediation over time

using Enterprise Security

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

Vulnerabilities remediation over time

using Enterprise Security

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)