Re: cvss score result not available in Splunk Ente...

tfrandsen · ‎09-06-2018

Hi Experts,

I am trying to setup a glasstable containing the result from cvss score field.

I seem to get other result related to this (CVE, crticality level etc.) but the cvss field is not extracted. I can see that the field is available in the "vulnerability" datamodel.

Thanks

tfrandsen · ‎09-06-2018

How and what do I edit in the data model to extract the data. Have not been able to find information about this online

richgalloway · ‎09-06-2018

Is the CVSS score field present in your events? The datamodel can't extract what's not in the data.

---
If this reply helps you, Karma would be appreciated.

tfrandsen · ‎09-06-2018

With events do you mean incident review panel? the cvss score is not showed in either the incident review panel or in search results.

tfrandsen · ‎09-06-2018

The field is not present in the search result

tfrandsen · ‎09-06-2018

I can see the cvss score result in my splunk module where i have Qualys app installed. Its just in my SIEM i cant see it

richgalloway · ‎09-06-2018

So the CVSS score field is present , but is not being extracted by the data model. You'll need to edit the data model to extract the field from your events.

---
If this reply helps you, Karma would be appreciated.

cvss score result not available in Splunk Enterprise Security module

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!