I'm currently trying to create a search that counts the total vulnerabilities for each property, but it seems that i'm having a problem. when i create the search all of the properties are returning with the exact total amount of vulnerabilities and I know thats incorrect.
Here's the search results:
cve opsdb_property count Total Vulnerabilities
CVE-2011-3389 System1 84 10393
CVE-2019-10160 System2 9 10393
CVE-2019-12735 System3 9 10393
CVE-2016-2183 System4 4 10393
CVE-2011-3389 System5 3 10393
CVE-2017-5715 System 6 3 10393
Here's the search command :
| stats count by cve,opsdb_property
| eventstats sum(count) as "Total Vulnerabilities"
| where opsdb_property!="NONE"
| sort - count
@payton_tayvion Try this
| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities" by opsdb_property| where opsdb_property!="NONE" | sort - count
@payton_tayvion Try this
| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities" by opsdb_property| where opsdb_property!="NONE" | sort - count