Solved: how to find the total count of vulnerabilities wit...

payton_tayvion · ‎07-16-2019

I'm currently trying to create a search that counts the total vulnerabilities for each property, but it seems that i'm having a problem. when i create the search all of the properties are returning with the exact total amount of vulnerabilities and I know thats incorrect.

Here's the search results:
cve opsdb_property count Total Vulnerabilities
CVE-2011-3389 System1 84 10393
CVE-2019-10160 System2 9 10393
CVE-2019-12735 System3 9 10393
CVE-2016-2183 System4 4 10393
CVE-2011-3389 System5 3 10393
CVE-2017-5715 System 6 3 10393

Here's the search command :
| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities" | where opsdb_property!="NONE" | sort - count

Vijeta · ‎07-16-2019

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count

View solution in original post

Vijeta · ‎07-16-2019

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count

how to find the total count of vulnerabilities within a search?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!

Are you a member of the Splunk Community?

how to find the total count of vulnerabilities within a search?

Splunk Observability as Code: From Zero to Dashboard

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Shape the Future of Splunk: Join the Product Research Lab!