Splunk Enterprise Security

how to find the total count of vulnerabilities within a search?

payton_tayvion
Path Finder

I'm currently trying to create a search that counts the total vulnerabilities for each property, but it seems that i'm having a problem. when i create the search all of the properties are returning with the exact total amount of vulnerabilities and I know thats incorrect.

Here's the search results:
cve opsdb_property count Total Vulnerabilities
CVE-2011-3389 System1 84 10393
CVE-2019-10160 System2 9 10393
CVE-2019-12735 System3 9 10393
CVE-2016-2183 System4 4 10393
CVE-2011-3389 System5 3 10393
CVE-2017-5715 System 6 3 10393

Here's the search command :
| stats count by cve,opsdb_property
| eventstats sum(count) as "Total Vulnerabilities"
| where opsdb_property!="NONE"
| sort - count

0 Karma
1 Solution

Vijeta
Influencer

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count

View solution in original post

0 Karma

Vijeta
Influencer

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count
0 Karma
Get Updates on the Splunk Community!

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...

The Visibility Gap: Hybrid Networks and IT Services

The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...