Splunk Enterprise Security

how to find the total count of vulnerabilities within a search?

payton_tayvion
Path Finder

I'm currently trying to create a search that counts the total vulnerabilities for each property, but it seems that i'm having a problem. when i create the search all of the properties are returning with the exact total amount of vulnerabilities and I know thats incorrect.

Here's the search results:
cve opsdb_property count Total Vulnerabilities
CVE-2011-3389 System1 84 10393
CVE-2019-10160 System2 9 10393
CVE-2019-12735 System3 9 10393
CVE-2016-2183 System4 4 10393
CVE-2011-3389 System5 3 10393
CVE-2017-5715 System 6 3 10393

Here's the search command :
| stats count by cve,opsdb_property
| eventstats sum(count) as "Total Vulnerabilities"
| where opsdb_property!="NONE"
| sort - count

0 Karma
1 Solution

Vijeta
Influencer

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count

View solution in original post

0 Karma

Vijeta
Influencer

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count
0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...