Splunk Enterprise Security
Highlighted

how to find the total count of vulnerabilities within a search?

Explorer

I'm currently trying to create a search that counts the total vulnerabilities for each property, but it seems that i'm having a problem. when i create the search all of the properties are returning with the exact total amount of vulnerabilities and I know thats incorrect.

Here's the search results:
cve opsdb_property count Total Vulnerabilities
CVE-2011-3389 System1 84 10393
CVE-2019-10160 System2 9 10393
CVE-2019-12735 System3 9 10393
CVE-2016-2183 System4 4 10393
CVE-2011-3389 System5 3 10393
CVE-2017-5715 System 6 3 10393

Here's the search command :
| stats count by cve,opsdb_property
| eventstats sum(count) as "Total Vulnerabilities"
| where opsdb_property!="NONE"
| sort - count

0 Karma
Highlighted

Re: how to find the total count of vulnerabilities within a search?

Influencer

@payton_tayvion Try this

| stats count by cve,opsdb_property | eventstats sum(count) as "Total Vulnerabilities"  by opsdb_property| where opsdb_property!="NONE" | sort - count

View solution in original post

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.