Hi @omcollia , ok, you need a completely different thing! you should run a search to understand if a vulnerability is present in more weeks, so, if vulnerabilities are contained in a fied called vu...
See more...
Hi @omcollia , ok, you need a completely different thing! you should run a search to understand if a vulnerability is present in more weeks, so, if vulnerabilities are contained in a fied called vulnerability, you could run something like this: <your_search>
| eval weeksum=strftime(_time,"%Y:%V")
| stats
dc(weeksum) AS weeksum_count
values(weeksum) AS weeksum
BY vulnerabilities
| eval present_weeksum=strftime(now(),"%Y:%V")
| eval status=case(
weeksum_count=1 AND weeksum=present_weeksum,"Present in Last Week",
weeksum_count=1 AND NOT weeksum=present_weeksum,"Present in Week: ".weeksum,
weeksum_count>1,"Present in More Weeks") you can customize this search using the field you have for vulnerabilities and the additional conditions for status following my approach. Ciao. Giuseppe