I will explain my issue from the beginning to make it clearer. I have an index that contains vulnerabilities related to an IP, and on Splunk, I receive VA data every week. I would like to check base...
See more...
I will explain my issue from the beginning to make it clearer. I have an index that contains vulnerabilities related to an IP, and on Splunk, I receive VA data every week. I would like to check based on my IP and vulnerabilities for different cases: Which vulnerabilities are new, i.e., those VA that appear only in the current week. Which vulnerabilities have reappeared in a week after being absent (I think I should check when a VA is missing for a week and then reappears, perhaps by looking at when the time between results is greater than 7 days). When a vulnerability has disappeared, i.e., when the last week in which we had that VA is not the same as the current one.**