I want to join the nmap scanning results. The common field is the source "nmapscan_1.gnmap" while other scans will have a different source name.
Event 1
# Nmap 5.51 scan initiated Tue Dec 11 10:54:16 2017 as: nmap -A -T4 -oA scan_192.168.1.0_24_20171219 192.168.1.0/24
host =nmapserver source =nmapscan_1.gnmap sourcetype =nmap
Event 2
# Nmap done at Tue Dec 11 12:20:04 2017 -- 256 IP addresses (81 hosts up) scanned in 5147.70 seconds
host =nmapserver source =nmapscan_1.gnmap sourcetype =nmap
I want to get the following results:
Time, Subnet, #Hosts up, Duration
Tue Dec 11 10:54:16 2017, 192.168.1.0/24, 81, 5147.70
Could I use the "source" as a common field and how to do this? Thanks.
... View more