hi,
I am a newbie in splunk
I have this one use case I am trying. search for a machine that have malware infection AND it has a vulnerability. anyone can give me pointers the best search to do it?
(sourcetype="vulnscan" severity=critical) OR sourcetype="avscan" | table av_threatname severity hostname | eval infectedandvulnerable=coalesce(av_threatname,severity)
↧