Our vulnerability scanner is only able to provide XML output and i would like to get this into Splunk. The problem I am running into is that each system can have multiple events called audits. I would like to know how to set up the BREAK_ONLY_BEFORE and MUST_BREAK_AFTER parameters to match the audits to each system.
Data format is
`
10.12.60.24 CVE-1 CVE-2 10.12.60.25 CVE-4 CVE-8
`
I would then be able to generate a table that would look like this
System Audit1 Audit2
10.12.60.24 CVE-1 CVE-2
10.12.60.24 CVE-4 CVE-8
Regards,
Scott
↧