How do I pull multiple events in a large XML file

Our vulnerability scanner is only able to provide XML output and i would like to get this into Splunk. The problem I am running into is that each system can have multiple events called audits. I would like to know how to set up the BREAK_ONLY_BEFORE and MUST_BREAK_AFTER parameters to match the audits to each system. Data format is ` 10.12.60.24CVE-1CVE-210.12.60.25CVE-4CVE-8 ` I would then be able to generate a table that would look like this System Audit1 Audit2 10.12.60.24 CVE-1 CVE-2 10.12.60.24 CVE-4 CVE-8 Regards, Scott