I'm working with Qualys vulnerability data in splunk.
Question: How can I show the correlation between assets and vulnerabilities for four quarters.
Several assets are using multiple host ID. Can I use DNS for identifying assets.
I have used this query:
source=qualys_detection_api SEVERITY>=3 | dedup dns| convert TIMEFORMAT="%m% ctime(_time) AS month | eval quarter=date_year . "-".case(month<=3, "Q1", month<=6, "Q2", month<=9, "Q3", month<=12,"Q4",1=1,"missing") | chart count over STATUS by quarter | sort - quarter
↧