I have a search that comes up with a score based off a custom formula from nessus scan results. I want to plot that vulnscore over the past 90 days IE the score from 0-30/30-60/60-90. Can anyone provide a little guidance on how I can make use of timechart with a custom eval field rather than simply running a search and using those results in the timechart. Listed below is my base search.
index=network sourcetype=nessus severity!=informational signature!=*Windows* signature!=*Adobe* signature!=*Java* signature_family!="Windows : Microsoft Bulletins" signature_family!="Red Hat Local Security Checks" signature!="Google Chrome*" signature!="Firefox*" signature!="MS*" signature!="Flash Player*" signature!="Solaris*"
| dedup dest_dns signature_id
|stats count by signature_id cvss_base_score
|eval scoreadjust=floor(cvss_base_score)
| eval scoreadjust=round(pow(scoreadjust * 0.1, 3)*10,2)
| eval riskscore=count*scoreadjust/5500
| stats sum(riskscore) as VulnScore
↧