We have obtained counts for each status description using the following search.....
index="forescout" sourcetype="fs_av_compliance" description="Server*" | dedup src_nt_host | search status="non-compliant" | stats count by description | fields description, count
We'd like to create a line/area graph per status description with the count of hosts over time to determine if we're improving on av compliance over time.
**Status descriptions:**
Server AV Irresolvable
Server Antivirus Software is NOT installed
Server Corp AV is not installed
Server Symantec AV Running, But Defs older than 3 weeks
Server Symantec AV installed but Not Running
Server Symantec and McAfee AV Installed
Thanks in advance for your help!
Trista
↧