Top 25 Most Vulnerable Systems by OS – Qualys

Qualys
SplunkNinja
You already voted!

The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most vulnerable systems. The queries are separated by Operating System or Device Type:

Linux

eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS="^((?!\/).)*Linux((?!\/).)*$" |dedup QID IP| stats count by IP | sort -count | head 25

Network (F5/Cisco/Firewall)

eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS="(F5 Networks Big-IP)|(^Cisco((?!\/).)*$)|(Firewall)" |dedup QID IP| stats count by IP | sort -count | head 25

Windows Desktop

eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS="^Windows (2000$|XP|7|8)((?!\/).)*$" |dedup QID IP| stats count by IP | sort -count | head 25

Windows Server

eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS="^Windows .*Server((?!\/).)*$" |dedup QID IP| stats count by IP | sort -count | head 25

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Splunk Query Repository

Top 25 Most Vulnerable Systems by OS – Qualys

Leave A Comment? Click here to cancel reply.

Splunk Query Repository

Top 25 Most Vulnerable Systems by OS – Qualys

Related Queries

Track Remediation Progress by OS – Qualys

Top 25 Most Prevailing Vulnerabilities with Patches Available (Multiple OSs)- Qualys

Remediation Tracking Trend – Qualys

Leave A Comment? Click here to cancel reply.