Qualys Hosts not Scanned in 30 days+

The following Splunk Search (query) is for Qualys and will show hosts that have not been scanned in 30 days or more. This query assumes that your index is defined as qualys.

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.

Continue Reading →

Qualys 30 Day trending of Re-Opened Vulnerabilities

The following Splunk Search (query) is for Qualys and will show a trending over 30 days for re-opened vulnerabilities. This query assumes that your index is defined as qualys.

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.

Continue Reading →

Qualys Top 10 Vulnerabilities by Severity

The following Splunk Search (query) is for Qualys and will show the top 10 vulnerabilities by severity as well as a Count of Devices.

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.

Continue Reading →

Qualys Active OS Vuln Count

The following Splunk Search (query) is for Qualys and will show vulnerability count for Windows Hosts. This query assumes that your index is defined as qualys.

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.

Continue Reading →

Splunk User Search Activity

This will return a table of users who conducted searches, the total time it took for searches to complete, a count of said searches, and the last time a search was conducted. *NOTE* You will need to modify “splunk_server=local” specifically the “local” section to represent your Splunk server.

Continue Reading →

Internal Splunk User Modifications

This query will search the internal audit sourcetype of splunk and report on any user modification attempts, both success and fail.

Continue Reading →