Track Remediation Progress by OS – Qualys

The following Splunk Search Queries within the Qualys Sourcetype track the remediation progress for a variety of operating systems. The queries are separated by Operating System or Device Type: OS & Device Agnostic

Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered […]

Continue Reading →

Top 25 Most Vulnerable Systems by OS – Qualys

The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most vulnerable systems. The queries are separated by Operating System or Device Type: Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Top 25 Most Prevailing Vulnerabilities with Patches Available (Multiple OSs)- Qualys

The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most prevailing vulnerabilities that have patches available. The queries are separated by Operating System or Device Type: Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Remediation Tracking Trend – Qualys

The following Splunk query will help determine remediation tracking trends within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

High Severity Vulnerabilities – Qualys

The following Splunk query will show the percentage of high severity vulnerabilities within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

New Vulnerabilities Detected Since Last Scan – Qualys

As the title suggests this Splunk Search will dedup results so you can better see changes in Vulnerability detection scan to scan within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Hosts Taking a Long Time to Scan – Qualys

The following Splunk query will show the hosts taking an abnormally lengthy time to scan (helps find that needle in a haystack) within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Number of Vulnerabilities Detected – Qualys

The following Splunk query will show the number of vulnerabilities detected all severities and all types within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Qualys – Number of Hosts Scanned

The following Splunk query will show the number of hosts scanned within the Qualys Sourcetype:

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Linux Free Disk Space

The following Splunk query shows a percentage of free disk space over a period of time using timechart:

Continue Reading →

Linux Memory Usage

The following Splunk Search will show memory usage on a linux machine over a period of time using timechart:

Continue Reading →

Linux CPU Usage

The following query will output CPU usage per host over a period of time using timechart:

Continue Reading →

Hard Disk Usage and Information on Splunk Server

The following Splunk Query will utilize a “| REST” call to gather information related to disk usage on your Splunk server(s). The following has been modified from the “Distributed Management Console” to be more generic for a copy, paste, and search example.  

Continue Reading →

Timestamp vs Indextime of Events (Diagnostic Query)

This query has in the past help me track down issues between forwarders and indexers, and even on occasion finding some time sync issues. Feel free to tweak, modify, and improve upon this query as I’m not 100% certain the math will work in your favor outside of highlighting (positive or negative) time differences!

Continue Reading →

Top Visited Pages in IIS Web Logs

There are a number of ways to track user behavior within web logs. One such method is to use the JSESSIONID which in this query is used. The variable you can/will change in this query is the reference to JSESSIONID as to better align with your web logs and web site(s) in general. This working […]

Continue Reading →

Calculate the Difference in time Between two Fields

Use the following Splunk search query to calculate the difference in time between two time fields:

Continue Reading →