Track Remediation Progress by OS – Qualys

The following Splunk Search Queries within the Qualys Sourcetype track the remediation progress for a variety of operating systems. The queries are separated by Operating System or Device Type: OS & Device Agnostic

Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered […]

Continue Reading →

Top 25 Most Vulnerable Systems by OS – Qualys

The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most vulnerable systems. The queries are separated by Operating System or Device Type: Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

Top 25 Most Prevailing Vulnerabilities with Patches Available (Multiple OSs)- Qualys

The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most prevailing vulnerabilities that have patches available. The queries are separated by Operating System or Device Type: Linux

Network (F5/Cisco/Firewall)

Windows Desktop

Windows Server

I take no credit for this. These queries were discovered on Tarun Kumar’s blog.

Continue Reading →

List IPs that had Successful and Failed SSH Attempts

The following query was discovered on stackoverflow. It performs the necessary regex field extractions to get a list of IPs associated with SSH login attempts.

Continue Reading →

Linux Free Disk Space

The following Splunk query shows a percentage of free disk space over a period of time using timechart:

Continue Reading →

Linux Memory Usage

The following Splunk Search will show memory usage on a linux machine over a period of time using timechart:

Continue Reading →

Linux CPU Usage

The following query will output CPU usage per host over a period of time using timechart:

Continue Reading →

Successful Linux Logons by Username

As stated in the title, this Splunk search query will return a list of all successful logons by user name on linux hosts. The regex is provided in the event the field is not extracted:

Continue Reading →