The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most vulnerable systems. The queries are separated by Operating System or Device Type: Linux eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS=”^((?!\/).)*Linux((?!\/).)*$” |dedup QID IP| stats count by IP | sort -count | head 25 Network (F5/Cisco/Firewall) eventtype=qualys_vm_detection_event SEVERITY > 3 | regex […]