Qualys Active OS Vuln Count

The following Splunk Search (query) is for Qualys and will show vulnerability count for Windows Hosts. This query assumes that your index is defined as qualys.

index=qualys HOSTVULN SEVERITY=3 OR 4 OR 5 TYPE="CONFIRMED" earliest=-30d@d | dedup HOST_ID, QID | search STATUS!="FIXED" |join QID  | join HOST_ID  | stats count(QID) as #_Vulns by OS | sort -#_Vulns | addcoltotals #_Vulns

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.

Share This:

Leave A Comment?