sourcetype=f5:silverline:asm irule=* vs_ip=* | rex “(?<log>.*)” | eval log_stripped = replace(log, “\\\\”,””) | rex field=log_stripped “data=\”(?<data_section>.*?)\”, irule=” | spath input=data_section
Track Remediation Progress by OS – Qualys
The following Splunk Search Queries within the Qualys Sourcetype track the remediation progress for a variety of operating systems. The queries are separated by Operating System or Device Type: OS & Device Agnostic eventtype=”qualys_vm_detection_event” STATUS =”FIXED” earliest=-30d@d | dedup HOST_ID, QID | stats count by QID Linux eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS=”^((?!\/).)*Linux((?!\/).)*$” |dedup […]
Top 25 Most Vulnerable Systems by OS – Qualys
The following Splunk Search Queries within the Qualys Sourcetype list the top 25 most vulnerable systems. The queries are separated by Operating System or Device Type: Linux eventtype=qualys_vm_detection_event SEVERITY > 3 | regex OS=”^((?!\/).)*Linux((?!\/).)*$” |dedup QID IP| stats count by IP | sort -count | head 25 Network (F5/Cisco/Firewall) eventtype=qualys_vm_detection_event SEVERITY > 3 | regex […]
