Get an overview of the 10 most vulnerable systems in your network
|
1 |
sourcetype="tenable:sc:vuln" baseScore > 3 | dedup cve ip | stats count by ip, riskFactor | sort 10-count | lookup dnslookup clientip as ip | chart sum(count) by clienthost |
To see the top of exploitable vulnarabilities from the Tenable Security Center:
|
1 |
sourcetype="tenable:sc:vuln" exploitAvailable="yes" | chart count over pluginName by riskFactor |
Tenable uses the CVSS scoring method for detected vulnerabilities. To have an overall CVSS, use the following query:
|
1 |
sourcetype="tenable:sc:vuln" ip=* |stats mean(baseScore) as base | eval base = round(base,2) |
Having Tenable Security Center connected via the splunk plugin, this search gives an overview of all vulnerabilties, summarized by severity.
|
1 |
sourcetype="tenable:sc:vuln" severity.name=* | chart count over severity.name by ip |
Add the following to your dashboard source to add consistent colors to the pie chart: <option name=”charting.fieldColors”>{“Critical”:0x800000,”High”:0xFF0000,”Medium”:0xFFA500,”Low”:0x008000,”Info”:0x0000FF}</option>
