AnsweredAssumed Answered

Asset Tag Widget Searching results

Question asked by Michael Fennell on Jun 26, 2017
Latest reply on Sep 27, 2017 by Damian OHara

Hi Forum

Am wondering if someone on here can help me with a widget/asset tag issue I have, my problem is as follows I am outputting an asset group tag count to a widget that have 3/4/5 sev vulnerabilities and scanned within the last 30 days against that same asset group tag which works fine, now the asset tag group contains 168 asset but the widget when set to a timeframe of 30 or 60 days reports 167 of the 168 assets, what I am trying to do is inverse this and get the widget to report on the 1 asset that is no longer reporting so basically what I think I am seeing is one asset does not have a sev 3/4/5 on it but I cannot figure out how to show this.

my current search strings are.

Query 1

tags.name:`ALL Patched Windows` and updated:[now-30d ... now-1s] and (vulnerabilities.vulnerability: ((severity: 5 or severity: 4 or severity: 3) and types: VULNERABILITY)) and not tags.name: "All Secondary IPs"

 

Compared with

Query 2

tags.name: `ALL Patched Windows` and not tags.name: "All Secondary IPs"

 

As you can see from above when I compare everything in query 1 against query 2 then I get a difference of 1 which I think says that somewhere within 30 days or more one asset has not reporting with vulnerabilities I would like to be able to display this.

 

Would appreciate any suggestions that anyone could give me in relation to this

Regards

Mike.

Outcomes