- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-28-2023 01:52 AM
Hi,
Is it possible to obtain a custom widget like "Vulnerabilities On All Endpoints Over Time" via XQL?
We would like to filter out some endpoint
Is there a dataset with detailed history information?
Thanks
07-28-2023 02:38 AM - edited 07-28-2023 02:40 AM
Thank you for writing to live community!
Yes, you may create a custom widget using XQL. If you are having Host Insights license, then you may use the following datasets and update your XQL query with desired filters according to your use case/requirement.
1. dataset = va_cves (This dataset contains vulnerability data for applications)
2. dataset = va.endpoints (This dataset contains vulnerability data for endpoints)
Snippet for example/reference:
Reference: Datasets-and-Presets
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
07-28-2023 05:38 AM
Hi PiyushKohli,
thanks for your answer.
We have the Host Insights licence.
We already know these datasets and the way to build a custom widget using XQL.
Unfortunately I think that in these datasets there are only data related to last "scan" (day).
Therefore it would be not possible to show historical data like this:
Cristian
08-01-2023 12:06 AM - edited 08-01-2023 12:06 AM
Yes, you are correct Host Insights dataset will only have data related to last "scan" (day). However, you may leverage correlation rule to execute XQL query for Host Insights dataset daily and store the result of the XQL query to "Save to dataset" as Action. Now you will have data related to scan for every day as correlation rule executes daily hence overcoming the limit of last "scan" (day) data and therefore now you may use this dataset to create your XQL widget.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
Regards.
10-15-2024 10:02 AM
Is there an update on this functionality?
The Built in Widget has the data from the previous month but we need to build and save additional datasets to utilize the same date?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!