This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Custom widget similar to the standard "Vulnerabilities On All Endpoints Over Time"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom widget similar to the standard "Vulnerabilities On All Endpoints Over Time"

Rinaldini_Cristian
L0 Member

‎07-28-2023 01:52 AM

Hi,

Is it possible to obtain a custom widget like "Vulnerabilities On All Endpoints Over Time" via XQL?

We would like to filter out some endpoint

Is there a dataset with detailed history information?

Thanks

0 Likes Likes
4 REPLIES 4

PiyushKohli
L4 Transporter

‎07-28-2023 02:38 AM - edited ‎07-28-2023 02:40 AM

Hi @Rinaldini_Cristian 

 

Thank you for writing to live community!

 

Yes, you may create a custom widget using XQL. If you are having Host Insights license, then you may use the following datasets and update your XQL query with desired filters according to your use case/requirement.

1. dataset = va_cves  (This dataset contains vulnerability data for applications)

2. dataset = va.endpoints (This dataset contains vulnerability data for endpoints)

 

Snippet for example/reference:

PiyushKohli_0-1690537054938.png


Reference: Datasets-and-Presets

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

Rinaldini_Cristian
L0 Member
In response to PiyushKohli

‎07-28-2023 05:38 AM

Hi PiyushKohli,

 

thanks for your answer.

We have the Host Insights licence.

We already know these datasets and the way to build a custom widget using XQL.

 

Unfortunately I think that in these datasets there are only data related to last "scan" (day).

Therefore it would be not possible to show historical data like this:

Rinaldini_Cristian_1-1690547888569.png

 

 

Cristian

 

0 Likes Likes

PiyushKohli
L4 Transporter
In response to Rinaldini_Cristian

‎08-01-2023 12:06 AM - edited ‎08-01-2023 12:06 AM

Hi @Rinaldini_Cristian 


Yes, you are correct Host Insights dataset will only have data related to last "scan" (day). However, you may leverage correlation rule to execute XQL query for Host Insights dataset daily and store the result of the XQL query to "Save to dataset" as Action. Now you will have data related to scan for every day as correlation rule executes daily hence overcoming the limit of last "scan" (day) data and therefore now you may use this dataset to create your XQL widget.  

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.


Regards.

0 Likes Likes

I.Wrage
L0 Member

‎10-15-2024 10:02 AM

Is there an update on this functionality? 
The Built in Widget has the data from the previous month but we need to build and save additional datasets to utilize the same date? 

(1)
  • 1286 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks