get_vulnerability_logs_for_endpoint.json

{
  "creation_date": "2017-08-24",
  "data_metadata": {
    "data_models": [
      "Vulnerabilities"
    ],
    "data_source": [
      "Vulnerability Scanner"
    ],
    "providing_technologies": [
      "Nessus"
    ]
  },
  "description": "This search will show you any vulnerabilities noted for a specific endpoint for the last week.",
  "entities": [
    "dest"
  ],
  "how_to_implement": "You need to be ingesting the logs from your vulnerability scanner.",
  "id": "df7a7f50-30f2-4cde-8448-69d2d5f9b3c5",
  "investigate": {
    "splunk": {
      "fields_required": [
        "dest"
      ],
      "schedule": {
        "cron_schedule": "",
        "earliest_time": "604800",
        "latest_time": "0"
      },
      "search": "| from datamodel Vulnerabilities.Vulnerabilities | search dest={dest}"
    }
  },
  "maintainers": [
    {
      "company": "Splunk",
      "email": "davidd@splunk.com",
      "name": "David Dorsey"
    }
  ],
  "modification_date": "2017-09-10",
  "name": "Get Vulnerability Logs For Endpoint",
  "original_authors": [
    {
      "company": "Splunk",
      "email": "davidd@splunk.com",
      "name": "David Dorsey"
    }
  ],
  "spec_version": 2,
  "type": "splunk",
  "version": "1.0"
}