Exporting events from the list of vulnerabilities for a specific time period

[oleh....@gmail.com]

Hello,  Hope you are doing well.

I am a new user of Wazuh. I'm working on an urgent report. There is a problem with exporting events from the list of vulnerabilities for a specific time period. For example, a selection of vulnerability events for all agents for October and then download this information to a CSV file.

I would be very grateful for a quick response as soon as possible.

Regards,

Oleh

[Gabriel Diaz Lopez de la Llave]

Hello Oleh,

The vulnerabilities section contains two tabs, the inventory, which lists the currently active vulnerabilities, and the events, which contains historical data.

Each time a vulnerability is detected, the inventory gets updated adding the new vulnerability, and an event is generated. Also, every time a vulnerability is fixed, the inventory is updated, removing the fixed vulnerability, and a new event is generated.

Events for new and fixed vulnerabilities can be seen in the events tab. The field data.vulnerability.status will contain Active or Solved. You can filter for active, solved, or both. 

Then, using the time filter, you can select the time range of the query. 

To export this data, I would go to the discover (in the left menu, under opensearch dashboards)  application and filter by:

rule.groups: vulnerability-detector

and optionally filter by:

data.vulnerability.status: active | solved 

this filter will report the number of vulnerabilities discovered or fixed in that period of time.

Then save this query using the "Save" menu. When you save, then, the download CSV from the Reporting menu is enabled, and you can download your query.

slds,

Gabriel

[Singtel Paragon Demo]

Hi Gabriel,

I am using version 4.2.7 and I dont see the field data.vulnerability.status: active | solved 

Do you know which version started to have this field?