Hello,
I’m trying to devise a filter to show the most frequently occurring high severity vulnerabilities in our environment. I.e. vulnerabilities that are sev 7-10 that occur most often - either by number of hosts or number of results.
This is basically for a report to management to say “hey our most common high sev vuln is with XYZ and we should concentrate on that to make the biggest dent in reducing the number of high severity results”)
In the vulnerabilities page I can filter by sev>7 and click the columns to sort by number of hosts or results - all OK. But obviously just filtering by severity means the results include those of older scans with vulnerabilities we’ve fixed, so the number of hosts/results counts shown as affected are not useful.
So I want to narrow it down to the last 7 days (as we scan all subnets every 7 days). To do this I have tried using created>-7d and sev>7
but I get no results with that filter. I’ve also tried using modified in place of created and also get nothing.
I see from the filter keywords doc there is also oldest and newest but oldest="2024-09-23T09:00:00
also returns nothing. What am I missing here?