Creating metric visualization with sum of top10 hits

Hello all, new user of the ELK platform here.

I'm importing results from a Nessus-scanner, which I then present on a dashboard in order for different departments to use as a "How are we doing in securing the environment".

I have a data table showing vulnerabilites sorted by no. of occurences. With a KPI defined as "A 75% reduction in Top10 Critical/High Risk at the end of ", I would like to create a metric showing the sum of the top10 occurences.
Vulnerability 1: 75 unique hosts
Vulnerability 2: 50 unique hosts
Vulnerability 3: 49 unique hosts
Vulnerability 10: 20 unique hosts
SUM: X unique hosts

Sum : Y unique hosts

I believe the key here would be summing the Unique Count, but only for top10 - any ideas?

Hi @ahoffskov
Welcome to our community and sorry for the long delay in getting a reply.
Have you found a valid solution to your problem?
If not I think you can achieve that with an horizontal bar chart (it will allows you to show the ranking and to compare the values) with a configuration like the following:

  • as metric you can use an unique count of hosts
  • as bucket you can use a term aggregation on the vulnerability id/name

If you tweak the bucket size to 10, you will get the top 10 vulnerability by unique host count.

I apologize for my long response time. Had to get a PoC up and running. I will try this and get back with an answer :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.