Visualizing Weekly Data Changes in Kibana

Hello everyone,

I am a cybersecurity engineer utilizing Elasticsearch to analyze vulnerabilities detected within my systems. Every week, I import a list of newly detected vulnerabilities into my Elasticsearch index, including essential fields such as the CVE (the vulnerability ID) and the @timestamp (the date of import).

I aim to create a graph in Kibana that visually represents the differences week-over-week regarding new and missing vulnerabilities. Specifically, I would like to track:

• New CVEs that appear for the first time in the current week compared to the previous week, along with the exact list of these CVEs.

• Missing CVEs that were present in the previous week but are absent in the current week, including their exact identifiers.

I am having trouble visualizing this data effectively. Could anyone provide guidance or examples on how to achieve this in Kibana? Any advice on creating the necessary aggregations or using visualizations to represent this detailed data would be greatly appreciated.

Thank you in advance for your help!

Hello @MaximeBon

Just a thought to understand if below view can be the start & if you are looking / thinking for a different view which can help to streamline the view :

if we use unique count of records for CVE with @timestamp field with minimum Interval as 1 week ,
last week null , this week 1 means new CVE
last week 1 , this week null means missing CVE
if last week 1 , this week 1 means CVE found last week & this week

image1909×409 25 KB

Thanks!!

Hello @Tortoise

This view can clearly be the start of what I'm looking for !

I would like to capture the variation for each entry so I can identify both the new CVEs and those that are missing. My ultimate goal is to represent this data in two bar charts: one for the count of new CVEs and another for the count of missing CVEs for each week.