Calculating an average in a report

wotan_all · ‎2011-03-17

Dear Community,

I'm fairly new to ArcSight ESM, and I've been tasked with the following:

We use Tenable Nessus for vulnerability scanning, and the connector works quite well. ArcSight console shows every single scan result (this could be many per scanned host) as one single event. For our management, I am to produce report of how many vulnerabilities per priority per host we have on average.

I have managed to get a report that shows me the absolute number of vulnerabilities per priority.

Currently I am stuck at the point of calculating the average. Can this be done in ArcSight and if so, how?

Thanks in advance

balahasan.v1 · ‎2011-03-21

Hai Volker Tanner,

1.Did u Check out with Custom Variables where u can Create the Average Function Variable...

2. If U are Creating a Report then u can add the Average Function Feature to Specific Cloumn by Template Designer.

I have Attached the Image in that u can see where Average Function can be Added to Specific Columns through Scripts.

I Hope it is Helpful. Please Revert in case If u want that Average Field for Viewing in Console itself.

dha · ‎2011-03-23

You can do it through 1 trend and 1 AL.

First create a trend with: Host Info, Priority, Vulnerability Count fields. Then in the trend action, write to an AL.

Your final report would be on that AL, there you can just group by Priority and take average on

Vulnerability Count.

It's important that the Vulnerability Count is the count of all vulnerabilities reported per (Host, Priority) tuple.

HTH

vip · ‎2012-07-25

Why do you need an active list ? A trend + a query on this trend should be enough

ESM

Smart Connector