Having trouble creating a query to summarize vulnerability data and display the affected hosts. So far I've been able to create a query that counts the number of vulnerabilities based on the plugin that the scanner used but cannot group the ip addresses by vulnerability. I'm guessing I may need to denormalize the data but cannot for the life of me figure this out, I've been banging my head against this for 8 hours now and really need some help.
Here is the the table layout
ID - randomly assigned by access
Plugin ID - plugin used to identify vulnerability
Risk - risk of vulnerability
Name - short description
Description - description of vulnerability
Host - host ip address
Protocol - protocol used
Port - port number where vulnerability was found
Plugin Output - specific vulnerability data for the host
Here is my query:
SELECT Results.[Plugin ID], Count(*) AS [Count], Results.Risk, Results.Name
FROM Results
WHERE (((Results.Risk)="Critical" Or (Results.Risk)="High"))
GROUP BY Results.[Plugin ID], Results.Risk, Results.Name
ORDER BY Results.Risk, Count(Results.[Plugin ID]) DESC;
This query does a great job of counting the number of vulnerabilities and displaying them by Criticality, however it does not associate the host ip address with the vulnerabilities, every time I try to associate the host ip address it messes up the count.
Any ideas?