View Prebuilt Alerts in Splunk Ingrid To view prebuilt alerts in Splunk, go to Settings ➔ Searches, Reports, and Alerts. The pre-built alerts are: Bad Open Ports discovered Compromised System Patching Cadence Vulnerabilities & Infections Example Get all BAD Open Ports observed in the last 4 days (e.g, replace the number 4 with 10 to see results for the last 10 days). From here, you can correlate this to any other logs indexed in your Splunk instance. SPL query: index="Your_Index" sourcetype="bitsight" | head 1 | spath "findings{}" output=Results |stats count by Results |eval _raw=Results |spath "id" output=id | spath "results{}" output=res |stats count by id res | where id="open_ports" |eval _raw=res | spath "risk_category" output="Risk_Category" | spath "risk_vector_label" output="Risk_Vector" | spath details{}.grade output="Grade"| where Grade= "BAD" | spath details{}.diligence_annotations.message output="Message" |spath "evidence_key" output="Evidence Key" | spath "first_seen" output="First_Seen" | sort -"First Seen" | spath "severity" output="Severity" |eval epochdate=strptime(First_Seen, "%Y-%m-%d") |eval now=now() |eval deltaDays = (now - epochdate)/86400 | where deltaDays < 4 |table "Risk_Category", "Risk_Vector", "Grade","Severity", "Evidence Key", "First_Seen", "Message" July 10, 2020: Published. Related articles Bitsight Security Posture Management for Splunk Integration Guide Installing the Splunk Enterprise App and Add-on Bitsight Security Posture Management for Splunk Bitsight Data and the Splunk Common Information Model Mapping About Splunk Feedback 0 comments Please sign in to leave a comment.