Hi
I am very new to Splunk and I am hoping that I can get a little help with my current problem
I have two sources - one is an RSS feed
item
titleCVE-2016-5233/title
descriptionHuawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007. (CVSS:0.0) (Last Update:2016-06-10)/description
linkhttp://www.cvedetails.com/cve/CVE-2016-5233//link
pubDate2016-06-10/pubDate
/item
item
titleCVE-2016-5126/title
descriptionHeap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. (CVSS:4.6) (Last Update:2016-06-10)/description
linkhttp://www.cvedetails.com/cve/CVE-2016-5126//link
pubDate2016-06-01/pubDate
/item
The other is a csv list
Asset
Cisco ASA 5585-X
Cisco 2951
Cisco 861
Citrix XenDesktop
Huawei AL10C00
Huawei Mate 8
What I am trying to do is;
take a field from the asset list and search for it in the RSS description - if there is a match then add a field to the RSS data called 'asset' which contains the information from the asset list - if there is no match then either 'no match' or null.
In the example a search for 'Huawei Mate 8' would find a match and a field would be added to the RSS containing 'Huawei Mate 8' as there is no match between the csvdata and the second rss feed a field would be added containing either 'no match' or null
I hope that this explains my problem and I do hope that someone can help
Many thanks
cmac
... View more