Trending the number of vulnerable endpoints over the past few weeks can help you determine whether you are effectively mitigating vulnerabilities.

eventtype="vmware_cbc_vulnerability_os_list" vuln_info.risk_meter_score >= 5
| timechart span=1d dc(affected_assets{}) as device_count by severity