diff --git a/Ergebnisse.md b/Ergebnisse.md
index 03d310a..4a4aee3 100644
--- a/Ergebnisse.md
+++ b/Ergebnisse.md
@@ -36,6 +36,14 @@ Wie bei allen anderen Auswertungen haben wir uns den Hardeningindex als Merkmal
 
 Während einem Lynis Scan werden alle durchgeführten Tests in 3 Kategorien eingeordnet. Diese sind optimale Funde, verbesserungswürdige Funde und kritische Funde. Betrachtet man die durchschnittliche Kategorisierung, ist erkennbar, dass Anzahl der optimalen Funde durch JShielder stark ansteigt, sowie die Anzahl an verbesserungswürdigen und kritischen Funden fällt. Ein eher unerwartetes Ergebnis ist die durchschnittliche Anzahl durchgeführter Tests, hier wurden nach dem Update des Images minimal mehr Tests durchgeführt als davor und danach. Die Beobachtung lässt sich vermutlich auf Komponenten zurückführen, welche durch ein Update aktiviert und durch JShielder deaktiviert wurden.
 
+```sql
+SELECT r.*,l.round , avg(json_extract(boot_and_services, "$.counts.green") + json_extract(kernel, "$.counts.green") + json_extract(mermory_and_processes, "$.counts.green") + json_extract(user_groups_auth, "$.counts.green") + json_extract(shells, "$.counts.green") + json_extract(file_systems, "$.counts.green") + json_extract(usb_devices, "$.counts.green") + json_extract(storage, "$.counts.green") + json_extract(nfs, "$.counts.green") + json_extract(name_services, "$.counts.green") + json_extract(ports_and_packages, "$.counts.green") + json_extract(networking, "$.counts.green") + json_extract(printers_and_spools, "$.counts.green") + json_extract(software_email, "$.counts.green") + json_extract(software_filewalls, "$.counts.green") + json_extract(software_webserver, "$.counts.green") + json_extract(ssh_support, "$.counts.green") + json_extract(databases, "$.counts.green") + json_extract(php, "$.counts.green") + json_extract(logging_and_files, "$.counts.green") + json_extract(insecure_services, "$.counts.green") + json_extract(scheduled_tasks, "$.counts.green") + json_extract(accounting, "$.counts.green") + json_extract(time_and_sync, "$.counts.green") + json_extract(crypto, "$.counts.green") + json_extract(security_frameworks, "$.counts.green") + json_extract(software_malware, "$.counts.green") + json_extract(file_permissions, "$.counts.green") + json_extract(home_dirs, "$.counts.green") + json_extract(kernel_hardening, "$.counts.green") + json_extract(hardening, "$.counts.green")) AS avg_green, avg(json_extract(boot_and_services, "$.counts.yellow") + json_extract(kernel, "$.counts.yellow") + json_extract(mermory_and_processes, "$.counts.yellow") + json_extract(user_groups_auth, "$.counts.yellow") + json_extract(shells, "$.counts.yellow") + json_extract(file_systems, "$.counts.yellow") + json_extract(usb_devices, "$.counts.yellow") + json_extract(storage, "$.counts.yellow") + json_extract(nfs, "$.counts.yellow") + json_extract(name_services, "$.counts.yellow") + json_extract(ports_and_packages, "$.counts.yellow") + json_extract(networking, "$.counts.yellow") + json_extract(printers_and_spools, "$.counts.yellow") + json_extract(software_email, "$.counts.yellow") + json_extract(software_filewalls, "$.counts.yellow") + json_extract(software_webserver, "$.counts.yellow") + json_extract(ssh_support, "$.counts.yellow") + json_extract(databases, "$.counts.yellow") + json_extract(php, "$.counts.yellow") + json_extract(logging_and_files, "$.counts.yellow") + json_extract(insecure_services, "$.counts.yellow") + json_extract(scheduled_tasks, "$.counts.yellow") + json_extract(accounting, "$.counts.yellow") + json_extract(time_and_sync, "$.counts.yellow") + json_extract(crypto, "$.counts.yellow") + json_extract(security_frameworks, "$.counts.yellow") + json_extract(software_malware, "$.counts.yellow") + json_extract(file_permissions, "$.counts.yellow") + json_extract(home_dirs, "$.counts.yellow") + json_extract(kernel_hardening, "$.counts.yellow") + json_extract(hardening, "$.counts.yellow")) AS avg_yellow, avg(json_extract(boot_and_services, "$.counts.red") + json_extract(kernel, "$.counts.red") + json_extract(mermory_and_processes, "$.counts.red") + json_extract(user_groups_auth, "$.counts.red") + json_extract(shells, "$.counts.red") + json_extract(file_systems, "$.counts.red") + json_extract(usb_devices, "$.counts.red") + json_extract(storage, "$.counts.red") + json_extract(nfs, "$.counts.red") + json_extract(name_services, "$.counts.red") + json_extract(ports_and_packages, "$.counts.red") + json_extract(networking, "$.counts.red") + json_extract(printers_and_spools, "$.counts.red") + json_extract(software_email, "$.counts.red") + json_extract(software_filewalls, "$.counts.red") + json_extract(software_webserver, "$.counts.red") + json_extract(ssh_support, "$.counts.red") + json_extract(databases, "$.counts.red") + json_extract(php, "$.counts.red") + json_extract(logging_and_files, "$.counts.red") + json_extract(insecure_services, "$.counts.red") + json_extract(scheduled_tasks, "$.counts.red") + json_extract(accounting, "$.counts.red") + json_extract(time_and_sync, "$.counts.red") + json_extract(crypto, "$.counts.red") + json_extract(security_frameworks, "$.counts.red") + json_extract(software_malware, "$.counts.red") + json_extract(file_permissions, "$.counts.red") + json_extract(home_dirs, "$.counts.red") + json_extract(kernel_hardening, "$.counts.red") + json_extract(hardening, "$.counts.red")) AS avg_red, avg(l.tests_performed) AS avg_tests_performed
+FROM runs r 
+JOIN lynis_results l ON r.run_id == l.run_id 
+GROUP BY l.round
+ORDER BY version
+```
+
 
 ![jshielder_tests](uploads/8d297c91d56c773ef49d59dfa5313ca7/jshielder_tests.PNG)