CM App: Vulnerability Detection Ingrid Vulnerability Detection in the Continuous Monitoring application allows you to: Access and manage vulnerabilities and exposures, including major security events. Find and remediate threats quickly within your vendor portfolio. Bitsight API: GET: Portfolio Threats [/v2/threats/] Vulnerability Detection: Actions Breakdown Fields Filters Vulnerability Details: Actions Breakdown Fields Filters Vulnerability Detection Actions Customize Vulnerability Detection Data Customize the data included in the table. Instructions: Select Customize columns at the top-right of the table. Vulnerability Detection Breakdown Expand or collapse the Vulnerability Detection breakdown. Instructions: Select View full breakdown to expand the breakdown. Select Hide breakdown to collapse the breakdown. Export Vulnerability Detection Data (.csv) Instructions: Select Download CSV at the top-right of the table. Filter Vulnerability Detection Instructions: Use the available filters or filter sets from the filter options. Search Vulnerability Detection Instructions: Use the search field at the top-right of the table to search by vulnerability name. View Vulnerability Details See the vulnerability details. Instructions: Select a vulnerability from the table. Vulnerability Detection: Breakdown The collapsible breakdown provides the following information: Vulnerabilities detected in Portfolio – A chart showing vulnerabilities detected in your portfolio out of all Bitsight-supported vulnerabilities. Exposure 14 day Trend – The number of trending vulnerabilities during the past 14 days. Recently Supported Vulnerabilities – Vulnerabilities that were most recently added to the Bitsight platform. Vulnerability Detection: Fields Category Indicates whether this is a single vulnerability or a vulnerability group. CTI Attributes Cyber Threat Intel (CTI) attributes are used to calculate the DVE score. DVE Score Dynamic Vulnerability Exploit (DVE) is a scoring system to prioritize vulnerabilities. [Date] First Seen The date when this vulnerability was first detected in your portfolio. EPSS The Exploit Prediction Scoring System (EPSS) percentage, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. Evidence Certainty Evidence certainty indicates how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability. Exposure Detected Companies exposed to this vulnerability in the past 60 days. Exposure Trend The trend in the number of companies in your portfolio that are exposed to this vulnerability compared to 14 days ago. Mitigation Detected Companies that have evidence of mitigation or do not have evidence of exposure in the past 60 days. Severity Details The CVSS score of this vulnerability. Learn more about the CVSS scoring model. Vulnerability The name of this vulnerability. Vulnerability Detection: Filters Category Filter between seeing only vulnerabilities or vulnerability groups. Companies Exposed Select a range on the number of companies that are currently exposed. Companies Mitigated Select a range on the number of companies that have mitigated the vulnerability. CTI Attributes Filter by CTI attributes. See attributes. DVE Score Filter by a range in DVE scores. [Date] First Seen Filter by vulnerability first seen date. Values: First seen within the last… 7d (days) 1m (month) 3m (months) Custom EPSS Filter by a range in EPSS %, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. Evidence Certainty Filter by evidence certainty. Exposure Trend Values: Increasing Flat Decreasing Folder Use the context switcher to specify a tier and then include this to also filter by folder. Severity Details Filter by a 0-10 range in severity. Tier Use the context switcher at the top-left of the Vulnerability Detection page to specify a folder and then include this to also filter by tier. Vulnerability Detected Include only detected vulnerabilities. Vulnerability Details Vulnerability Details: Actions Expand or Collapse the Vulnerability Details Breakdown Expand or collapse the Vulnerability Details breakdown. Instructions: Select View full breakdown to expand the breakdown. Select Hide breakdown to collapse the breakdown. Export Vulnerability Details (.csv) Instructions: Select Download at the top-right of the table. Filter Vulnerability Details Filter the table data by exposure status. Instructions: Select the tab at the top of the table. Available tabs: Currently exposed Previously exposed Total exposed Download the Vulnerability Detection Report (.pdf) Instructions: Select Download Overview at the top-right of the Vulnerability Details page. View Evidence Details View a company’s evidence details sheet. The details include: First seen & last seen dates. A summary of the exposure. Evidence records pertaining to this company. A workflow for inviting a vendor to collaborate via the Client/Vendor Access Program. A downloadable report for quick-sharing. Instructions: Select a company from the table. Vulnerability Details: Breakdown The collapsible breakdown provides the following information: Description A description of the selected vulnerability. Severity The vulnerability’s severity. Remediation Remediation tips. Current Exposure Your portfolio’s current exposure to the vulnerability. Vulnerability Details: Fields Company Name The name of this company. [Date] First Seen The date when this vulnerability was first detected for this company. [Date] Last Seen The date when this vulnerability was last detected for this company. Evidence Certainty How conclusively Bitsight's evidence shows that a company is exposed to or has mitigated this vulnerability. Tier The tier of this company. Filters [Date] First Seen Include vulnerabilities that were first seen in the past: 7d (days) 1m (month) 3m (months) Custom [Date] Last Seen Include vulnerabilities that were last seen in the past: 7d (days) 1m (month) 3m (months) Custom Evidence Certainty Filter by the level of certainty that a company is exposed to or has mitigated a vulnerability. Tier Ensure the All Companies folder is selected in the context switcher and then use the Tier filter to also filter by a specific tier. Folder Ensure the All Companies folder is selected in the context switcher and then use the Folder filter to also filter by a specific folder. June 9, 2025: Added DVE Score & CTI Attributes fields and filters; Removed Group filter. September 9, 2024: Added EPSS field and filter; Added evidence certainty field and filter; Currently exposed field changed to exposure detected; Previously exposed field changed to mitigation detected; Currently exposed filter changed to companies exposed; Added companies mitigated filter; Added group filter. January 31, 2024: Listed available actions; Category filter for vulnerability groups. Related articles Exposure Detection & Evidence Certainty Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents Endpoints Vulnerability Severity: Bitsight Severity & CVSS 4th Party Risk: Overview Feedback 0 comments Please sign in to leave a comment.