Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Findings: Vulnerability Detection

Ingrid

The Vulnerability Detection page in the Security Performance Management application [menu-findings-spm.png Findings ➔ Vulnerability Detection] shows vulnerabilities, as presented by the Patching Cadence and Open Ports risk vectors, affecting your My Company and your SPM Subsidiaries. Vulnerability Detection improves on the capabilities of the Vulnerability Catalog.

  • Detect, manage, and mitigate emerging zero day events with speed.
  • Manage risk more easily with a clear view of all vulnerabilities affecting your company and the evidence of them.

Bitsight API: GET: Portfolio Threats [/v2/threats/]

Actions

Download Data

Download the data in the Vulnerability Detection table (.csv).

Instructions: Select download.png Download CSV at the top-right of the table.

Generate Reports

The reports include:

Instructions: Select the reports.png Vulnerabilities Reports button at the top-right of the Vulnerability Detection page.

Filtering

Instructions: Use the available filters or filter sets from the filters.png filter options.

View the Vulnerability Overview

Instructions: Select a vulnerability from the table.

Fields

[Date] First Seen
The date when this vulnerability was first detected in this company.
[Date] Last Seen
The date when this vulnerability was last detected for this company.
Detection
Vulnerability exposure status. Use this to assess immediate risk and prioritize your remediation efforts.
EPSS
The Exploit Prediction Scoring System (EPSS) percentage, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited.
Evidence Certainty
Evidence certainty indicates how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability.
Group(s)
Vulnerabilities grouped and classified based on common frameworks and events.
Severity Details
The CVSS score of this vulnerability. Learn more about the CVSS scoring model.
Vulnerability
The name of this vulnerability, displayed as the CVE ID plus the colloquial name for the vulnerability if there is one.

Filters

[Date] First Seen

Filter by the vulnerability's first seen date.

Values: First seen within the last…

  • 7d (days)
  • 1m (month)
  • 3m (months)
  • Custom
[Date] Last Seen

Filter by the vulnerability's last seen date.

Values: Last seen within the last…

  • 7d (days)
  • 1m (month)
  • 3m (months)
  • Custom
Detection

Values:

  • Exposure
  • Mitigation
EPSS

Filter by a range in EPSS %, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited.

Evidence Certainty
Filter by the level of certainty that a company is exposed to or has mitigated a vulnerability.
Severity
Filter by severity. Learn more about the CVSS scoring model.
Vulnerability Group
Filter by groups of vulnerabilities classified based on common frameworks and events.
  • October 28, 2024: Vulnerability Detection navigation instructions moved from Risks to Findings.
  • September 9, 2024: Added EPSS field and filter; Exposure detection field and filter changed to detection; Currently field value changed to Exposure; Previously field value changed to Mitigation; Vulnerability group field changed to Group(s); Vulnerability group filter changed to Group.

Related articles

Feedback

0 comments

Please sign in to leave a comment.