Findings: Vulnerability Detection Ingrid The Vulnerability Detection page in the Security Posture Management application [ Findings ➔ Vulnerability Detection] shows vulnerabilities, as presented by the Patching Cadence and Open Ports risk vectors, affecting your My Company and your SPM Subsidiaries. Vulnerability Detection improves on the capabilities of the Vulnerability Catalog. Detect, manage, and mitigate emerging zero day events with speed. Manage risk more easily with a clear view of all vulnerabilities affecting your company and the evidence of them. Bitsight API: GET: Portfolio Threats [/v2/threats/] Actions Fields Filters Actions Download Data Download the data in the Vulnerability Detection table (.csv). Instructions: Select Download CSV at the top-right of the table. Generate Reports The reports include: Vulnerability Catalog Vulnerability Detection Vulnerability Detection Evidence Instructions: Select the Vulnerabilities Reports button at the top-right of the Vulnerability Detection page. Filtering Instructions: Use the available filters or filter sets from the filter options. View the Vulnerability Overview Instructions: Select a vulnerability from the table. Fields CTI Attributes Cyber Threat Intel (CTI) attributes are used to calculate the DVE score. [Date] First Seen The date when this vulnerability was first detected in this company. [Date] Last Seen The date when this vulnerability was last detected for this company. Detection Vulnerability exposure status. Use this to assess immediate risk and prioritize your remediation efforts. DVE Score Dynamic Vulnerability Exploit (DVE) is a scoring system to prioritize vulnerabilities. EPSS The Exploit Prediction Scoring System (EPSS) percentage, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. Evidence Available Evidence correlating to the company's state of vulnerability exposure is available. A company can have multiple types of evidence. Evidence Certainty Evidence certainty indicates how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability. Group(s) Vulnerabilities grouped and classified based on common frameworks and events. Severity Details The CVSS score of this vulnerability. Learn more about the CVSS scoring model. Vulnerability The name of this vulnerability, displayed as the CVE ID plus the colloquial name for the vulnerability if there is one. Filters CTI Attributes Filter by CTI attributes. See attributes. [Date] First Seen Filter by the vulnerability's first seen date. Values: First seen within the last… 7d (days) 1m (month) 3m (months) Custom [Date] Last Seen Filter by the vulnerability's last seen date. Values: Last seen within the last… 7d (days) 1m (month) 3m (months) Custom Detection Filter by exposure detection status. Values: Exposure Mitigation DVE Score Filter by a range in DVE scores. EPSS Filter by a range in EPSS %, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. Evidence Available Filter by evidence available status. Values: Vulnerable software or configuration in use Vulnerable software version in use Relationship with vulnerable provider indicated Long time since detection Non-vulnerable records Evidence Certainty Filter by the level of certainty that a company is exposed to or has mitigated a vulnerability. Group Filter by vulnerability or vulnerability group. Severity Filter by severity. Learn more about the CVSS scoring model. March 19, 2026: Security Posture Management rebrand. June 9, 2025: Added DVE Score, CTI Attributes, and Evidence Available fields and filters; Added Detection filter description. October 28, 2024: Vulnerability Detection navigation instructions moved from Risks to Findings. September 9, 2024: Added EPSS field and filter; Exposure detection field and filter changed to detection; Currently field value changed to Exposure; Previously field value changed to Mitigation; Vulnerability group field changed to Group(s); Vulnerability group filter changed to Group. Related articles Exposure Detection & Evidence Certainty Vulnerability Detection Evidence Report Vulnerability Severity: Bitsight Severity & CVSS Attack Surface: Work From Home Attack Surface: Infrastructure Feedback 0 comments Please sign in to leave a comment.