Vulnerability Detection in the Cyber Insurance application provides a workflow for underwriters to access and manage clients’ vulnerabilities and exposures - including major security events.
Vulnerability Detection
Vulnerability Detection: Actions
Action | Instructions |
---|---|
Expand or collapse the Vulnerability Detection breakdown: |
|
Export the table data (.csv): | Select Download CSV at the top-right of the table. |
Refine your search: | Use the available filters or filter sets from the filter options. |
Search by vulnerability name: | Use the search field at the top-right of the table. |
See vulnerability details: | Select a vulnerability from the table. |
Vulnerability Detection: Breakdown
The breakdown in Vulnerability Detection contains the following information:
- Vulnerabilities detected in Portfolio – A chart showing confirmed vulnerabilities detected in your portfolio out of all Bitsight-supported vulnerabilities.
- Exposure 14 day Trend – The number of trending vulnerabilities during the past 14 days.
- Recently Supported Vulnerabilities – Vulnerabilities that were most recently added to the Bitsight platform.
Fields
Field | Description |
---|---|
Category | Identifies this as either a specific vulnerability or a vulnerability group. |
EPSS | The Exploit Prediction Scoring System (EPSS) percentage, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. |
Evidence Certainty | Evidence certainty indicates how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability. |
Exposure Detected | Companies exposed to this vulnerability in the past 60 days. |
Exposure Trend | The trend in the number of companies in your portfolio that are exposed to this vulnerability compared to 14 days ago. |
First Seen | The date when this vulnerability was first detected in your portfolio. |
Mitigation Detected | Companies that have evidence of mitigation or do not have evidence of exposure in the past 60 days. |
Severity Details |
The CVSS score of this vulnerability. For vulnerability groups, the highest CVSS affecting your portfolio is displayed for that group. Learn more about the CVSS scoring model. |
Vulnerability | The name of this vulnerability. |
Filters
Filter | Description & Values |
---|---|
Category | Filter between seeing only vulnerabilities or vulnerability groups. |
Companies Exposed | Select a range on the number of companies that are currently exposed. |
Companies Mitigated | Select a range on the number of companies that have mitigated the vulnerability. |
EPSS | Filter by a range in EPSS %, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited. |
Exposure Trend |
|
First Seen |
Vulnerabilities that were first seen within the past:
|
Folder | Use the context switcher at the top-left of the Vulnerability Detection page to specify a folder and then include this to also filter by folder. |
Severity Details | 0-10 CVSS v3 score. |
Vulnerability Detected | Include only detected vulnerabilities. |
Vulnerability Number | Vulnerability name or CVE ID. |
Vulnerability Details
Actions
Action | Instructions |
---|---|
Expand or collapse the Vulnerability Details breakdown: |
|
Export the table data (.csv): | Select Download at the top-right of the table. |
Filter the table data by exposure status: |
Select the tab at the top of the table. Available tabs:
|
Download your Vulnerability Detection report (.pdf): | Select Download Overview at the top-right of the Vulnerability Details page. |
Refine your search: | Use the available filters or filter sets from the filter options. |
Search for a client relating to the vulnerability: | Use the search bar at the top-right of the table to search by company name. |
Send questionnaire: |
|
View a client’s evidence details sheet. The details include:
|
Select a company from the table. |
Breakdown
The Breakdown in the Vulnerability Details page contains the following information:
-
Vulnerability Details:
- Vulnerability ID or Name
- Description
- Severity
- Remediation
- Current Exposure: The number of clients that may be exposed to this vulnerability.
- Questionnaires Sent: The number of questionnaires sent to clients and their completion rate.
Fields
Field | Description |
---|---|
Company Name | The name of this company. |
Evidence Certainty | How conclusively Bitsight's evidence shows that a company is exposed to or has mitigated this vulnerability. |
First Seen | The date when this vulnerability was first detected for this company. |
Last Seen | The date when this vulnerability was last detected for this company. |
Number of Vulnerabilities | Indicates the number of vulnerabilities from the vulnerability group are present in this company. |
Filters
Filter | Description & Values |
---|---|
Evidence Certainty | Filter by the level of certainty that a company is exposed to or has mitigated a vulnerability. |
First Seen |
Include vulnerabilities that were first seen in the past:
|
Last Seen |
Include vulnerabilities that were last seen in the past:
|
Folder | Ensure the All Companies folder is selected in the context switcher and then use the Folder filter to also filter by a specific folder. |
- September 9, 2024: Currently Exposed field changed to Exposure Detected; Added EPSS field and filter; Added Evidence Certainty field; Previously Exposed field changed to Mitigation Detected; Added Companies Mitigated filter.
- January 31, 2024: Listed available actions; Vulnerability groups – Category filter & Number of Vulnerabilities field; Incorporated questionnaire workflows.
- February 27, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.