Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Insurance App: Vulnerability Detection

Ingrid

The menu-vulnerability-detection.png Vulnerability Detection page in the Cyber Insurance application provides a workflow for underwriters to access and manage clients’ vulnerabilities and exposures - including major security events.

Bitsight API: GET: Portfolio Threats [/v2/threats/]

Vulnerability Detection

Vulnerability Detection: Actions

Vulnerability Detection Breakdown

Expand or collapse the Vulnerability Detection breakdown.

Instructions:

  • Select View full breakdown to expand the breakdown.
  • Select Hide breakdown to collapse the breakdown.

Export Vulnerability Detection Data (.csv)

Instructions: Select download.png Download CSV at the top-right of the table.

Filter Vulnerability Detection

Instructions: Use the available filters or filter sets from the filters.png filter options.

Search Vulnerability Detection

Instructions: Use the search field at the top-right of the table to search by vulnerability name.

View Vulnerability Detection Details

See vulnerability details.

Instructions: Select a vulnerability from the table.

Vulnerability Detection: Breakdown

The breakdown in Vulnerability Detection contains the following information:

  • Vulnerabilities detected in Portfolio – A chart showing confirmed vulnerabilities detected in your portfolio out of all Bitsight-supported vulnerabilities.
  • Exposure 14 day Trend – The number of trending vulnerabilities during the past 14 days.
  • Recently Supported Vulnerabilities – Vulnerabilities that were most recently added to the Bitsight platform.

Vulnerability Detection: Fields

Category
Identifies this as either a specific vulnerability or a vulnerability group.
[Date] First Seen
The date when this vulnerability was first detected in your portfolio.
EPSS
The Exploit Prediction Scoring System (EPSS) percentage, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited.
Evidence Certainty
Evidence certainty indicates how conclusively the evidence shows that a company is exposed to or has mitigated a vulnerability.
Exposure Detected
Companies exposed to this vulnerability in the past 60 days.
Exposure Trend
The trend in the number of companies in your portfolio that are exposed to this vulnerability compared to 14 days ago.
Mitigation Detected
Companies that have evidence of mitigation or do not have evidence of exposure in the past 60 days.
Severity Details

The CVSS score of this vulnerability. For vulnerability groups, the highest CVSS affecting your portfolio is displayed for that group.

Learn more about the CVSS scoring model.

Vulnerability
The name of this vulnerability.

Filters

Category

Filter by threats.

Values: vulnerabilities or vulnerability groups.

Companies Exposed

Filter by the number of companies that are currently exposed to a vulnerability.

Values: A number range of companies (minumum & maximum).

Companies Mitigated

Filter by the number of companies that have mitigated the vulnerability.

Values: The number range of companies (minumum & maximum).

[Date] First Seen

Filter vulnerabilities by when they were first seen.

Values: A date range within the last…

  • 7d (days)
  • 1m (month)
  • 3m (months)
  • Custom
EPSS

Filter by a range in EPSS %, which estimates the likelihood that a software will be exploited. The higher the percentage the more likely it is to be exploited.

Values: The EPSS % range (minimum & maximum).

Exposure Trend

Filter by exposure trend.

Values:

  • Increasing
  • Flat
  • Decreasing
Folder

Filter by folder.

Values: Folder name.

Severity Details

Filter by severity.

Values: 0-10 CVSS v3 score.

Vulnerability Detected
Include only detected vulnerabilities.
Vulnerability Number

Filter by a specific vulnerability.

Values: Vulnerability name or CVE ID.

Vulnerability Details

The Vulnerability Details sheet provides details on a selected vulnerability.

Vulnerability Details: Actions

Expand or Collapse the Vulnerability Breakdown

Expand or collapse the Vulnerability Details breakdown.

Instructions:

  • Select View full breakdown to expand the breakdown.
  • Select Hide breakdown to collapse the breakdown.

Export Vulnerability Details (.csv)

Instructions: Select download.png Download at the top-right of the table.

Filter Vulnerability Details

Filter the table data by exposure status.

Instructions: Select the tab at the top of the table. Available tabs…

  • Currently exposed
  • Previously exposed
  • Total exposed

Download the Vulnerability Detection Report (.pdf)

Instructions: Select Download Overview at the top-right of the Vulnerability Details page.

Filter Vulnerability Details

Instructions: Use the available filters or filter sets from the filters.png filter options.

Search Related Clients

Search for a client relating to the vulnerability.

Instructions: Use the search bar at the top-right of the table to search by company name.

Send Questionnaire

Instructions:

  • checkbox.png Check up to 60 clients from the table.
  • Select Send Questionnaire.

View a Client’s Evidence Details

View a client’s evidence details sheet. The details include:

  • First seen & last seen dates.
  • A summary of the exposure.
  • Evidence records pertaining to this company.
  • A workflow for inviting a vendor to collaborate via the Client/Vendor Access Program.
  • A downloadable report for quick-sharing.

Instructions: Select a company from the table.

Vulnerability Details: Breakdown

The Breakdown in the Vulnerability Details page contains the following information:

  • Vulnerability Details:
    • Vulnerability ID or Name
    • Description
    • Severity
    • Remediation
  • Current Exposure: The number of clients that may be exposed to this vulnerability.
  • Questionnaires Sent: The number of questionnaires sent to clients and their completion rate.

Vulnerability Details: Fields

Company Name
The name of this company.
[Date] First Seen
The date when this vulnerability was first detected for this company.
[Date] Last Seen
The date when this vulnerability was last detected for this company.
Evidence Certainty
How conclusively Bitsight's evidence shows that a company is exposed to or has mitigated this vulnerability.
Number of Vulnerabilities
Indicates the number of vulnerabilities from the vulnerability group are present in this company.

Filters

[Date]First Seen

Filter by first seen date.

Values: First seen in the past…

  • 7d (days)
  • 1m (month)
  • 3m (months)
  • Custom
Last Seen

Filter by last seen date.

Values: Last seen in the past…

  • 7d (days)
  • 1m (month)
  • 3m (months)
  • Custom
Evidence Certainty

Filter by the level of certainty that a company is exposed to or has mitigated a vulnerability.

Values: Certainty level.

Folder

Filter by folder.

Values: Folder name.

  • September 9, 2024: Currently Exposed field changed to Exposure Detected; Added EPSS field and filter; Added Evidence Certainty field; Previously Exposed field changed to Mitigation Detected; Added Companies Mitigated filter.
  • January 31, 2024: Listed available actions; Vulnerability groups – Category filter & Number of Vulnerabilities field; Incorporated questionnaire workflows.
  • February 27, 2023: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.