Mobile Software Findings Ingrid The Mobile Software risk vector is part of the Diligence risk category. It determines if mobile device software is supported or out-of-date. Mobile devices are smartphones and tablets in a company's network that access the Internet. Outgoing communications from mobile devices include metadata about the device's operating system, device description, browser version, and description of applications (endpoint data). Navigation Options SPM App: Findings ➔ Findings Table CM App: Select a company from your Companies List. Go to Vendor Risk ➔ Findings Insurance App: Select a company from your Companies List. Go to Client Risk ➔ Findings Bitsight API: GET /v1/companies/company_guid/findings?risk_vector=mobile_software Finding Details The details include the data in Findings, Diligence details, and also the following information: ❖ This field can be included in the table from the Customize Columns option. Operating system (OS) and Browser Information EOL The end-of-life date for the version. EOL Status The end-of-life status of the current version. Family ❖ The family of the detected OS or browser. OS Browser Grade ❖ An assessment of the detected OS or browser based on the version’s support status. OS Grade Browser Grade Launch The launch date of the current version. Support Status ❖ The support status of the current OS or browser version. OS Support Browser Support Version ❖ The current version of the detected OS or browser. OS Version Browser Version Observations Observed Devices The number of observed devices based on visible web activity. [Sample Observations] Source IP The source IP address of the connection when the evaluated desktop made an outbound request. This is typically an IP address associated with a firewall. The source IP and user-agent string are used to determine the OS and browser version. [Sample Observations] Target Host The host that the browser connected with (if available). If we were able to collect target host information, it is useful for searching the firewall logs to determine which internal host made the connection. Search for the egress IP in the source IP field, the target host, and representative timestamp. Available in the SPM application. [Sample Observations] User Agent The user-agent string as sent by the browser. [Sample Observations] Timestamp The date and time (in UTC) when the traffic was observed. Remediation Remediation Instructions ❖ Information for how to resolve a negative finding. October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu. October 16, 2024: Target host information might not always be available. August 30, 2024: Terminology – “Host IP” → “Source IP” & “Host domain” → “Target host.” Related articles Mobile Software Risk Vector What is Endpoint Data? Verifying That a Finding Is Remediated CrowdStrike Update Causes Outage – July 19, 2024 Risk Remediation Plan Details by Risk Vector Feedback 0 comments Please sign in to leave a comment.