Desktop Software Findings Ingrid The Desktop Software risk vector is part of the Diligence risk category. It determines if desktop device software is supported or out-of-date. Desktop devices are laptops, servers, and other non-tablet, non-phone computers in a company’s network that access the Internet. The outgoing communications from desktop devices includes metadata about the device’s operating system and browser version (endpoint data). Navigation Options SPM App: Findings ➔ Findings Table CM App: Select a company from your Companies List. Go to Vendor Risk ➔ Findings Insurance App: Select a company from your Companies List. Go to Client Risk ➔ Findings Bitsight API: GET /v1/companies/company_guid/findings?risk_vector=desktop_software Finding Details The details include the data in Findings, Diligence details, and also the following information: ❖ This field can be included in the table from the Customize Columns option. Operating system (OS) and Browser Information EOL The end-of-life date for the version. EOL Status The end-of-life status of the current version. Family ❖ The family of the detected OS or browser. OS Browser Grade ❖ An assessment of the detected OS or browser based on the version’s support status. OS Grade Browser Grade Launch The launch date of the current version. Support Status ❖ The support status of the current OS or browser version. OS Support Browser Support Version ❖ The current version of the detected OS or browser. OS Version Browser Version Observations Observed Devices The number of observed devices based on visible web activity. [Sample Observations] Source IP The source IP address of the connection when the evaluated desktop made an outbound request. This is typically an IP address associated with a firewall. The source IP and user-agent string are used to determine the OS and browser version. [Sample Observations] Target Host The host that the browser connected with (if available). If we were able to collect target host information, it is useful for searching the firewall logs to determine which internal host made the connection. Search for the egress IP in the source IP field, the target host, and representative timestamp. Available in the SPM application. [Sample Observations] User Agent User-agent string as sent by the browser. [Sample Observations] Timestamp Date and time (in UTC) the traffic was observed. Remediation Remediation Instructions ❖ Information for how to resolve a negative finding. October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu. October 16, 2024: Target host information might not always be available. August 30, 2024: Terminology – “Host IP” → “Source IP” & “Host domain” → “Target host.” Related articles Desktop Software Risk Vector What is Endpoint Data? How are the Desktop Software and Mobile Software Risk Vectors Observed? Diligence Findings Finding Behavior Feedback 0 comments Please sign in to leave a comment.