Findings: Findings Table

The Findings Table [ Findings ➔ Findings Table] in the Security Performance Management application presents findings, which are the culmination of observed internet traffic and configurations. They are recorded as events and records. Findings are presented in a table view that provides a single place to sort, filter, analyze, comment on, track your remediation efforts, and export the findings.

Findings are reported in Coordinated Universal Time (UTC).

Bitsight API: GET /v1/companies/entity_guid/findings

Actions

Assign a User for Issue Tracking

Instructions:

1. Select Update Status to the right of a finding in the table to select it.
2. Select the Edit option for Assigned To.
3. Use the Select Users dropdown to select users to remediate the finding.
4. Select Save.

Bulk Actions

The following bulk actions are available:

• Update Status:
  • Assign users to remediate the finding.
  • Leave a finding comment.
  • Update remediation status.
• Rescan: Request a user-requested rescan.

Instructions:

1. Check up to 250 checkboxes next to a finding to select findings.
2. Select the Bulk Action button at the top of the table.

Change the Remediation Status

Update the remediation status for Issue Tracking.

Remediation status can only be changed by a user. See permissions.

Instructions:

1. Select Update Status to the right of a finding in the table to select it.
2. Select the Edit option for Remediation Status.
3. Use the Select Status dropdown to update the remediation status. See statuses.
4. Select Save.

Company Notes

Add/view notes.

Instructions: Select Actions ➔ Add/View Notes at the top-right of the Findings Table.

Finding Comments

Comment on the finding (finding comments).

Instructions:

• Select the Comment option at the right of the finding in the table.
• Select the checkbox next to a finding, then select the Update Status button at the top of the table.

Customize the Data

Customize the data in the table.

Use the Customize columns button at the top-right. This allows you to select the fields that are displayed in the Findings Table.

Download Findings Data

Download the findings table (.csv).

Instructions: Use the Download button at the top-right.

• If the .csv contains 9000 or fewer rows of data, the download begins immediately.
• If the .csv contains greater than 9000 and less than 100,000 rows of data, the download runs asynchronously. When the download is ready, the user who requested it is notified with an email and a notification.

Filter

Instructions: Select the Filter button to expand or collapse the filters and then use a filter set or any of the available filters. See Findings Table filters.

Use the Impacts RV Grade filter to see only findings that impact the risk vector grade. See omitted findings.

Generate Reports

The reports include:

• Executive Report
• Download Company Report
• Company Preview Report
• NIST CSF Report
• ISO/IEC 27001 Report

Instructions: Select Reports at the top-right of the Findings Table.

Highlight the Primary Rating

Highlight the selected company as the primary.

Instructions:

1. Select the Actions dropdown at the top-right of the Findings Table.
2. Select Configure Primary Rating.
3. Select an available self-published rating.
4. Select Save Changes.

See Infrastructure user permissions.

Request a Finding Rescan

Request a finding rescan.

Instructions:

• Select the Rescan option at the right of the finding in the table.
• Select the checkbox next to a finding, then select the Rescan button at the top of the table.

Search Findings

Instructions: Do a text search using the search bar at the top-right. Text with matches are highlighted. See search fields.

View the Finding Details Sheet

See the Finding Details sheet.

Instructions: Select a finding from the table.

View the Service Providers Sheet

Instructions: Select Actions ➔ Service Providers at the top-right of the Findings Table.

View the Products Sheet

Instructions: Select Actions ➔ Products at the top-right of the Findings Table.

Tag Assets

Instructions:

1. Select a finding to open the Finding Details sheet.
2. Select the Tag Asset button in the Tags column of an asset in the Assets section of the sheet.

Default Fields

The following fields appear in the Findings Table by default. You can customize the table to include fields with finding details for specific risk vectors.

Asset Importance

The asset importance assigned to the asset associated with the finding.

Assets

The assets associated with the finding. An asset can be an IP Address, CIDR block, domain, or application.

Assigned To

The user assigned to be responsible for remediating the selected finding. See instructions for assigning users.

Findings can be assigned only to users in your own Access Control Group.

Attributed To

The parent company and any subsidiaries the finding is attributed to.

Comments

Comments left on the finding.

Country

The country where the asset associated with the finding is located.

[Date] First Seen

The date when the finding was first observed.

[Date] Last Seen

The date when the finding was last observed.

Details

Details about the finding. Select the text for a more detailed explanation.

Finding Identifier

The asset (e.g., IP, domain, host, application, port) and its status (e.g. online/offline, version, support status) that identifies the finding.

Refer to the Certificate Serial Number to identify TLS/SSL Certificate findings.

Finding Severity

The severity of the finding.

Grace Period End Date

The date the grace period for the infrastructure ends.

Grade

The current finding grade.

Rescan

The status of a user-requested finding rescan. See rescan statuses.

• The current status persists until a user requests a new rescan on the finding.
• The rescan status does not show the status of automated scans. Automated scans may update findings with new information that a user-requested rescan was not able to update.

Finding rescan is available for select Diligence risk vectors. See the compatible risk vectors and rescan duration.

Remaining Lifetime

The remaining finding lifetime in days.

Remediation Status

Your current progress on remediating findings. See remediation statuses.

Similar to finding comments and infrastructure tags, Remediation status does not apply across all companies in your ratings tree.

Risk Vector

The Bitsight risk vector.

Status Updated

The date when the Remediation Status or Assigned To fields were last changed.

Tags

Infrastructure tags assigned to this company.

Blue tag = The tag is applied to a single IP.

Gray tag = The tag is applied to the entire CIDR block.

Impacts Risk Vector Grade

Indicates whether a finding impacts the associated risk vector grade.

Risk Vector Fields

The finding details in the table vary depending on the risk vector. See details for:

• Compromised Systems Findings
  • Botnet Infections
  • Spam Propagation
  • Malware Servers
  • Unsolicited Communications
  • Potentially Exploited
• Diligence
  • SPF Domains
  • DKIM Records
  • TLS/SSL Certificates
  • TLS/SSL Configurations
  • Open Ports
  • Web Application Headers
  • Patching Cadence
  • Insecure Systems
  • Server Software
  • Desktop Software
  • Mobile Software
  • DNSSEC
  • Mobile Application Security
  • Web Application Security
  • Domain Squatting
• File Sharing (User Behavior Forensics)
• Public Disclosures