Findings are the culmination of observed internet traffic and configurations. Bitsight records them as events and records. Findings are presented in a table view that provides a single place to sort, filter, analyze, comment on, track your remediation efforts, and export Bitsight findings.
Findings are reported in Coordinated Universal Time (UTC).
Actions
Action | Instructions |
---|---|
Add/view notes: | Select Actions ➔ Add/View Notes at the top-right of the Findings page. |
Comment on the finding (finding comments): | Select the Comment option at the right of the finding in the table. |
Customize the data in the table: | Use the Customize columns button at the top-right. |
Download the findings table (.csv): |
|
Filter the table: |
Use the Impacts RV Grade filter to see only findings that impact the risk vector grade. See omitted findings. |
Generate reports, including: |
Select Reports at the top-right of the Findings page. |
Highlight the selected company as the primary: |
|
Request a finding refresh: | Select the Refresh option at the right of the finding in the table. |
Search findings: | Do a text search using the search bar at the top-right. Text with matches are highlighted. See search fields. |
See the Finding Details sheet: | Select a finding from the table in the Findings page. |
See the Service Providers sheet: | Select Actions ➔ Service Providers at the top-right of the Findings page. |
See the Products sheet: | Select Actions ➔ Service Products at the top-right of the Findings page. |
Tag assets: |
|
Update the remediation status for Issue Tracking: | Select the Update Status option at the right of the finding in the table. |
Fields & Finding Details Sheet
Field | Description |
---|---|
Risk Vector | The Bitsight risk vector. |
Finding Identifier |
The asset (e.g., IP, domain, host, application, port) and its status (e.g. online/offline, version, support status) that identifies the finding. Refer to the Certificate Serial Number to identify TLS/SSL Certificate findings. |
Tags | Infrastructure tags assigned to this company. |
First Seen | The date when this finding was first observed. |
Last Seen | The date when this finding was last observed. |
The finding details in the table and Finding Details sheet vary depending on the risk vector. See details for:
- Compromised Systems Findings
- Diligence
- File Sharing (User Behavior Forensics)
- Public Disclosures
Finding Details Sheet: Details Tab
The Details tab in the Finding Details sheet may contain the following sections:
- Details: Details about the finding.
- Remediations: Finding details and remediation tips.
- Assets: Asset details. See how assets are attributed to findings.
- Comments: Finding comments.
Finding Details Sheet: Attributed To Tab
The Attributed To tab in the Finding Details sheet presents findings attribution and the ratings tree.
Filters
Filter | Description & Values | Applicable Risk Types |
---|---|---|
Risk Vector | Select all risk vectors in a risk category or individual risk vectors. | All |
First Seen |
Include findings that were first seen in the past:
|
All |
Last Seen |
Include findings that were last seen in the past:
|
All |
Web App Sec Tests | Filter by assessment categories. | Web Application Security |
Remediation Status |
|
Diligence Risk Vectors |
Status Update Date |
Include findings with a remediation status that was last updated in the past:
|
Diligence Risk Vectors |
Assigned To | The user assigned to remediate the finding. | Diligence Risk Vectors |
Refresh |
Filter by refresh status:
|
Select Diligence risk vectors. See refresh by risk vector. |
Grade |
Filter by finding grade:
|
Diligence Risk Vectors |
Impacts Risk Vector Grade | Indicates if the finding influences the risk vector grade. See values. | All |
Remaining Lifetime | Lifetime range (# days). |
See lifetime by risk vector. |
Attributed To | Filter by subsidiary. | All |
Finding Severity |
Filter by finding severity:
|
Compromised Systems, Diligence (except Mobile Application Security), and File Sharing risk vectors. |
Tag |
|
All |
Asset Importance |
Filter by asset importance:
|
All |
Vulnerability |
Vulnerability classification:
|
Patching Cadence |
Vulnerability Severity |
Filter by Bitsight severity:
|
Patching Cadence |
Duration | Minimum # of days to maximum # of days. |
All. See lifetime by risk vector. |
Patching Cadence: Remediated? |
|
Patching Cadence |
Infection Family | Filter by malware family. | Compromised Systems risk vectors. |
File Sharing Category | Filter by file sharing category. | File Sharing |
Pass / Fail Test |
Filter by mobile application analysis results (testing results).
|
Mobile Application Security |
- September 9, 2024: Tags are displayed in its own column.
- July 18, 2024: Findings are no longer sampled. All findings for monitored companies are visible in Bitsight.
- May 29, 2024: Certificate Serial Number replaces Finding Identifier as the TLS/SSL Certificates finding identifier.
Feedback
0 comments
Please sign in to leave a comment.