Findings are the culmination of observed internet traffic and configurations. They’re recorded on the Bitsight platform as events and records. Findings are presented in a table view that provides a single place to sort, filter, analyze, comment on, track your client’s remediation efforts, and export Bitsight findings.
Actions
Action | Instructions |
---|---|
Add the company to a folder: | Select Actions ➔ Add to Folder at the top-right of the Findings page. |
Add/view notes: | Select Actions ➔ Add/View Notes at the top-right of the Findings page. |
Comment on the finding (finding comments): | Select the Comment option at the right of the finding in the table. |
Customize the data in the table: | Use the Customize columns button at the top-right of the table. |
Download the findings table (.csv): |
|
Filter the table: |
Use the Impacts RV Grade filter to see only findings that impact the risk vector grade. See omitted findings. |
Generate reports and assessments, including: |
Select Reports and Assessments at the top-right of the Findings page. |
Invite the client to collaborate via the Client/Vendor Access Program: | Select the Client Access ➔ Enable Client Access dropdown button at the top-right of the Findings page. |
Search findings: | Do a text search using the search bar at the top-right. Text with matches are highlighted. See search fields. |
See Finding Details sheet: | Select a finding from the table in the Findings page. |
See prior collaboration efforts via the Client/Vendor Access Program: | Select the Client Access ➔ Prior Requests (# ) dropdown button at the top-right of the Findings page. |
See the Service Providers sheet: | Select Actions ➔ Service Providers at the top-right of the Findings page. |
See the Products sheet: | Select Actions ➔ Products at the top-right of the Findings page. |
Unsubscribe from the company: | Select Actions ➔ Unsubscribe at the top-right of the Findings page. |
Fields & Finding Details Sheet
Field | Description |
---|---|
Risk Vector | The Bitsight risk vector. |
Finding Identifier |
The asset (e.g., IP, domain, host, application, port) and its status (e.g. online/offline, version, support status) that identifies the finding. Refer to the Certificate Serial Number to identify TLS/SSL Certificate findings. |
First Seen | The date when this finding was first observed. |
Last Seen | The date when this finding was last observed. |
The Details tab in the Finding Details sheet may contain the following sections:
- Details: Details about the finding.
- Remediations: Finding details and remediation tips.
- Comments: Finding comments.
The finding details in the table and Finding Details sheet vary depending on the risk vector. See details for:
- Compromised Systems Findings
- Diligence
- File Sharing (User Behavior Forensics)
- Public Disclosures
Filters
Filter | Description & Values | Applicable Risk Vectors |
---|---|---|
Risk Vector | Select all risk vectors in a risk category or individual risk vectors. | All |
First Seen |
Include findings that were first seen in the past:
|
All |
Last Seen |
Include findings that were last seen in the past:
|
All |
Web App Sec Tests | Filter by assessment categories. | Web Application Security |
Refresh |
Filter by refresh status:
|
Select Diligence risk vectors. See refresh by risk vector. |
Grade |
Filter by finding grade:
|
Diligence Risk Vectors |
Impacts Risk Vector Grade | Indicates if the finding influences the risk vector grade. See values. | All |
Remaining Lifetime | Lifetime range (# days). |
See lifetime by risk vector. |
Finding Severity |
Filter by finding severity:
|
Compromised Systems, Diligence (except Mobile Application Security), and File Sharing risk vectors. |
Tag |
|
All |
Asset Importance |
Filter by asset importance:
|
All |
Vulnerability |
|
Patching Cadence |
Vulnerability Severity | Filter by Bitsight severity across a CVSS score range. | Patching Cadence |
Duration | Minimum # of days to maximum # of days. |
All. See lifetime by risk vector. |
Patching Cadence: Remediated? |
|
Patching Cadence |
Infection Family | Filter by malware family. | Compromised Systems risk vectors. |
File Sharing Category | Filter by file sharing category. | File Sharing |
Pass / Fail Test |
Filter by mobile application analysis results (testing results).
|
Mobile Application Security |
- May 29, 2024: Certificate Serial Number replaces Finding Identifier as the TLS/SSL Certificates finding identifier.
- January 18, 2024: New Findings page overview specific to the Cyber Insurance app.
Feedback
0 comments
Please sign in to leave a comment.