Findings Table: Finding Details Sheet

The Finding Details sheet is accessed in the Security Performance Management application from the Findings Table [ Findings ➔ Findings Table]. This table includes an overview of each finding and you can drill down into the Finding Details sheet to learn more about the findings specific to each risk vector. 

To open the Finding Details sheet, simply click a finding on the Findings Table for it to open in a popup window within the SPM application.

Tabs in the Finding Details sheet:

• Details
• Attributed To
• Evidence
• History

Overview Tab

The Overview tab in the Finding Details sheet may contain the following sections and information:

• Finding Identifier: The finding is identified by the asset (e.g., IP, domain, host, application, port) and its associated status (e.g., online/offline, version, support status).
• Finding Grade: The current grade assigned to this finding.
• Finding Severity: Measures the risk level associated with a specific security issue.
• Impacts Risk Vector Grade: Indicates if the finding impacts the risk vector grade.
• Summary: A high level overview of issues that need to be fixed and links to suggested remediation tips. If there are no issues to fix, this section says “Aligned with best practices.”
  • [Date] First Seen: The date when this finding was first observed.
  • [Date] Last Seen: The date when this finding was last observed.
  • Rolled Up ID: A stable and randomized identifier for findings. It is assigned to a finding.
  • Lifetime: Every finding has a lifetime that indicates how long it impacts the risk vector grade, depending on the particular risk vector. This is defined by the number of days a finding will impact the risk vector grade when one or more observations with largely similar key properties occur in close succession.
• Details: Gives details about the finding.
• Rescan:
  • Status: The status of the rescan.
  • Requested date: The date the rescan was requested.
  • Requested by: The user who requested the rescan.
  • Rescan Date: The date the rescan result became available.
  • Details: A description of what happened during the rescan.
• Remediations: Findings details and remediation tipsDetails on security findings and suggestions for remediation.
• Comments: Comments allow discussions about problem areas directly within the Bitsight Security Ratings Platform data. Learn more about using comments in the Findings Table here.

The details in the sheet vary depending on the risk vector. See details for:

• Compromised Systems Findings
  • Botnet Infections
  • Spam Propagation
  • Malware Servers
  • Unsolicited Communications
  • Potentially Exploited
• Diligence
  • SPF Domains
  • DKIM Records
  • TLS/SSL Certificates
  • TLS/SSL Configurations
  • Open Ports
  • Web Application Headers
  • Patching Cadence
  • Insecure Systems
  • Server Software
  • Desktop Software
  • Mobile Software
  • DNSSEC
  • Mobile Application Security
  • Web Application Security
  • Domain Squatting
• File Sharing (User Behavior Forensics)
• Public Disclosures

Asset Tab

The Asset in the Findings Details sheet includes:

• Assets: Identifies the assets that are attributed to findings. See how assets are attributed to findings.
• Attribution Reasons: Provides why the asset has been attributed to this finding. Reasons can include manual research or added in by Customer Request.
• Subsidiaries: Shows findings attribution on the ratings tree.

Tags: Applied to the assets associated with the finding.

Threat Insights Tab

When threat insights data is available for the finding, a new tab appears in the Finding detail view showing:

• Affected Industries and Geographies: Details the sectors and locations that the associated threat actors are known to target.
• Threat Behaviors: Indicates the TTPs (MITRE ATT&CK tactic and technique)
  • This mapping reflects how attackers typically exploit the underlying weakness, not whether exploitation has occurred in your environment.
• Threat Actor: Identifies the Threat Groups that are known for exploiting the TTPs indicated above
  • This information is contextual, not deterministic. It does not mean your organization is actively targeted by these groups.

Evidence Tab

The Finding Details sheet for a Web Application Security finding includes an Evidence tab and presents both the failed and passed evidence gathered from security tests performed on the web application. The tab displays the result of those tests along with helpful details when available.

Each line of recorded evidence is an expandable tab that you can click on to learn more about why the evidence failed. If the recorded evidence “passed”, then the message will be “No expanded fields are present for this evidence.”

History Tab

This tab has 2 sections: 

• Related Findings: A list of findings with the same finding identifier and risk vector.
• Timeline: The History tab within the Finding Details sheet provides a record of actions and changes related to that finding (identified by its rolled-up ID). History is conveyed by:
  • User-requested rescans: A finding rescan requested by a user and the only type of rescan that is available for Diligence risk vectors. Step-by-step instructions for requesting a rescan are available here.
  • Issue Tracking: A log of assignees and remediation statuses assigned to the finding.