What is a Finding? Ingrid A finding is a security-related event or configuration on an asset, such as a vulnerability, detection of a botnet, or a port detected to be open. Why do some assets not have findings? Not all assets have findings. While we attempt to identify a finding for every asset, we may not be able to observe any relevant event or record to generate a finding for it. Findings & Assets Can findings exist without assets? Findings are directly tied to assets, but can exist even if the asset isn’t visible. This happens if: A finding is tied to an infrastructure that was previously active or used but is no longer observed. It is attributed to infrastructure that isn’t currently visible as an asset. The asset importance falls below a specific threshold. Example: The dev.bitsight.com subdomain has a security vulnerability. The finding is attributed to the organization even if this subdomain is not surfaced as a visible asset due to its low importance. Presentation Findings are presented in the following pages: SPM App: Findings Table [ Findings ➔ Findings Table] CM App: Findings [ Vendor Risk ➔ Findings] Insurance App: Findings [ Client Risk ➔ Findings] Bitsight API: GET: Finding Details [/v1/companies/entity_guid/findings] December 12, 2024: Published. Related articles Finding Behavior Findings Search Fields Impacts Risk Vector Grade Asset Importance TLS/SSL Configurations Risk Vector Feedback 0 comments Please sign in to leave a comment.