A finding is a security-related event or configuration on an asset, such as a vulnerability, detection of a botnet, or a port detected to be open.
Why do some assets not have findings?
Not all assets have findings. While we attempt to identify a finding for every asset, we may not be able to observe any relevant event or record to generate a finding for it.
Findings & Assets
Can findings exist without assets?
Findings are directly tied to assets, but can exist even if the asset isn’t visible. This happens if:
- A finding is tied to an infrastructure that was previously active or used but is no longer observed.
- It is attributed to infrastructure that isn’t currently visible as an asset.
- The asset importance falls below a specific threshold.
Example: The
dev.bitsight.com
subdomain has a security vulnerability. The finding is attributed to the organization even if this subdomain is not surfaced as a visible asset due to its low importance.
Presentation
Findings are presented in the following pages:
Bitsight API: GET: Finding Details [/v1/companies/entity_guid/findings
]
- December 12, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.