The Security Performance Management application has the following key concepts that are fundamental to conveying an organization’s infrastructure and security posture:
-
Attributions create the foundation. It is the first step in linking domains and IP addresses to a company.
Example: An RIR record showing Bitsight is attributed to the Bitsight Technologies entity—however, not all attributed infrastructure surfaces as assets.
Manage attributions in the Attributions tab.
-
Assets are derived from attributions creating a subset of attributions. These are the hostnames, domains, or IPs that are observed to be actively used on the Internet.
Example:
bitsight.com
might have subdomains likeacademy.bitsight.com
, but some may disappear from the Asset tab if their importance decreases based on the algorithm.Manage assets in the Assets tab.
-
Findings map to and are tied to assets. These findings affect the security rating.
Example: A vulnerability in
service.bitsight.com
generates a finding, even if that subdomain isn't actively shown as an asset.View findings in the Findings Table.
Common Questions
- Why do assets appear and disappear from the Assets tab?
- Can findings exist without assets?
- How come some subdomains are in the Assets tab, but not in the Attribution tab?
- How come some subdomains are not included in the Assets tab even though they are reachable?
- How come the Assets tab is more extensive than the Attribution tab?
Why do assets appear and disappear from the Assets tab?
Assets may temporarily disappear from the Assets tab if asset importance (which is recalculated daily based on system usage, sensitivity, and other factors) is of lower-importance.
Can findings exist without assets?
Findings are directly tied to assets, but can exist even if the asset isn’t visible. This happens if:
- A finding is tied to an infrastructure that was previously active or used but is no longer observed.
- It is attributed to infrastructure that isn’t currently visible as an asset.
- Its importance falls below a specific threshold.
Example: The
dev.bitsight.com
subdomain has a security vulnerability. The finding is attributed to the organization even if this subdomain is not surfaced as a visible asset due to its low importance.
How come some subdomains are in the Assets tab, but not in the Attribution tab?
Assets are presented in the Assets tab when they show significant activity or relevance. Subdomains are often treated as parts of the main domain.
Some subdomains might not appear in Attribution since it focuses on broader categories like domains and CIDR blocks.
Example: If a finding is generated foracademy.bitsight.com
, it is attributed to the organization responsible forbitsight.com
.
How come some subdomains are not included in the Assets tab even though they are reachable?
Subdomains can be reachable without being included in the Assets tab if they haven't been flagged as important or are inactive.
How come the Assets tab is more extensive than the Attribution tab?
The Assets tab lists individual IP addresses and specific subdomains. The Attribution tab aggregates infrastructure using CIDR blocks (IP ranges) and tracks domains at a higher level compared to Assets.
While a CIDR block has a large range of IP addresses, subdomains may be listed individually in Assets based on their observed activity.
- December 12, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.