Patching Cadence Findings Ingrid View Patching Cadence findings from the Findings Table or Rating Details.Findings Table Navigation Options SPM App: Findings ➔ Findings Table CM App: Select a company from your Companies List. Go to Vendor Risk ➔ Findings Insurance App: Select a company from your Companies List. Go to Client Risk ➔ Findings Bitsight API: GET /v1/companies/entity_guid/findings?risk_vector=patching_cadence The Findings Table provides the following finding details:❖ This field can be included in the table from the Customize Columns option. Field Description Filters Assets The Assets section in the Details tab of the findings sheet. Select the View findings icon to filter findings by the asset. No Asset The IP address or domain that identifies the asset. Text search. Asset Importance/Calculated Importance (Details tab of findings sheet) Asset importance is either user-assigned or is estimated based on the amount of system usage, ability to submit information, and the presence of special certificates. Yes Assigned To The user assigned to remediate the finding. Yes Attributed To The subsidiary or subsidiaries in the Ratings Tree that are attributed to the finding. Yes Comments The Comments section of the Details tab in the finding sheet contains finding comments, which can be used for discussions, providing a way to describe the status of resolution or validity of findings to external stakeholders and other interested parties. No Country The country where IP addresses attributed to the finding are hosted. No Details The name of the vulnerability. Click on the finding to get a description. More details are available in the Details section [Findings Sheet ➔ Details Tab ➔ Details Section]. No Confirmed Vulnerabilities A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing the names, severities, and descriptions of confirmed vulnerabilities. No Description A description of the vulnerability. No Name The name of the vulnerability. Vulnerability Severity The vulnerability severity. Vulnerability Severity: Severe Material Moderate Minor Dates Observed A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing observation date details. The National Vulnerability Database (NVD) has a “Published Date,” which is when the vulnerability was officially announced. This is different from the “First Seen” and “Last Seen” fields of Patching Cadence findings. No First Seen The earliest observation date when a system in the company's infrastructure was observed to be affected by the vulnerability. 7 Days 1 Month 3 Months Custom Last Seen The most recent date that the vulnerability was observed to affect the system in question. 7 Days 1 Month 3 Months Custom Duration❖ Number of days beginning when the compromised system or patching cadence finding was first observed and ending on the latest observation date or date of remediation (patching cadence only). Minimum days Maximum days Remediation Status❖ Indicates if a vulnerability is remediated. See vulnerability duration for more information. Yes Vulnerability❖ The vulnerability name, as logged in the National Vulnerability Database (NVD). Vulnerability Classification Individual Vulnerabilities Vulnerability Details A card [Findings Sheet ➔ Details Tab ➔ Details Section] containing vulnerability details. No CDN Script Source Paths No HTML Sample A sample of the HTML content. No Page Title The title of the web page. No Request URL The web page URL. No Software Version The software version. No Finding Identifier The IP address or domain that identifies the asset. Yes Finding Severity Finding severity is the measured risk that the finding introduces. Minor Moderate Material Severe Grade The finding grade. This is not applicable to Patching Cadence and is displayed as N/A. Yes Impacts Risk Vector Grade Indicates if the finding influences the risk vector grade. See values. IP Attributions The IP Attributions section [Findings Sheet ➔ Details Tab ➔ IP Attributions Section] containing attribution reasons. No Attribution Info The reason for attribution. No CIDR The associated CIDR. No DNS Hostname The associated hostname. No Rescan The finding rescan status. Rescan status. Remaining Lifetime The projected number of days that a finding will continue to impact risk vector grading (finding lifetime). This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated. The # of days. Remediations The Remediations section [Findings Sheet ➔ Details Tab ➔ Remediations Section] containing remediation details. No Details The name of the finding. No Issue A description of the finding. You can also click on the vulnerability name in the Details column to quickly see the issue. No Remediation Instructions❖(Remediation Tip) How to resolve a negative finding. See Verifying That a Finding Is Remediated. No Remediation Status The remediation status. Patching Cadence: Remediated? Risk Vector The risk vector. Yes Status Updated The date when the “Remediation Status” or “Assigned To” fields were last changed. 7 Days 1 Month 3 Months Custom Additional Findings Table Filters Filter Values File Sharing Category Not applicable for Patching Cadence. Infection Family Not applicable for Patching Cadence. Pass / Fail Test Not applicable for Patching Cadence. Tag Visibility: Public Private Tag Name Rating Details PageThe Rating Details page includes a graph that shows the number of vulnerabilities experienced per month, along with the average resolution time for the month. Navigation Options SPM App: Organization ➔ Rating Details CM App: Vendor Risk ➔ Rating Details Insurance App: Client Risk ➔ Rating Details 1 Year Summary of Patching Cadence Observations A higher bubble indicates a longer average resolution timespan for that month. Larger bubbles indicate there were more unpatched vulnerabilities observed during that time period. January 15, 2025: N/A clarification. October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu; Rating Details navigation instructions for the SPM app moved from Risks to Organization. January 19, 2024: Navigation instructions by application. Related articles Patching Cadence Risk Vector How is the Patching Cadence Risk Vector Assessed? What is a Finding Lifetime? Remediation Status Rating Details Feedback 0 comments Please sign in to leave a comment.