Findings

Findings are the culmination of observed internet traffic and configurations. They’re recorded on the Bitsight platform as events and records. Findings are reported in Coordinated Universal Time (UTC).

Findings are presented in a table view that provides a single place to sort, filter, analyze, comment on, track your remediation efforts, and export Bitsight findings. The table may present a sample of the overall findings.

Attributing Assets

• Findings without assets are assigned low importance assets whenever possible. Not all findings can be assigned with an associated asset.
• Not having assets does not impact the rating or the company’s infrastructure as depicted in the Attribution tab.
• New findings may take up to 2 days to be assigned an asset.

Findings are also accessible from the following workflows:

• Assets – Filter by assets.
• Rating Details – Filter by risk vector.

Actions

Action	Instructions
Customize the included data:	Use the Customize Columns button at the top-right.
Download up to 9000 rows of finding data (.csv):	Use the Download button at the top-right.
Refine your search:	Select any of the available filters, particularly the “Impacts RV Grade Only” filter. Select a filter set. Use the Filter button to expand or collapse the filters.
Search findings:	Do a text search using the search bar at the top-right. Text with matches are highlighted. See search fields.
Get full visibility into your findings data:	Refer to the unsampled findings service agreements. If unsampled findings is enabled, use the View Unsampled toggle at the top-right.

Finding Details

The details vary depending on the risk vector. It might include the infection duration, help and remediation, IP information (including source information), and the comment thread.

Use the available filters, select a filter set, or use the “Impacts RV Grade Only” Bitsight filter set to refine your search.

See details for:

• Compromised Systems Findings
  • Botnet Infections
  • Spam Propagation
  • Malware Servers
  • Unsolicited Communications
  • Potentially Exploited
• Diligence
  • SPF Domains
  • DKIM Records
  • TLS/SSL Certificates
  • TLS/SSL Configurations
  • Open Ports
  • Web Application Headers
  • Patching Cadence
  • Insecure Systems
  • Server Software
  • Desktop Software
  • Mobile Software
  • DNSSEC
  • Mobile Application Security
  • Web Application Security
  • Domain Squatting
• File Sharing (User Behavior Forensics)
• Public Disclosures

Fields & Filters

Field	Description	Filters
Asset Importance	Importance is either user-assigned or is estimated based on the amount of system usage, ability to submit information, and the presence of special certificates.	Critical High Medium Low None
Assets	The IP address or domain that identifies the asset. In order for assets to be included, they do not need to be subscribed with an SPM Subsidiary subscription.	Text Search
Attributed To	The subsidiary or subsidiaries in the Ratings Tree that are attributed to the finding.	A subsidiary or subsidiaries attributed to the findings. No subsidiary.
Comments	Discussions that provide a way to describe the status of resolution or validity of findings to external stakeholders and other interested parties.	No
Country	The country where IP addresses attributed to the finding are hosted. Helpful when assessing a vendor if your company has data location restrictions. Allows cyber risk analysts to ask the vendors, “will any of my data touch these IP addresses?” Indicates if there is a risk of foreign actor influence, especially when looking at the grades of the findings with the associated IP addresses.	No
Dates First Seen Last Seen	The first (first seen) and most recent (last seen) dates of observations.	7 Days 1 Month 3 Months Custom
Details	Details of this finding. See details by risk vector.	No
Finding Identifier	The IP address or domain that identifies the asset.	Text Search
Finding Severity	The measured risk that this finding introduces.	Minor Moderate Material Severe
Grade	The finding grade.	Good Fair Warn Bad Neutral N/A
Impacts Risk Vector Grade	Filters for findings that currently impact the letter grade of their risk vector. The amount of time a finding impacts the letter grade depends upon the risk vector. See when risk vectors are impacted.	Impacts Risk Vector Grade Only
Infrastructure Tags	Infrastructure tags are defined by the company to identify assets that belong to them and add context to findings as they arise. The Tag filter is not compatible with filter sets when searching unsampled findings.	Public Private Tag Name
Remaining Lifetime	The projected number of days that a finding will continue to impact risk vector grading (lifetime). This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated.	# of Days
Risk Vector	The risk vector that’s associated with the finding.	Yes
Rolled Up ID	An identifier for findings.	No