Why do assets appear and disappear?
- Only actively observed IP addresses are presented.
- Assets may temporarily disappear from the Assets tab if asset importance (which is recalculated daily based on system usage, sensitivity, and other factors) is of lower-importance.
Use the Assets tab to:
- See externally-facing infrastructure attributed to the organization.
- Select a particular asset to get findings that are associated with that asset.
- Sort by the total number of findings to see which asset has the most findings.
- Refer to asset importance for estimating the importance of the underlying IP or domain/host to the organization.
- Select a row to see asset attribution details.
Actions
Infrastructure Tags
Apply infrastructure tags.
Instructions:
- Hover over the asset.
- Select tags from the Select Tags dropdown.
- Select Confirm Changes.
- Select Save Changes.
Bulk Actions
The bulk actions include:
Instructions:
- Select assets to edit with the Checkmark on the left.
- Select the action to apply to the selected assets.
DoanDownload Assets Data (.csv)
Filter the Data
Toggle View
Toggle the view of the data.
Instructions: Select the Table or Map options at the top-right of the table.
Fields
- App Grade
- A 0-10 severity scale for Mobile Application Security findings, with 10 being the most severe.
- Asset
- The associated asset (IP address, CIDR block, or domain).
- Asset Type
- The type of asset.
- Country
- The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country.
- Findings (Impacts RV Grade)
- The number of findings in this asset.
- Grace Period
- There is a 60-day grace period when company-provided assets are added to infrastructure. The findings from the added infrastructure do not impact grading.
- Grace Period End Date
- The date the grace period for the infrastructure ends.
- Hosting Provider
- The hosting service provider.
- Identified Products
- Identified service provider products. See products by business function.
- Importance
- The importance of the underlying IP or domain/host to the organization.
- Material/Severe Findings (Impacts RV Grade)
- The number of material and severe findings in this asset.
- Originating Subsidiary
- The organization or subsidiary attributed to this asset.
- Services
- Services using a port.
- Tags
- Infrastructure tags assigned to the asset.
Filters
- Asset Importance
-
Filter by asset importance.
Filter Values:
- Critical
- High
- Medium
- Low
- None
- Asset Type
-
Filter by the type of asset.
Filter Values:
- IP Address
- Domain
- Android
- iOS
- Geographic Area
-
Filter by geographic area.
Filter Values: Area name.
- Grace Period
-
Filter by Impacts Risk Vector Grade with a No: Grace Period status.
Filter Values:
Yes
No
- Grace Period End Date
-
Filter by grace period end dates within a specified date range.
Filter Values:
Start Date
End Date
- Hosting Provider
-
Filter by the hosting service provider.
Filter Values: Provider name.
- Identified Products
-
Filter by products.
Filter Values: Product name. See business functions.
- Importance Origin
-
Filter by how asset importance was determined.
Filter Values:
- Only User Importance
- Only Calculated Importance
- Number of Findings
-
Filter by the number of findings.
Filter Values: A minimum and maximum number of findings.
- Originating Subsidiary
-
Filter by the organization or subsidiary attributed to the asset.
Filter Values: Company name.
- Product Support
-
Filter by product support status.
Filter Values:
- Unsupported
- Supported
- Unspecified
- Service
-
Filter by the service running on the device.
Filter Values: Service name. See:
- Tag
-
Filter by infrastructure tags.
Filter Values:
- Public
- Private
- No Tags
- Vulnerability
-
Filter by vulnerability.
Filter Values: Vulnerability name or CVE ID.
- Vulnerability Evidence Certainty
-
Filter by the level of certainty that a vulnerability has been confirmed to exist and poses a risk.
Filter Values: See evidence certainty.
- Vulnerability Evidence Detection
-
Filter by vulnerability that are currently or were previously detected.
Filter Values:
- Currently
- Previously
- Vulnerability Severity
-
Filter by the criticality of the vulnerability.
Filter Values: 0-10 CVSS v3 score.
Bitsight Filter Sets
We recommend including the name of the company associated with the findings in your filter set name when creating a filter set from an existing filter set so that it is easily discoverable (e.g., Company Name - Assets_group).
Assets with unsupported products
- Product Support
- Unsupported
Currently confirmed exposure
- Vulnerability Evidence Certainty
- Confirmed
- Vulnerability Evidence Detection
- Exposure
Asset Details
Select an asset to view asset details, which are presented in the following tabs:
Details Tab
Select an asset and refer to the Details tab in the sheet to see the asset details.
- Asset Importance: See asset importance.
- Attribution: CIDR and source (regional internet registry or user provided).
- Service names. See:
- Location: The location of the asset using an IP geolocation database. Hostnames are located at the location connected with the IP address that they resolve to. Depending upon the information available to the location service, some locations are precise, others are defaulted to the geographic center of a country.
- Vulnerabilities: Preview of up to 5 of the most recent Vulnerabilities. Refer to the vulnerabilities displayed in the Vulnerabilities tab provide information on potential security risks associated with an asset, including the name, severity level, evidence certainty, and last seen date. Review this information to identify potential risks and take necessary measures to mitigate them.
Findings Tab
Select an asset and refer to the Findings tab in the sheet to see a list of the findings within this asset that are impacting the organization’s security rating.
- [Date] Last Seen
- The date when this finding was most recently observed.
- Details
- A description of this finding.
- Finding Severity
- A measurement of the amount of risk that this finding introduces. See finding severity.
- Grade
- The finding grade.
- Risk Vector
- The associated risk vector.
Vulnerabilities Tab
Use this tab to view the vulnerabilities associated with an asset. It contains a list of vulnerabilities within the asset that may impact the organization’s security, including the following details:
- [Date] Last Seen
- The date when this vulnerability was most recently observed.
- Evidence Certainty
- The level of certainty that the vulnerability has been confirmed to exist and poses a risk.
- Name
- The Common Vulnerabilities and Exposures (CVE) name for the vulnerability.
- Severity
- The severity of the vulnerability based on the Common Vulnerability Scoring System (CVSS).
Select the name to see a description of the vulnerability or a row to see all the details associated with that vulnerability.
- February 21, 2025: Added Grace Period End Date field and filter.
- February 6, 2025: Listed available Bitsight filter sets, migrated from Filter Sets.
- December 12, 2024: Described why assets may disappear.
Feedback
0 comments
Please sign in to leave a comment.