Bitsight Security Posture Management for Splunk Integration Guide Ingrid The Bitsight Security Posture Management for Splunk add-on is available for download in Splunkbase.Requirements A Security Posture Management Subscription: My Company or My Subsidiary. Splunk Enterprise or Splunk Enterprise Security. It is compatible with both on-premise and SaaS Splunk instances. This application is built using Python, which should be included in Splunk by default. How to install Splunk Enteprise apps and add-onsInstructions Installing Splunk Enterprise Apps and Add-ons Bitsight Data and the Splunk Common Information Model Mapping Searching for Data in Splunk Viewing Prebuilt Alerts in Splunk The Bitsight Security Posture Management for Splunk add-on leverages the Bitsight API. The Bitsight data is updated every 24 hours.When the add-on is run, it retrieves the following data: Alerts API Endpoint This provides a list of the most recent alerts generated by the platform and detailed information for single alerts. Path: /v2/alerts GET: Diligence Finding Counts of a Company Get the number of Diligence findings of a company. Path: /v1/companies/company_guid/diligence/historical-statistics GET: Diligence Statistics Get Diligence statistics of a company. Path: /v1/companies/company_guid/diligence/statistics GET: Finding Details Get an organization’s finding details. Path: /v1/companies/company_guid/findings GET: Industry Statistics A company’s average performance can be compared with its industry average in the Rating Details page. This returns the industry averages for the Compromised Systems risk category: The number of times a risk vector event occurred. The average risk vector event duration. The period of time risk vector event occurred. Path: /v1/companies/company_guid/industries/statistics GET: Detailed Company Observations Retrieve detailed information (observations) about the risk category data of companies in your portfolio. Path: /v1/companies/company_guid/observations GET: Statistics Retrieve risk vector data of a particular industry and compare it to the company whose GUID was inputted. The number of times a risk vector occurred, the average duration for which the risk vector lasted, and the period of time during which the returned risk vector data occurred are all included in the information fetched by this endpoint. Path: /v1/companies/company_guid/observations/statistics GET: Findings in a Folder See the presence of findings in a folder. Path: /v1/folders/folder_guid/findings/summary GET: Ratings Graph Data of a Folder Get the ratings graph data of a folder. Path: /v1/folders/folder_guid/graph_data GET: Remediation Tracking Track your remediation efforts (Issue Tracking). Path: /v1/remediations March 19, 2026: Security Posture Management rebrand. June 27, 2025: GET: Remediation Tracking [/v1/remediations]. October 25, 2021: Linked to Splunkbase. January 4, 2021: Use GET: Finding Details [/v1/companies/{company_guid}/findings] instead of GET: Findings with Asset Information [/v1/companies/{company_guid}/assets/findings]. Related articles Installing the Splunk Enterprise App and Add-on Bitsight Security Posture Management for Splunk Bitsight Data and the Splunk Common Information Model Mapping Alerts API Endpoint GET: Finding Details Feedback 0 comments Please sign in to leave a comment.