The Bitsight Security Performance Management for Splunk add-on is available for download in Splunkbase.
Requirements
- A Security Performance Management Subscription: My Company or My Subsidiary.
- Splunk Enterprise or Splunk Enterprise Security. It is compatible with both on-premise and SaaS Splunk instances.
- This application is built using Python, which should be included in Splunk by default.
How to install Splunk Enteprise apps and add-ons
Instructions
- Installing Splunk Enterprise Apps and Add-ons
- Bitsight Data and the Splunk Common Information Model Mapping
- Searching for Data in Splunk
- Viewing Prebuilt Alerts in Splunk
The Bitsight Security Performance Management for Splunk add-on leverages the Bitsight API. The Bitsight data is updated every 24 hours.
When the add-on is run, it retrieves the following data:
- Alerts API Endpoint
-
This provides a list of the most recent alerts generated by the platform and detailed information for single alerts.
Path:
/v2/alerts - GET: Diligence Finding Counts of a Company
-
Get the number of Diligence findings of a company.
Path:
/v1/companies/company_guid/diligence/historical-statistics - GET: Diligence Statistics
-
Get Diligence statistics of a company.
Path:
/v1/companies/company_guid/diligence/statistics - GET: Finding Details
-
Get an organization’s finding details.
Path:
/v1/companies/company_guid/findings - GET: Industry Statistics
-
A company’s average performance can be compared with its industry average in the Rating Details page. This returns the industry averages for the Compromised Systems risk category:
- The number of times a risk vector event occurred.
- The average risk vector event duration.
- The period of time risk vector event occurred.
Path:
/v1/companies/company_guid/industries/statistics - GET: Detailed Company Observations
-
Retrieve detailed information (observations) about the risk category data of companies in your portfolio.
Path:
/v1/companies/company_guid/observations - GET: Statistics
-
Retrieve risk vector data of a particular industry and compare it to the company whose GUID was inputted. The number of times a risk vector occurred, the average duration for which the risk vector lasted, and the period of time during which the returned risk vector data occurred are all included in the information fetched by this endpoint.
Path:
/v1/companies/company_guid/observations/statistics - GET: Findings in a Folder
-
See the presence of findings in a folder.
Path:
/v1/folders/folder_guid/findings/summary - GET: Ratings Graph Data of a Folder
-
Get the ratings graph data of a folder.
Path:
/v1/folders/folder_guid/graph_data - GET: Remediation Tracking
-
Track your remediation efforts (Issue Tracking).
Path:
/v1/remediations
-
June 27, 2025: GET: Remediation Tracking [
/v1/remediations]. - October 25, 2021: Linked to Splunkbase.
-
January 4, 2021: Use GET: Finding Details [
/v1/companies/{company_guid}/findings] instead of GET: Findings with Asset Information [/v1/companies/{company_guid}/assets/findings].
Feedback
0 comments
Please sign in to leave a comment.