The Bitsight Security Performance Management for Splunk add-on is available for download in Splunkbase.
Requirements
- A Security Performance Management Subscription: My Company or My Subsidiary.
- Splunk Enterprise or Splunk Enterprise Security. It is compatible with both on-premise and SaaS Splunk instances.
- This application is built using Python, which should be included in Splunk by default.
How to install Splunk Enteprise apps and add-ons
Instructions
- Installing Splunk Enterprise Apps and Add-ons
- Bitsight Data and the Splunk Common Information Model Mapping
- Searching for Data in Splunk
- Viewing Prebuilt Alerts in Splunk
The Bitsight Security Performance Management for Splunk add-on leverages the Bitsight API. The Bitsight data is updated every 24 hours.
When the add-on is run, it will retrieve the following data:
| Path | Purpose | Description |
|---|---|---|
/v1/companies/company_guid/findings
|
GET: Finding Details | Get an organization’s finding details. |
/v1/companies/company_guid/diligence/statistics
|
GET: Diligence Statistics | Get Diligence statistics of a company. |
/v1/companies/company_guid/industries/statistics
|
GET: Industry Statistics |
A company’s average performance can be compared with its industry average in the Rating Details page. This returns the industry averages for the Compromised Systems risk category:
|
/v1/companies/company_guid/observations
|
GET: Detailed Company Observations | Retrieve detailed information (observations) about the risk category data of companies in your portfolio. |
/v1/companies/company_guid/observations/statistics
|
GET: Statistics | Retrieve risk vector data of a particular industry and compare it to the company whose GUID was inputted. The number of times a risk vector occurred, the average duration for which the risk vector lasted, and the period of time during which the returned risk vector data occurred are all included in the information fetched by this endpoint. |
/v1/folders/folder_guid/findings/summary
|
GET: Findings in a Folder | See the presence of findings in a folder. |
/v1/folders/folder_guid/graph_data
|
GET: Ratings Graph Data of a Folder | Get the ratings graph data of a folder. |
/v1/companies/company_guid/diligence/historical-statistics
|
GET: Diligence Finding Counts of a Company | Get the number of Diligence findings of a company. |
/v2/alerts |
Alerts API Endpoint | This provides a list of the most recent alerts generated by the platform and detailed information for single alerts. |
- October 25, 2021: Linked to Splunkbase.
- January 4, 2021: Use GET: Finding Details (
/v1/companies/{company_guid}/findings) instead of GET: Findings with Asset Information (/v1/companies/{company_guid}/assets/findings). - May 21, 2020: Published.
Feedback
0 comments
Please sign in to leave a comment.