Bitsight API: Continuous Monitoring Ingrid ⇤ Endpoints Continuous Monitoring sets a high standard for how Bitsight Security Ratings deliver value to your third-party risk management program and allows you to make informed decisions to improve your operational workflows. This experience provides: The integration of the vendor life cycle and existing operational workflows. Guidance and context to support informed decision-making. Best practice recommendations based on network intelligence from the industry’s largest community. Key Features Portfolio Risk Matrix Life Cycle Stages Risk Summaries Endpoints Company Life Cycles Path Purpose Description /v1/company-life-cycles GET: Life Cycle Details Get life cycle stage details of companies in your portfolio. /v1/company-life-cycles POST: Update the Life Cycle Stage of a Company Update the vendor life cycle stage of a company or several companies. /v1/company-life-cycle-types GET: Bitsight Life Cycle Stages Overview Get descriptions of all life cycle stages. Company Relationships Path Purpose Description /v1/company-relationships GET: Company Relationship Details Get the company relationship details of your organization. Folders Folders can be used to organize your portfolio to better understand the security performance of certain groups of companies, such as IT vendors. Path Purpose Description /v1/folders GET: Folder Details Get shared folders that are owned by you or are associated with you. /v1/folders POST: Create a Folder Create a new folder. Portfolio Path Purpose Description /v2/portfolio GET: Portfolio Details Get information about the companies in your portfolio. /v1/portfolio/breaches GET: Public Disclosures in Portfolio Get Public Disclosure details of organizations in your portfolio. /v1/portfolio/entity-custom-ids GET: Custom Company Identifiers Get custom company identifiers (custom company ID), which maps your identifiers with Bitsight data, making it easier to associate Bitsight data with the rest of your vendor-related information. /v1/portfolio/entity-custom-ids POST: Customize a Company's ID Create or update a company's ID (custom company ID). /v1/portfolio/filters GET: Portfolio API Filters Get infections, open ports, and vulnerabilities in your portfolio, and also statistics on infections and vulnerabilities that are present. /v1/portfolio/guids GET: Portfolio Unique Identifiers Returns a simple list of company unique identifiers in your portfolio. /v1/portfolio/ratings GET, POST: Security Rating Details of Companies in Your Portfolio Get security rating details of the companies in your portfolio, including the unique identifiers of particular companies. /v1/portfolio/statistics GET: Portfolio Statistics Get portfolio statistics, including: The distribution of companies across rating categories (advanced, intermediate, basic). The highest, lowest, and median security ratings. Risk vector averages. /v2/portfolio/summaries GET: Portfolio Summary Get a summary of your portfolio. This can be used to get a list of the possible values for querying GET: Portfolio Details. Subscriptions Path Purpose Description /v1/subscriptions GET: Subscription Information Each subscription type is returned as its own object with certain keys (quota, name, remaining), followed by an array of JSON objects with their own keys. /v1/subscriptions/expired GET: Expired Subscriptions Get a paginated list of your company subscriptions that have expired to prioritize which companies to resubscribe to. Tiers Path Purpose Description /v1/tiers GET: Tiers Get a list of your existing tiers and tier details. /v1/tiers/tier_guid PATCH: Edit Tiers Create or edit an existing tier. Assign a name and description. /v1/tiers/tier_guid/companies PATCH: Modify Companies in a Tier Add companies to an existing tier or remove companies from an existing tier. /v1/tiers/summary GET: Tier Summaries Get a summary of your tiers. /v1/tiers/vendor-action-plan GET: Tiered Company GUID by Action Plan Get the unique identifiers of tiered companies [entity_guid] that are within each distinct vendor action plan (monitor, review, escalate). August 18, 2023: “Third Party Risk Management” renamed to “Continuous Monitoring.” December 14, 2020: Linked to “POST: Create a Folder” (POST /v1/folders). November 23, 2020: Updated the available endpoints to include /portfolio and /tiers paths. Related articles Bitsight API: Bitsight VRM API Documentation Overview Findings Remediation API Guide Cyber Insurance API Guide GET, POST: Security Rating Details of Companies in Your Portfolio Feedback 0 comments Please sign in to leave a comment.