- February 3, 2023: Updated to improve clarity.
- March 15, 2022: Published.
⇤ What is a Diligence Finding Refresh?
Overview
“Refreshed - Asset Not Reached” is one of the possible statuses that may return for a finding after a user-requested refresh. It indicates that we are unable to reach an asset or unable to locate new information to update the associated finding. If you receive this status, additional information is provided in the finding details section to clarify what happened.
We can’t guarantee visibility into every record associated with a company. External factors, such as firewall configurations and site availability, impact our ability to update findings.
If we are unable to scan an asset to update a finding, the previously captured finding will continue to impact ratings until its lifetime is complete. To learn more about lifetimes, see What is a Finding Lifetime?
Remediations that Return “Asset Not Reached”
This status is expected for certain remediations. If you receive the “Refreshed - Asset Not Reached” status outside of the examples provided in the table below, confirm that the asset is reachable, not slow to respond, and our scans are not blocked (see Troubleshooting).
| Risk Vector | Remediation Performed | Refresh Expectations |
|---|---|---|
| TLS/SSL Certificates | Certificate was removed |
Expected result:
Finding behavior:
|
| Certificate was updated or replaced |
Expected result:
Finding behavior:
The finding identifier may change depending on the Subject Alternative Names (SAN). |
|
| TLS/SSL Configurations | Certificate publicly removed or taken offline |
Expected result:
Finding behavior:
|
| Web Application Headers | Updated from HTTPS-to-HTTP redirect to an HTTPS-to-HTTPS redirect |
Expected result:
Finding behavior:
|
| Domain removed |
Expected result:
Finding behavior:
|
|
| Open Ports | Certificate publicly removed or taken offline |
Expected result:
Finding behavior:
|
| Server Software | Server decommissioned |
Expected result:
Finding behavior:
|
Troubleshooting: Why can’t my assets be reached?
The most common reasons assets are unable to be reached are:
- The asset is not reachable or is slow to respond.
- Our scans are blocked.
1. Asset is Not Reachable or is Slow to Respond
The asset is not online, it times out, or is slow to respond. Some examples of this include:
- The asset has been taken down
- The asset is slow to load
- The asset was down during the refresh
- The domain is hosted on a rotation IP provided by a hosting provider, so our refreshes only get intermittent results
- The server name is misconfigured
Even if the asset is only down for a short period of time, it interferes with our ability to refresh the finding. To account for this, user-initiated refreshes attempt to contact the asset multiple times in a period of up to six days. If the asset remains unreachable after six days, the request times out and the status updates to “Refreshed - Asset Not Reached.”
2. Our Scans are Blocked
There may be website configurations in place that block Bitsight scans. Some examples that interfere with refreshing findings include:
- Web App Firewalls (WAF) such as Cloudflare (Bot Fight Mode), AWS cloudfront, Akamai CDN, or firewall rules preventing access from an outside network
- Captcha pages or other human verification methods shown on page load
- Anti-crawler protection
- Geo-blocking
- Web pages that require a client-side certificate to browse
- Firewall configurations preventing access to a website from external networks
Next Steps
If you have further questions related to a user-requested refresh, please contact Bitsight Support with details about the records you are trying to refresh.