All Collections
Connectors
Application Security (SCA/SAST/DAST)
BitSight Connector
BitSight Connector

Learn how to integrate BitSight into the Vulcan Platform

Updated over a week ago

About BitSight

BitSight helps users take a risk-based, outcome-driven approach to managing the performance of their organization's cybersecurity program through broad measurement, continuous monitoring, and detailed forecasting in an effort to measurably reduce cyber risk.

User Permissions and Prerequisites

  1. Make sure the BitSight user used for the integration has Reader permissions.

  2. Generate API Token in BitSight:

    Go to BitSight portal > Settings > Account > API Token > Generate New Token (API Key)

Configure the BitSight Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the BitSight icon.

  4. Enter the following information into the connector setup page:

    • Server URL

    • API Key

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your BitSight instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. You can review the sync status under Log.

  7. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the BitSight icon shows Connected, the connection is complete.

Fields Mapping - Hosts

BitSight field

Vulcan field

Asset

Asset

Hosts

Asset type

ip_addresses

IP

Operating Systems

OS

Tags

Asset tags

Message

Vulnerability title

Severity

Vulnerability score

help_text

Vulnerability description

finding.details

Vulnerability status

finding.identifier

Evidence Key

remediation status

Vulnerability status

finding.assets

Asset-vulnerability connection

Fix for message

Fix - Title

Remediation tip

Fix - Description

Vulnerability Status Mapping

BitSight Status

Vulcan Status

No status, Open, To Do, Work in Progress

Vulnerable

Resolved

Fixed

Risk Accepted

Ignored risk acknowledged

Vulnerability Score mapping

The CVSS is the score reference

BitSight Score

Vulcan Score

0-10

0-10

Locate BitSight vulnerabilities in the Vulcan Platform

As BitSight discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  2. Locate BitSight on the vulnerability source/Connector list and click to filter results.

  3. Click on any vulnerability to view further information.

Locate BitSight assets in the Vulcan Platform

To locate all synced hosts, images, and cloud resources assets from BitSight:

  1. Open the Vulcan Cyber dashboard and navigate to Assets > Hosts

  2. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  3. Locate the BitSight option to view all synced assets.

Automate actions in the Vulcan Platform

Take advantage of the automation capabilities of Vulcan Cyber and the BitSight connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

Data Validation and Expected Behaviour

The BitSight connector maps remedies issues titles from BitSight into vulnerabilities instances. This means that the number of BitSight findings won’t match the number of vulnerability instances in the Vulcan Platform. This mapping method allows reviewing the vulnerabilities by their specific case, and not only by their title.

  • Bitsight’s “Finding Identifier” (Or the “Evidence Key”) IS NOT an asset that the potential vulnerability is found on; it’s an asset-vulnerability connection identifier.

  • To review the finding’s related asset, Go to BitSight findings page > Details. This is where you can find the connected asset for each finding:

    • If there is a connected asset, this is the asset that Vulcan relates the vulnerabilities findings to and displays on the Vulcan Platform.

    • If no asset is found on the Details tab, that means there is no asset affected by this finding, and thus such findings aren't displayed on the Vulcan Platform.

  • The data structure in the Vulcan Platform:

    Vulcan defines a vulnerability-instance connection as unique according to 3 parameters that are ingested from BitSight:

    • Risk Vector + Finding Identifier + Details (the remediation name in BitSight mapped to vulnerability name in Vulcan).


      Note: If the assets column in the BitSight export file doesn’t include any asset, the data will not be displayed in the Vulcan Platform.

Related Articles
Outpost24 Connector
Rapid7 Insight AppSec Connector
SecurityScorecard Connector
HackerOne Connector
GitLab Connector
Did this answer your question?