BitSight helps users take a risk-based, outcome-driven approach to managing the performance of their organization's cybersecurity program through broad measurement, continuous monitoring, and detailed forecasting in an effort to measurably reduce cyber risk.
User Permissions and Prerequisites
Make sure the BitSight user used for the integration has Reader permissions.
Generate API Token in BitSight:
Go to BitSight portal > Settings > Account > API Token > Generate New Token (API Key)
Configure the BitSight Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the BitSight icon.
Enter the following information into the connector setup page:
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your BitSight instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the BitSight icon shows Connected, the connection is complete.
Fields Mapping - Hosts
Fix for message
Fix - Title
Fix - Description
Vulnerability Status Mapping
No status, Open, To Do, Work in Progress
Ignored risk acknowledged
Vulnerability Score mapping
CVSS is the score reference
Locate BitSight vulnerabilities in the Vulcan Platform
As BitSight discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate BitSight on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locate BitSight assets in the Vulcan Platform
To locate all synced hosts, images, and cloud resources assets from BitSight:
Open the Vulcan Cyber dashboard and navigate to Assets > Hosts
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the BitSight option to view all synced assets.
Automate actions in the Vulcan Platform
Take advantage of the automation capabilities of Vulcan Cyber and the BitSight connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.
Data Validation and Expected Behaviour
The BitSight connector maps remedies issues titles from BitSight into vulnerabilities instances. This means that the number of BitSight findings won’t match the number of vulnerability instances in the Vulcan Platform. This mapping method allows reviewing the vulnerabilities by their specific case, and not only by their title.
Bitsight’s “Finding Identifier” (Or the “Evidence Key”) IS NOT an asset that the potential vulnerability is found on; it’s an asset-vulnerability connection identifier.
To review the finding’s related asset, Go to BitSight findings page > Details. This is where you can find the connected asset for each finding:
If there is a connected asset, this is the asset that Vulcan relates the vulnerabilities findings to and displays on the Vulcan Platform.
If no asset is found on the Details tab, that means there is no asset affected by this finding, and thus such findings aren't displayed on the Vulcan Platform.
The data structure in the Vulcan Platform:
Vulcan defines a vulnerability-instance connection as unique according to 3 parameters that are ingested from BitSight:
Risk Vector + Finding Identifier + Details (the remediation name in BitSight mapped to vulnerability name in Vulcan).
Note: If the assets column in the BitSight export file doesn’t include any asset, the data will not be displayed in the Vulcan Platform.