icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading BitSight Security Performance Management for Splunk Add-On
SHA256 checksum (bitsight-security-performance-management-for-splunk-add-on_104.tgz) 05d0dc12e97894e740d4f318165f3b0b8e88bd11a9eb333d50ac5c925b8fffc2 SHA256 checksum (bitsight-security-performance-management-for-splunk-add-on_103.tgz) f4f91af0b30cd52a0a785666ced6f87437d8d29d2dc47481c47f06d58e6fea20 SHA256 checksum (bitsight-security-performance-management-for-splunk-add-on_102.tgz) ee89985ffd0a29f8a0a45ff04ddaac4ce1253fee9426d50b65656d65504e9400 SHA256 checksum (bitsight-security-performance-management-for-splunk-add-on_101.tgz) 6112bfdfccff6d9eee64eac3a4774df45e79f4be9bbc6f9a5e05e306f2e30d5f SHA256 checksum (bitsight-security-performance-management-for-splunk-add-on_100.tgz) b831d185af811f940a103c9db3b095cc9cf542cf656c6aa6cbfb31f947c37f12
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

BitSight Security Performance Management for Splunk Add-On

Splunk Cloud
This app is NOT supported by Splunk. Please read about what that means for youhere.
Overview
Details
BitSight Security Ratings, the standard in security ratings, are a daily measurement of an organization’s security performance generated through analysis of vast amounts of externally observable data. BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Bring BitSight Security Ratings observation information into your security program through this integration with Splunk Enterprise and Enterprise Security. BitSight Security Performance Management for Splunk automates the integration of BitSight observations into Splunk for correlation, analysis, and action. This includes observations from BitSight Work From Home Remote Office which helps organizations understand the risk environment in remote offices that lack many of the traditional security controls.

BitSight Security Performance Management for Splunk -

Bring BitSight Security Ratings observation information into your security program through this integration with Splunk Enterprise and Enterprise Security. BitSight Security Performance Management for Splunk automates the integration of BitSight observations into Splunk for correlation, analysis, and action. This includes observations from BitSight Work From Home Remote Office which helps organizations understand the risk environment in remote offices that lack many of the traditional security controls.

The add-on automatically maps the BitSight observation types to Splunk’s Common Information Model to enable relevant workflows based on the events from the BitSight data. The BitSight observations are summarized in a dashboard within the add-on.

This visibility enables you to integrate BitSight data with security data from other systems processed by Splunk to identify risk and accelerate remediation. BitSight data can help pinpoint the sources of infections and risky configurations in your company infrastructure, seamlessly going from awareness to rapid remediation. The additional visibility and integration allow security and IT teams to respond faster and more effectively to threats.

BitSight Work from Home - Remote Office -

BitSight Work from Home - Remote Office helps security teams identify vulnerabilities and infections on IP addresses known to be associated with remote operating environments. BitSight Security Performance Management for Splunk leverages the Network Sessions data model to quickly identify home office IP addresses using available log sources in Splunk like VPNs logs. Those IPs are then used to gather security risk observations from BitSight. These observations can be used to:

  • Discover security issues that reside on work from home IPs to help inform existing incident response or insider threat activities.
  • Monitor higher risk remote operating environments such as access to sensitive data or intellectual property (e. Exes, software devs)
  • Educate employees on potential security issues as part of security training & awareness programs

This add-on is compatible with both Splunk Enterprise and Splunk Enterprise Security.

Documentation:
https://www.bitsight.com/hubfs/product-integrations/splunk/Add-on%20Installation%20Guide%20-%20BitSight%20Security%20Performance%20Management%20for%20Splunk.docx

Release Notes

Version 1.0.4
Jan. 25, 2021

1. The dashboard has been enhanced, including a compromised systems view.
2. Changed BitSight API token user input option from Inputs page to Configuration -> Addon-Settings as per cloud app standards.
3. "BitSight Work From Home Remote Office" enhancement - if the CIM mapping is in place, the user can use that to grab vpn ips instead of manually entering them.

Version 1.0.3
Sept. 13, 2020

Version : 1.0.3
-> Added macros to avoid searching in all indexes and to increase search performance.
-> Modified "My Company Dashboard" queries using base searches.
-> Modified "Work From Home" functionality by using the VPN dataset of Network Sessions CIM data model to get IP Addresses rather than user search query to get IP Addresses.

The BitSight for Security Performance Management Splunk Add-On has been updated to use the following macros you can modify to better match your Splunk configuration:

Splunk indexes with bitsight data `bitsight_index`: index=""

Example: If you are indexing BitSight data to a `bitsight` index, change macro definition to:
index="bitsight"

Goto -> Settings -> Advances Search -> Search marcos -> Click on `bitsight_index` and change the definition according to your Splunk configuration.

PREREQUISITES :
Default configuration for BitSight Work From Home - Remote Office now uses CIM compliant VPN data mapped to the VPN dataset of the Network Sessions data model.

Version 1.0.2
Aug. 12, 2020

1. BitSight risk vector data has been separately identified using a new End_Point attribute which makes it easy for differentiation of data for SOC engineers.

2. In this version, the Add-on is modified to import data from the BitSight API by checking against existing data in Splunk and only indexing data that is new. This will help reduce duplication of data. The exception is the findings_summary which returns all results.

3. Added Proxy Configuration support.

4. Modified the Dashboard, Scheduled Alerts Queries & CIM model, and field names for consistency with the new indexing style.

5. Added a drill-down option which enables redirection to matched events data upon clicking on individual graph elements in the dashboard.

6. Added validation for API-URL to prevent unencrypted network (HTTP) calls if the user enters an HTTP URL. (Credentials are encrypted.)

Version 1.0.1
May 27, 2020

V1 of BitSight Security Performance Management for Splunk Add-On

Version 1.0.0
May 11, 2020

V1 of the BitSight Security Performance Management for Splunk Add-On

252
Installs
414
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.