BitSight Company Findings

# BitSight Findings Splunk TA Add-on The BitSight Splunk TA Add-on is designed to enhance integration between BitSight security ratings and Splunk, providing comprehensive visibility into company ratings and vulnerability findings directly within your Splunk environment.

Built by Daniel Astillero

Latest Version 1.0.1

July 18, 2024

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1

CIM Version: 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Ranking

#24

in Vulnerability Scanner

# BitSight Findings Splunk TA Add-on The BitSight Splunk TA Add-on is designed to enhance integration between BitSight security ratings and Splunk, providing comprehensive visibility into company ratings and vulnerability findings directly within your Splunk environment. ## Features Dual Sourcetypes: Indexes two main sourcetypes: - `bitsight:companies`: Stores current company ratings and metadata. - `bitsight:findings`: Retrieves detailed vulnerability findings using the BitSight API `(GET /ratings/v1/companies/{guid}/findings?{params_set_on_input_stanza})` - Event Indexing: Each finding is indexed as a single event with CIM-field mapping for seamless integration with Splunk's Common Information Model (CIM). - Eventtype classification for Vulnerability data model. ## Installation - Clone or download the BitSight Findings Splunk TA repository. - Install the add-on in your Splunk environment: - For Splunk Enterprise, navigate to Apps > Manage Apps > Install app from file. - For Splunk Cloud, upload the add-on via Apps > Browse more apps. #### Inputs Configuration & Requirements - Configure input stanzas in Splunk to specify parameters for retrieving BitSight findings and company data. - A valid BitSight token - Company GUID for collection on specific company only ## Support You may reach out or send me a pint of IPA via daniel.l.astillero@gmail.com