BitSight Security Ratings
  • 31 Jan 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

BitSight Security Ratings

  • Dark
    Light
  • PDF

Article Summary

BitSight Security Ratings are a data-driven and dynamic measurement of an organization’s cybersecurity performance.

AttributesCybersecurity Asset ManagementSaaS Management
Service Account Required?YesYes
API Key RequiredYesYes
API Key PermissionRead access to devicesAdmin
Service Account PermissionsUserAdmin
Required Adapter FieldsBitSight domain, API KeyBitSight domain, API Key
Assets FetchedUsersSaaS data

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • SaaS data

Parameters

  1. BitSight Domain (required, default: https://api.bitsighttech.com) - The hostname or IP address of the Bitsight server.

  2. API Key (required) - An API Key associated with a user account that has the Required Permissions to fetch assets.

  3. Company Name (leave empty to fetch data from parent company) (optional, default: empty) - Specify a company name to only fetch data associated with that company.

  4. CIDR Data CSV File - Upload the .csv file with your CIDR data.

  5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  6. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

  7. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  8. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.


BitSight_Adapter

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  • Use My Company Only if company name is missing (required, default: false) - Select this option to automatically use the name of your organization for this adapter if no name has been manually set.
  • Fetch vulnerabilities and company's findings - Select this option to fetch vulnerabilities detected in Bitsight.

Required Permissions

  • For accounts with CyberSecurity Asset Management capabilities - The value supplied in API Key must be associated with a user account that has read access to devices.
  • For accounts with SaaS Management capabilities - The BitSight user must be associated with the 'Admin' role. For more information see Creating a User in BitSight.

Setting Up the Integration

Creating a User in BitSight

  1. Log into the BitSight admin panel as Administrator.

  2. Navigate to Settings > Manage Users.
    Bitsight_Manage%20Users

  3. Create a new user:

    • If you have SaaS Management capability in Axonius, from Roles, select Admin.
    • Otherwise, the adapter requires the least-privileged type of user, which is the User role.
      image.png
  4. Once added, you should receive an approval email from BitSight to the specified mail address.

  5. Click the attached link to set a new password of at least 32 characters.

Create an API Token

  1. Log into the panel Navigate to settings > account.
  2. Scroll down to API Token and click Generate New Token.
    image.png
  3. Copy the generated token.
  4. In Axonius, paste the copied token into the API Key field.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.