BitSight Security Ratings

BitSight Security Ratings are a data-driven and dynamic measurement of an organization’s cybersecurity performance.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
• SaaS data
  
  

Parameters

1. BitSight Domain (required, default: https://api.bitsighttech.com) - The hostname or IP address of the Bitsight server.

2. API Key (required) - An API Key associated with a user account that has the Required Permissions to fetch assets.

3. Company Name (leave empty to fetch data from parent company) (optional, default: empty) - Specify a company name to only fetch data associated with that company.

4. CIDR Data CSV File - Upload the .csv file with your CIDR data. This is a CSV file that allows adding data for a specific IP CIDR range. The CSV file should contain the following columns, "CIDR Block", "Country", "Attributed To", "Source", "AS Number". If an IP address is contained in the CIDR block in the CSV file, the values from the other columns in this file are applied to the device.

5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

6. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

7. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

8. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

• Use My Company Only if company name is missing (required, default: false) - Select this option to automatically use the name of your organization for this adapter if no name has been manually set.
• Fetch vulnerabilities and company's findings - Select this option to fetch vulnerabilities detected in Bitsight.
• Fetch company assets - Select this option to fetch company assets.

Required Permissions

• For accounts with CyberSecurity Asset Management capabilities - The value supplied in API Key must be associated with a user account that has read access to devices.
• For accounts with SaaS Management capabilities - The BitSight user must be associated with the 'Admin' role. For more information see Creating a User in BitSight.

Setting Up the Integration

Creating a User in BitSight

1. Log into the BitSight admin panel as Administrator.

2. Navigate to Settings > Manage Users.
   

3. Create a new user:

   • If you have SaaS Management capability in Axonius, from Roles, select Admin.
   • Otherwise, the adapter requires the least-privileged type of user, which is the User role.
     

4. Once added, you should receive an approval email from BitSight to the specified mail address.

5. Click the attached link to set a new password of at least 32 characters.

Create an API Token

1. Log into the panel Navigate to settings > account.
2. Scroll down to API Token and click Generate New Token.
   
3. Copy the generated token.
4. In Axonius, paste the copied token into the API Key field.