Axonius Documentation
  1. Connecting Adapters
  2. Adapters B

BitSight Security Ratings

BitSight Security Ratings are a data-driven and dynamic measurement of an organization’s cybersecurity performance.

AttributesAxonius Cyber AssetsAxonius SaaS Applications
Service Account Required?YesYes
API Key RequiredYesYes
API Key PermissionRead access to devicesAdmin
Service Account PermissionsUserAdmin
Required Adapter FieldsBitSight domain, API KeyBitSight domain, API Key
Assets FetchedUsersSaaS data

Asset Types Fetched

  • Devices, Users, Aggregated Security Findings, Groups, SaaS Applications, Domains & URLs, Certificates, Roles

Before You Begin

Required Permissions

  • For accounts with Axonius Cyber Assets: Read access to devices
  • For accounts with Axonius SaaS Applications: The BitSight user must be an Admin. For more information, see Creating a User in BitSight.

Setting Up the Integration

Creating a User in BitSight

  1. Log into the BitSight admin panel as Administrator.

  2. Navigate to Settings > Manage Users.

  3. Create a new user:

    • If you have Axonius SaaS Applications, from Roles, select Admin.
    • Otherwise, the adapter requires the least-privileged type of user, which is the User role.

  4. Once added, you should receive an approval email from BitSight to the specified mail address.

  5. Click the attached link to set a new password of at least 32 characters.

Creating an API Token

  1. Navigate to Settings > Account.

  2. Scroll down to API Token and click Generate New Token.

  3. Copy the generated token.

  4. In Axonius, paste the copied token into the API Key field.

Connecting the Adapter in Axonius

Required Parameters

  1. BitSight Domain (default: https://api.bitsighttech.com) - The hostname or IP address of the BitSight server.

  2. API Key - An API Key associated with a user account that has the Required Permissions to fetch assets.

bitsight

Optional Parameters

  1. Company Name (leave empty to fetch data from parent company) - Specify a company name to only fetch data associated with that company.

  2. CIDR Data CSV File - Upload the .csv file with your CIDR data. This is a CSV file that allows adding data for a specific IP CIDR range. The CSV file should contain the following columns, "CIDR Block", "Country", "Attributed To", "Source", "AS Number". If an IP address is contained in the CIDR block in the CSV file, the values from the other columns in this file are applied to the device.

  3. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  4. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  5. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  6. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Use My Company Only if company name is missing (default: true) - Select whether to automatically use the name of your organization for this adapter if no name has been manually set.
  2. Fetch vulnerabilities and company's findings - Select this option to fetch vulnerabilities detected in BitSight.
  3. Fetch only findings that affects rating - Select to fetch only findings that have an impact on the letter grade.
  4. Fetch company assets - Select this option to fetch company assets.
  5. Fetch infrastructure changes - Select this option to fetch infrastructure changes.
  6. Fetch company security ratings - Select to fetch latest company security rating for each company and add it to the device.
  7. Parse Asset Name and Host Name from Domain - Select to fetch and parse devices' Asset Name and Host Name from the domain.
  8. Fetch devices from X days ago - Specify a number of last days to fetch devices from.
  9. Parse Domains as Devices - Select to fetch ULRs or Domains as Devices.
  10. Filter Assets by Importance Category - Use this setting to limit company asset fetch to specific importance levels, based on BitSight's asset classification. If you leave this field empty, all company assets will be fetched.
  11. Parse non-CVE vulnerabilities - Select to include vulnerabilities that are not identified by the CVE identifier in the fetch. When this setting is not enabled only vulnerabilities with CVE identifiers are parsed.

Related Enforcement Actions

Updated 10 days ago