BitSight
BitSight is a tool for security rating services. You can bring asset, company, and security data from BitSight into Brinqa to gain insights into your cybersecurity posture and manage risks more effectively.
This document details the information you must provide for the connector to authenticate with BitSight and how to obtain that information from BitSight. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select BitSight from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate BitSight with Brinqa:
-
API URL: The BitSight API URL. The default URL is
https://api.bitsighttech.com/. -
API token: The API token associated with the BitSight account, which must have permissions to log in to the API server and return data.
Generate a BitSight API token
For the BitSight connector to access the BitSight API, you must provide an API token. To generate a new API token, follow these steps:
-
Log in to your organization's BitSight portal as an administrator.
-
Navigate to Settings > Account.
-
Locate the User API Token section on the page.
-
Click Generate New Token.
-
In the Warning window, click Confirm.
Your new API token displays. Although you can return to this page to view the token, you should handle it with care by ensuring that it is stored in a secure location.
if you do not have permissions to generate a token, contact your BitSight administrator. For additional information, see BitSight documentation.
Additional settings
The BitSight connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the BitSight API before giving up and reporting a failure. The default setting is 5.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The BitSight connector can retrieve the following types of data from the BitSight API:
Table 1: Data retrieved from BitSight
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Host Site |
| Company | Yes | Company |
| Finding | Yes | Violation Violation Definition |
The BitSight connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from BitSight in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Asset
Table 2: Asset attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| APP_GRADE | Local variable |
| ASSET | name |
| ASSET_TYPE | categories, type |
| COMPANY | Local variable |
| COUNTRY | Local variable |
| COUNTRY_CODE | Local variable |
| HOSTED_BY_ID | Local variable |
| HOSTED_BY_NAME | Local variable |
| IDENTIFIER | Local variable |
| IMPORTANCE | severityScore |
| IMPORTANCE_CATEGORY | severity, severityScore, sourceSeverity |
| IP_ADDRESSES | ipAddresses, publicIpAddress, privateIpAddress |
| IS_IP | Local variable |
| LATITUDE | Local variable |
| LONGITUDE | Local variable |
| ORIGIN_SUBSIDIARY_ID | Local variable |
| ORIGIN_SUBSIDIARY_NAME | Local variable |
| SERVICES | Local variable |
| SYS_ID | uid |
| TAGS | tags |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Company
Table 3: Company attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ADDED_DATE | source created date |
| INDUSTRY | Local variable |
| LIFECYCLE | Local variable |
| NAME | name |
| NETWORK_SIZE | Local variable |
| PRIMARY_DOMAIN | Local variable |
| RATING | Local variable |
| RATING_DATE | last assessed |
| RELATIONSHIP | Local variable |
| SHORT_NAME | Local variable |
| SUB_INDUSTRY | Local variable |
| SYS_ID | uid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Finding
Table 4: Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| AFFECTS_RATING | Local variable |
| ASSETS | targets |
| ATTRIBUTED_COMPANIES_ID | Local variable |
| ATTRIBUTED_COMPANIES_NAME | Local variable |
| CHECK_PASS | Local variable |
| COMPANY | Local variable |
| COUNTRY | Local variable |
| CVSS_BASE_SCORE | Local variable |
| DEST_PORT | port |
| DILIGENCE_ANNOTATIONS | Local variable |
| EVIDENCE_KEY | Local variable |
| FINAL_LOCATION | Local variable |
| FIRST_SEEN | firstSeen |
| GEO_IP_LOCATION | Local variable |
| GRADE | Local variable |
| LAST_SEEN | lastSeen |
| OBSERVED_IPS | ipAddresses, publicIpAddresses, privateIpAddresses |
| RESULTS | results |
| RISK_CATEGORY | Categories, |
| RISK_VECTOR | type, uid |
| RISK_VECTOR_LABEL | name |
| ROLLUP_END_DATE | Local variable |
| ROLLUP_START_DATE | Local variable |
| SAMPLE_TIMESTAMP | Local variable |
| SEARCHABLE_DETAILS | Local variable |
| SEVERITY | severity, sourceSeverity, severity score |
| SEVERITY_CATEGORY | Local variable |
| STATUS | status, statusCategory |
| SYS_ID | uid |
| TAGS | tags |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The BitSight connector uses the BitSight API. Specifically, it uses the following endpoints:
Table 5: BitSight API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Asset | GET /ratings/v2/portfolio GET /ratings/v1/companies/{portfolio}/assets |
| Company | GET /ratings/v2/portfolio |
| Finding | GET /ratings/v2/portfolio GET /ratings/v1/companies/{portfolioId}/findings |
Changelog
The BitSight connector has undergone the following changes:
3.0.1
-
Fixed the following data mismatches:
-
Changed the RISK_CATEGORY attribute type on the Finding object from string to integer.
-
Changed the SEVERITY_SCORE attribute type on the Asset object from string to integer.
-
Changed the SEVERITY_SCORE attribute type on the Finding object from string to integer.
-
v3.0.0
- Initial Integration+ release.