BitSight Connector

BitSight is a comprehensive security ratings platform that provides organizations with data-driven insights into cybersecurity performance. By continuously monitoring and analyzing vast amounts of external security data, BitSight generates objective, quantifiable ratings that help businesses evaluate their own security posture and assess third-party risk across their supply chain. This visibility enables more informed security decisions, facilitates vendor risk management, and strengthens cyber resilience through benchmarking against industry peers and competitors.

What is the BitSight API Connector?

The BitSight API Connector creates a secure bridge between your BitSight platform and Qualys ETM. The API-based connector facilitates regular data retrieval, enabling quicker, data-driven remediation. When configured, it automatically transfers asset inventory and findings of patching cadence through scheduled API calls. Qualys ETM then processes this data by:

• Deduplicating redundant entries
• Normalizing data formats
• Enriching findings with additional context
• Calculating risk scores using TruRisk

Category	Supported Asset Type	Supported Finding Type
API Connector	Host Asset	Vulnerability

Prerequisites

These are the required configurations to successfully create a BitSight connection for Qualys ETM.

User Roles and Permissions

The BitSight user authenticating themselves for the connection must have Reader permissions.

You need the following BitSight API Access information to configure the connection:

• API URL
• BitSight API Token

API URL

You require an API URL to authenticate yourself while creating the connector. Use the following default API URL - https://api.bitsighttech.com/

BitSight API Token 

You must generate a Bitsight token to authenticate yourself. To create a user token, perform the following.

1. Log in to your organization's BitSight portal as an administrator.

2. Navigate to Settings > Account > User API Token and click Generate New Token. 
   

3. Copy the generated token and securely store it for later use.

Create a New BitSight Connector

Basic Details

Data Model

Transform Maps

Profile

Scoring

Select Identification Rules

How Does a Connection Work?

The BitSight connector functions through configured profiles that determine what data gets synchronized and when.

A Connection usually involves creating a profile that defines which vulnerabilities to import based on detection data types and asset types. The connector then automatically executes according to the schedule (or on-demand), pulling vulnerability data from BitSight into Qualys ETM where it can be viewed alongside other security findings.

With the BitSight API Connector successfully configured, you are almost ready to view all the assets and findings from BitSight.

In the Connector screen, you can find your newly configured connector listed and marked in the Processed state.

Connector States

A successfully configured connector goes through 4 states.

1. Registered - The connector is successfully created and registered to fetch data from the vendor.
2. Scheduled - The connector is scheduled to execute a connection with the vendor.
3. Processing - A connection is executed and the connector is fetching the asset and findings data.
4. Processed - The connector has successfully fetched the assets, it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.

The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.

This entire process may take up to 2 hours for completion. Once, it is done. You can find the imported data in Enterprise TruRisk Management (ETM).

View Assets and Findings in ETM

Navigate to Enterprise TruRisk Management to get started with analyzing your Connector's vulnerability findings.

You can view the assets imported from the BitSight connection by navigating to Inventory tab of ETM.

Go to Assets > Host to find all of your imported assets.

Use the token, tags.name: "BitSight" to view all the imported Bitsight assets.

Here, you can learn about the criticality of your assets and their Risk Scores. Click any of the asset to find more details about them.

Next, you can navigate to the Risk Management tab to view your vulnerability findings.

Go to Findings > Vulnerability to view all the discovered vulnerabilities.

Use the token, finding.vendorProductName: `Bitsight` to view all the discovered Bitsight vulnerabilities.

To know more about how the BitSight API Connector leverages the findings, refer to the Qualys ETM Documentation.

Additional Resources

Additional Information related to BitSight Connector.

API Reference

Here are the APIs executed for the BitSight connection.

Name	Filters	Endpoint
Auth API	N/A	https://auth.app.wiz.io/oauth/token
Fetch Portfolio	Finding Type: patching cadence	https://api.bitsighttech.com/ratings/v2/portfolio/
Fetch Companies		https://api.bitsighttech.com/ratings/v1/companies/

 The BitSight connector currently only fetch the finding type patching_cadence from the BitSight platform.

Data Model Map

This section explains the attribute mappings of the values from BitSight and Qualys ETM.

Bitsight Vulnerability Transformation Map

Source Attribute Key	Target Attribute Label
assets.asset	externalAssetId (Required)
details.vulnerabilities[].name	findingName (Required)
temporary_id	externalFindingId (Required)
severity_category	findingSeverity (Required)
assets.asset	assetName (Required)
details.vulnerabilities[].cvss.base	cvss3Base
evidence_key	detectionResult
first_seen	findingFirstFoundOn
last_seen	findingLastFoundOn
risk_vector	findingType
assets.ip_addresses[]	ipAddress
details.vulnerabilities[].remediation_tip	remediationStrategy
details.vulnerabilities[].name	cveId
details.vulnerabilities[].description	findingDescription
vulnerabilityConfidence HIGH | LOW | MEDIUM	findingSubType Confirmed | Information | Potential