Overview
Bitsight for Security Performance Management (SPM) enables CISOs to use an external view of security performance to measure, monitor, manage, and report on their cybersecurity program performance over time, and to facilitate a universal understanding of cyber risk across their organization. This improved understanding enables security leaders to make more informed decisions about their cybersecurity programs, including where to focus limited resources to achieve the greatest impact, where to spend money, and how to manage cyber risk more effectively.
This pack includes
Data normalization capabilities:
- Modeling rules normalize logs ingested via the Cortex XSIAM event collector.
- The
bitsight_bitsight_rawdataset enables querying of ingested Bitsight logs in XQL Search.
Data Collection
BitSight side
- Login to BitSight SPM.
- Click the the gear icon in the top-right corner.
- In the dropdown menu, click on
Account. - In the
User Preferencestab, locate theAPI Tokensection to generate a new Token. - Click
Generate New Tokenand use the generated token to authenticate the Bitsight integration in Cortex.
For more information, see here.
Cortex XSIAM side - Event Collector
To access BitSight on your Cortex XSIAM tenant:
- Navigate to Settings > Configuration > Data Collection > Automation & Feed Integrations.
- Search for "BitSight Event Collector" and click Add Instance
- When configuring the API Integration, set the following values:
| Parameter | Description | Required |
|---|---|---|
| Name | True | |
| Server URL | True | |
| API Key | The API Key used to programmatically integrate | True |
| Fetch events | True | |
| Max events per fetch | False | |
| Events Fetch Interval | False |
####
