Bitsight

The BitSight integration provides visibility into BitSight findings, enabling remediation within your security program

Overview

Bitsight for Security Performance Management (SPM) enables CISOs to use an external view of security performance to measure, monitor, manage, and report on their cybersecurity program performance over time, and to facilitate a universal understanding of cyber risk across their organization. This improved understanding enables security leaders to make more informed decisions about their cybersecurity programs, including where to focus limited resources to achieve the greatest impact, where to spend money, and how to manage cyber risk more effectively.

The data-driven metrics within Bitsight indicate if the cybersecurity program is performing up to the expectations set by internal goals and objectives, industry best practices, regulators, customers, and other internal or external stakeholders. The Bitsight Security Rating, the industry’s original cybersecurity rating score, provides a trusted metric that reflects the organization’s cybersecurity program performance over time. By combining the insights gained from Bitsight SPM with the Bitsight Security Rating, security leaders provide a more complete view of their cybersecurity program performance over time and help to bring about a universal understanding of cyber risk to the Board of Directors and other stakeholders.

Take action on Bitsight findings information in your security program and leverage Cortex XSOAR's incident management workflows for automation of managing security incidents. Bitsight’s visibility enables you to pinpoint and control the sources of infections in your company infrastructure, seamlessly going from awareness to rapid remediation. The findings information reveals associated IP addresses, destination ports, and more, to assist your company in connecting the security and IT teams to respond faster and more effectively to threats.

Access to and use of the Bitsight for Palo Alto Connector is subject to the Bitsight for Palo Alto Connector Terms of Service and BitSight's Privacy Policy (collectively, the "Bitsight Terms") as well as and any other terms of service or use noted herein.

Overview

Take action on Bitsight findings information in your security program and leverage Cortex's incident management workflows for automation of managing security incidents. Bitsight’s visibility enables you to pinpoint and control the sources of infections in your company infrastructure, seamlessly going from awareness to rapid remediation. The findings information reveals associated IP addresses, destination ports, and more, to assist your company in connecting the security and IT teams to respond faster and more effectively to threats.

This pack includes

Data normalization capabilities:

Modeling rules normalize logs ingested via the Cortex XSIAM event collector.
The bitsight_bitsight_raw dataset enables querying of ingested Bitsight logs in XQL Search.

Data Collection

BitSight side

Login to BitSight SPM.
Click the the gear icon in the top-right corner.
In the dropdown menu, click on Account.
In the User Preferences tab, locate the API Token section to generate a new Token.
Click Generate New Token and use the generated token to authenticate the Bitsight integration in Cortex.

For more information, see here.

Cortex XSIAM side - Event Collector

To access BitSight on your Cortex XSIAM tenant:

Navigate to Settings > Configuration > Data Collection > Automation & Feed Integrations.
Search for "BitSight Event Collector" and click Add Instance
When configuring the API Integration, set the following values:

Parameter	Description	Required
Name		True
Server URL		True
API Key	The API Key used to programmatically integrate	True
Fetch events		True
Max events per fetch		False
Events Fetch Interval		False

####

Classifiers

Name	Description
BitSight - Classifier
BitSight - Incoming Mapper	Maps incoming BitSight Alert field

Incident Fields

Name	Description
BitSight Risk Vector	BitSight Risk Vector
BitSight Severity Category	BitSight Severity Category
BitSight Risk Category	BitSight Risk Category
BitSight Remaining Decay	BitSight Remaining Decay
BitSight Tags	BitSight Tags
BitSight Related Findings	BitSight Related Findings
BitSight Evidence Key	BitSight Evidence Key
BitSight Comments	BitSight Comments
BitSight Affects Rating	BitSight Affects Rating
BitSight Rolledup Observation Id	BitSight Rolledup Observation Id
BitSight Temporary Id	Temporary Id of BitSight findings
Bitsight Remediation Status
BitSight Risk Vector Label	BitSight Risk Vector Label
BitSight Assets	Assets information of Bitsight
Bitsight Affects Rating Reason

Incident Types

Name	Description
BitSight Findings

Integrations

Name	Description
Bitsight for Security Performance Management (Partner Contribution)	Use the "Bitsight for Security Performance Management" Integration to get company guid, details, and findings. This integration also allows to fetch the findings by using the fetch incidents capability.

Layouts

Name	Description
BitSight Findings

Classifiers

Name	Description
BitSight - Classifier
BitSight - Incoming Mapper	Maps incoming BitSight Alert field

Incident Fields

Name	Description
BitSight Evidence Key	BitSight Evidence Key
BitSight Comments	BitSight Comments
BitSight Rolledup Observation Id	BitSight Rolledup Observation Id
BitSight Risk Vector	BitSight Risk Vector
BitSight Severity Category	BitSight Severity Category
Bitsight Remediation Status
Bitsight Affects Rating Reason
BitSight Remaining Decay	BitSight Remaining Decay
BitSight Temporary Id	Temporary Id of BitSight findings
BitSight Related Findings	BitSight Related Findings
BitSight Risk Vector Label	BitSight Risk Vector Label
BitSight Tags	BitSight Tags
BitSight Affects Rating	BitSight Affects Rating

Incident Types

Name	Description
BitSight Findings

Integrations

Name	Description
BitSight Event Collector	Use this integration to fetch BitSight findings as events in XSIAM.
Bitsight for Security Performance Management (Partner Contribution)	Use the "Bitsight for Security Performance Management" Integration to get company guid, details, and findings. This integration also allows to fetch the findings by using the fetch incidents capability.

Modeling Rules

Name	Description
BitSight BitSight Modeling Rule

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (3)

Pack Name	Pack By
Filters And Transformers	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

1.3.0 - 6276630 (December 14, 2025)

Incident Fields

New: Bitsight Affects Rating Reason
New: Added a new incident field - Bitsight Affects Rating Reason.
New: Bitsight Remediation Status
New: Added a new incident field - Bitsight Remediation Status.

Integrations

Bitsight for Security Performance Management

Updated the fetch-incidents to prevent duplication by ingesting findings grouped by rolled-up observation ID and first seen date.
Added support for Mirroring Direction parameter, which determines the mirroring direction in which to mirror the findings. You can mirror "Incoming" (from Bitsight to XSOAR), "Outgoing" (from XSOAR to Bitsight), or in both directions.
Added support for Mirror Tag for Notes parameter, which determines the tag value to be used to mirror XSOAR incident notes to Bitsight finding comments by adding the same tag in the notes. Note: This parameter is required when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Bitsight User Email Address parameter to provide the Bitsight user email address to be used for sending XSOAR incident notes as Bitsight finding comments. Note: This parameter is required when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Bitsight Remediation Status for Incident Opening parameter, which determines the remediation status to set in Bitsight when opening incidents in XSOAR. Default value is 'Open'. Note: This parameter is only used when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Reopen incident based on Bitsight Remediation Status parameter. If selected, closed incidents will be reopened in XSOAR when finding remediation status on Bitsight platform matches the configured 'Remediation Status for Incident Opening'. Note: This parameter is only used when the mirroring direction is set to 'Incoming' or 'Incoming And Outgoing'.
Added support for Bitsight Remediation Status for Incident Closure parameter, which determines the remediation status in Bitsight when closing incidents in XSOAR. Default value is 'Resolved'. This parameter is only used when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Close incident based on Bitsight Remediation Status parameter. If selected, active incidents will be closed in XSOAR when finding remediation status on Bitsight platform matches the configured 'Remediation Status for Incident Closure'. Note: This parameter is only used when the mirroring direction is set to 'Incoming' or 'Incoming And Outgoing'.
Added support for Findings Affects Rating Reason parameter, which filters the findings based on the affect rating reason.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Layouts

BitSight Findings
Updated the BitSight Findings layout for the added "Bitsight Remediation Status" and "Bitsight Affects Rating Reason" incident fields.

Mappers

BitSight - Incoming Mapper

Updated the BitSight - Incoming Mapper mapper for the added "Bitsight Remediation Status" and "Bitsight Affects Rating Reason" incident fields.

Related pull requests:
- 41905
- 42271

Download

1.2.2 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.2.1 - 5499225 (October 21, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41523

Download

1.2.0 - R5469292 (October 20, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41052

Download

1.1.25 - 4148802 (July 13, 2025)

Integrations

Bitsight for Security Performance Management

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 38886

Download

1.1.24 - R3481649 (May 21, 2025)

Integrations

Bitsight for Security Performance Management

Metadata and documentation improvements.

Related pull requests:
- 39226

Download

1.1.23 - R2988287 (March 26, 2025)

Integrations

Bitsight for Security Performance Management

Fixed an issue with the "Findings Grade" filter for fetch incidents.
Added support for 'Web Application Security' and 'DMARC' options for fetch incidents and the "bitsight-company-findings-get" command.

Related pull requests:
- 37824
- 37128

Download

1.3.0 - 6276630 (December 14, 2025)

Incident Fields

New: Bitsight Affects Rating Reason
New: Added a new incident field - Bitsight Affects Rating Reason.
New: Bitsight Remediation Status
New: Added a new incident field - Bitsight Remediation Status.

Integrations

Bitsight for Security Performance Management

Updated the fetch-incidents to prevent duplication by ingesting findings grouped by rolled-up observation ID and first seen date.
Added support for Mirroring Direction parameter, which determines the mirroring direction in which to mirror the findings. You can mirror "Incoming" (from Bitsight to XSOAR), "Outgoing" (from XSOAR to Bitsight), or in both directions.
Added support for Mirror Tag for Notes parameter, which determines the tag value to be used to mirror XSOAR incident notes to Bitsight finding comments by adding the same tag in the notes. Note: This parameter is required when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Bitsight User Email Address parameter to provide the Bitsight user email address to be used for sending XSOAR incident notes as Bitsight finding comments. Note: This parameter is required when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Bitsight Remediation Status for Incident Opening parameter, which determines the remediation status to set in Bitsight when opening incidents in XSOAR. Default value is 'Open'. Note: This parameter is only used when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Reopen incident based on Bitsight Remediation Status parameter. If selected, closed incidents will be reopened in XSOAR when finding remediation status on Bitsight platform matches the configured 'Remediation Status for Incident Opening'. Note: This parameter is only used when the mirroring direction is set to 'Incoming' or 'Incoming And Outgoing'.
Added support for Bitsight Remediation Status for Incident Closure parameter, which determines the remediation status in Bitsight when closing incidents in XSOAR. Default value is 'Resolved'. This parameter is only used when the mirroring direction is set to 'Outgoing' or 'Incoming And Outgoing'.
Added support for Close incident based on Bitsight Remediation Status parameter. If selected, active incidents will be closed in XSOAR when finding remediation status on Bitsight platform matches the configured 'Remediation Status for Incident Closure'. Note: This parameter is only used when the mirroring direction is set to 'Incoming' or 'Incoming And Outgoing'.
Added support for Findings Affects Rating Reason parameter, which filters the findings based on the affect rating reason.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Mappers

BitSight - Incoming Mapper

Updated the BitSight - Incoming Mapper mapper for the added "Bitsight Remediation Status" and "Bitsight Affects Rating Reason" incident fields.

Related pull requests:
- 41905
- 42271

Download

1.2.2 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.2.1 - 5499225 (October 21, 2025)

Modeling Rules

New: BitSight BitSight Modeling Rule

New: Added a BitSight data modeling rule that normalizes logs ingested through the Cortex XSIAM event collector.
(Available from Cortex XSIAM 2.8).

Related pull requests:
- 41523

Download

1.2.0 - R5469292 (October 20, 2025)

Integrations

New: BitSight Event Collector

New: This is the BitSight Event Collector integration for Cortex.

Related pull requests:
- 41052

Download

1.1.25 - 4148802 (July 13, 2025)

Integrations

Bitsight for Security Performance Management

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 38886

Download

1.1.24 - R3481649 (May 21, 2025)

Integrations

Bitsight for Security Performance Management

Metadata and documentation improvements.

Related pull requests:
- 39226

Download

1.1.23 - R2988287 (March 26, 2025)

Integrations

Bitsight for Security Performance Management

Fixed an issue with the "Findings Grade" filter for fetch incidents.
Added support for 'Web Application Security' and 'DMARC' options for fetch incidents and the "bitsight-company-findings-get" command.

Related pull requests:
- 37824
- 37128

Download

Certification	Certified	Read more
Supported By	Partner
Created	March 31, 2021
Last Release	December 14, 2025

Overview

Overview

This pack includes

Data Collection

BitSight side

Cortex XSIAM side - Event Collector

Incident Fields

Integrations

Bitsight for Security Performance Management

Layouts

Mappers

BitSight - Incoming Mapper

Integrations

Bitsight for Security Performance Management

Integrations

Bitsight for Security Performance Management

Integrations

Bitsight for Security Performance Management

Incident Fields

Integrations

Bitsight for Security Performance Management

Mappers

BitSight - Incoming Mapper

Modeling Rules

New: BitSight BitSight Modeling Rule

Integrations

New: BitSight Event Collector

Integrations

Bitsight for Security Performance Management

Integrations

Bitsight for Security Performance Management

Integrations

Bitsight for Security Performance Management

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER