Full Splunk App for Bitsight Security Ratings. Monitor and visualize security ratings, portfolio companies, alerts, findings, exposed credentials, users, and threat intelligence from the Bitsight API.
| Feature | Description |
|---|---|
| 📊 Security Ratings Monitoring | Track your organization's security rating over time |
| 🏢 Portfolio Management | Monitor third-party vendor security posture with sparklines |
| 🔔 Alert Management | Real-time notifications for security rating changes |
| 🔍 Findings Analysis | Detailed vulnerability and security finding tracking with CVSS scores |
| 🔐 Exposed Credentials | Data breach and credential exposure monitoring |
| CVE and vulnerability threat tracking | |
| 👥 User Management | Track user activity, quota usage, and access review |
| 📈 21 Risk Vectors | Complete coverage of all Bitsight risk vectors |
| Feature | Description |
|---|---|
| 📉 Ratings Trending | Company-level ratings trending over time |
| 📊 Findings Trending | WoW, MoM, QoQ, YoY findings trend analysis |
| 🔄 Comparative Trending | WoW, MoM, QoQ, YoY rating comparisons |
| 🏆 Peer Benchmarking | Industry and peer group comparisons |
| ⏱️ MTTR Executive | Mean Time to Remediate executive metrics |
| 🎯 Asset Risk Matrix | Asset importance vs severity heat mapping |
| 🌳 Ratings Tree | Company hierarchy and subsidiary ratings visualization |
| Feature | Description |
|---|---|
| 🏛️ NIST CSF Mapping | Risk vectors mapped to NIST Cybersecurity Framework |
| ⏰ SLA Tracking | Remediation SLA monitoring and breach alerts |
| 👤 User Access Review | Periodic access review and audit support |
| Feature | Description |
|---|---|
| 📊 Operational Metrics | Records processed, API calls, ingestion rates |
| 💓 Health Monitoring | Data freshness and collection status |
| ✅ Configuration Validation | Automatic setup validation on first launch |
| 🕐 Scheduled Health Checks | Daily validation and hourly API health checks |
| 📋 Log Viewer | API activity and error monitoring |
| Feature | Description |
|---|---|
| 📊 26 Pre-built Dashboards | Immediate insights out of the box |
| 🖥️ Web UI Setup | No CLI required - configure via Splunk Web |
| ☁️ Splunk Cloud Ready | AppInspect compliant for cloud deployment |
| 📧 Alert Actions | Email, Webhook, Script, and PagerDuty integrations |
- Download the
BitSight_For_Splunk_App-1.0.0.tar.gzfile - In Splunk Web, navigate to Apps → Manage Apps
- Click Install app from file
- Upload the
.tar.gzfile and click Upload - Restart Splunk when prompted
- In Splunk Web, navigate to Apps → Bitsight → Setup
- Configure the following settings:
- Bitsight API Token: Enter your API token (obtain from the Bitsight portal)
- API Base URL: Default is
https://api.bitsighttech.com - Verify SSL: Enable SSL certificate verification (recommended)
- Request Timeout: Set timeout in seconds (default: 60)
- Use Proxy: Enable if your network requires a proxy
- Proxy URL: Enter proxy URL (e.g.,
http://proxy.example.com:8080) - Proxy Username: Enter username if proxy requires authentication
- Proxy Password: Enter password if proxy requires authentication
Select which data to collect:
- Portfolio Companies
- Security Ratings
- Ratings History (Trending)
- Security Findings
- Findings Summary
- Alerts
- Exposed Credentials
- Threat Intelligence
- Users & Quota
- Portfolio Interval: How often to collect portfolio data (seconds)
- Findings Interval: How often to collect findings data (seconds)
- Alerts Interval: How often to check for new alerts (seconds)
- Historical Data: Number of days of historical data to collect
- Click Save to apply the configuration
- After saving, click Test API Connection to verify your API token
- If using a proxy, click Test Proxy Connection to verify connectivity
- The app will automatically validate your configuration on first launch
In Splunk Web, run this search to verify data is being collected:
index=security_bitsight sourcetype=bitsight:*
| stats count by sourcetype
BitSight_For_Splunk_App/
├── app.manifest # App manifest for Splunk Cloud
├── LICENSE # Apache 2.0 License
├── README.md # This file
├── default/
│ ├── app.conf # App configuration
│ ├── alert_actions.conf # Alert action definitions
│ ├── bitsight.conf # Default settings
│ ├── indexes.conf # Index definitions
│ ├── inputs.conf # Input definitions
│ ├── macros.conf # Search macros
│ ├── props.conf # Field extraction rules
│ ├── restmap.conf # REST API configuration
│ ├── savedsearches.conf # Saved searches & alerts
│ ├── server.conf # Server configuration
│ ├── transforms.conf # Field transformations
│ ├── web.conf # Web settings
│ ├── workflow_actions.conf # Workflow actions
│ └── data/ui/
│ ├── nav/default.xml # Navigation menu
│ └── views/ # Dashboard XML files (26 dashboards)
│ ├── setup.xml # Setup wizard
│ ├── bitsight_overview.xml
│ ├── bitsight_search.xml
│ ├── bitsight_portfolio.xml
│ ├── bitsight_ratings.xml
│ ├── bitsight_ratings_tree.xml
│ ├── bitsight_ratings_trending.xml
│ ├── bitsight_trending.xml
│ ├── bitsight_benchmarking.xml
│ ├── bitsight_findings.xml
│ ├── bitsight_findings_detailed.xml
│ ├── bitsight_findings_trending.xml
│ ├── bitsight_remediation.xml
│ ├── bitsight_mttr_executive.xml
│ ├── bitsight_asset_risk_matrix.xml
│ ├── bitsight_nist_csf.xml
│ ├── bitsight_threats.xml
│ ├── bitsight_exposed_credentials.xml
│ ├── bitsight_users.xml
│ ├── bitsight_users_access_review.xml
│ ├── bitsight_alerts.xml
│ ├── bitsight_health.xml
│ ├── bitsight_health_check.xml
│ ├── bitsight_operations.xml
│ ├── bitsight_logs.xml
│ ├── bitsight_reports.xml
│ └── bitsight_help.xml
├── bin/
│ ├── bitsight_input.py # Modular input script
│ ├── bitsight_setup_handler.py # Setup REST handler
│ ├── bitsight_validation.py # Configuration validation
│ ├── bitsight_email_alert.py # Email alert action
│ ├── bitsight_webhook_alert.py # Webhook alert action
│ ├── bitsight_script_alert.py # Script alert action
│ └── bitsight_pagerduty_alert.py # PagerDuty alert action
├── lookups/
│ ├── bitsight_rating_categories.csv
│ ├── bitsight_risk_vectors.csv
│ └── bitsight_severity_levels.csv
├── local/
│ └── inputs.conf.example # Example configuration
├── metadata/
│ ├── default.meta # Default permissions
│ └── local.meta # Local permissions
├── README/
│ ├── bitsight.conf.spec # Config specification
│ └── alert_actions.conf.spec # Alert actions spec
└── static/
├── appIcon.png # App icon (36x36)
├── appIcon_2x.png # Retina app icon (72x72)
├── appIconAlt.png # Alternative icon (36x36)
└── appIconAlt_2x.png # Retina alt icon (72x72)
| Dashboard | Description |
|---|---|
| Overview | Executive summary with KPIs, rating trends, and alerts |
| Search | Company search and lookup |
| Portfolio | Third-party vendor portfolio management with sparklines |
| Ratings Tree | Company hierarchy and subsidiary ratings |
| Benchmarking | Peer and industry benchmarking comparisons |
| Ratings | Detailed security rating analysis with risk vectors |
| Ratings Trending | Company ratings trending over time |
| Trending | WoW, MoM, QoQ, YoY comparative trending analysis |
| Findings | Security findings summary by severity and risk vector |
| Findings Detailed | Detailed findings with CVSS scores, assets, remediation |
| Findings Trending | Findings WoW, MoM, QoQ, YoY trending analysis |
| Remediation | Remediation tracking and SLA monitoring |
| MTTR Executive | Mean Time to Remediate executive dashboard |
| Asset Risk Matrix | Asset importance vs severity risk matrix |
| NIST CSF | NIST Cybersecurity Framework compliance mapping |
| Threats | CVE and threat intelligence dashboard |
| Exposed Credentials | Data breach and credential exposure tracking |
| Users | User management, activity, and quota tracking |
| Users Access Review | User access review and audit dashboard |
| Alerts | Alert management and tracking |
| Health | Data health and ingestion monitoring |
| Health Check | Configuration validation and scheduled health checks |
| Operations | Records processed and ingestion metrics |
| Logs | Log viewer and API activity monitoring |
| Reports | Board-ready report generation |
| Help | Executive help and glossary |
- botnet_infections, spam_propagation, malware_servers, unsolicited_comm, potentially_exploited
- spf, dkim, ssl_certificates, ssl_configurations, open_ports, web_appsec
- patching_cadence, insecure_systems, server_software, desktop_software
- mobile_software, dnssec, mobile_application_security, application_security, dmarc
- file_sharing
| Sourcetype | Description |
|---|---|
bitsight:portfolio |
Portfolio company data |
bitsight:current_ratings |
Current security ratings |
bitsight:ratings_history |
Historical ratings for trending |
bitsight:findings |
Security findings |
bitsight:findings_summary |
Findings summary statistics |
bitsight:alerts |
Alert notifications |
bitsight:threats |
Threat intelligence |
bitsight:exposed_credentials |
Exposed credentials |
bitsight:users |
User accounts |
bitsight:user_quota |
User quota information |
bitsight:user_company_views |
User activity |
- Splunk Enterprise 8.0+ or Splunk Cloud
- Python 3.x (included with Splunk)
- Bitsight API Token (obtain from Bitsight portal)
This app is designed to pass Splunk AppInspect validation:
- ✅ Proper directory structure
- ✅ app.manifest for Splunk Cloud
- ✅ No hardcoded credentials in default/
- ✅ All inputs disabled by default
- ✅ Proper metadata permissions
- ✅ Apache 2.0 License included
- ✅ README documentation
- ✅ Setup validation script
- Navigate to Apps → Bitsight → Setup and verify your API token
- Click Test API Connection to validate connectivity
- Check that at least one data input is enabled
- In Splunk Web, search
index=_internal source=*bitsight*for errors
- Verify your API token has the correct permissions in the Bitsight portal
- Check Bitsight API rate limits
- Ensure network connectivity to
api.bitsighttech.com - If using a proxy, verify proxy settings and test connection
- Navigate to Apps → Bitsight → Setup
- Verify proxy URL format includes protocol (http:// or https://)
- Click Test Proxy Connection to validate
- Check proxy authentication credentials if required
The app automatically validates configuration on first launch. To re-run validation:
- Navigate to Apps → Bitsight → Setup
- Make any change and click Save
- Check the validation results in the app logs
- Bitsight API Documentation: https://help.bitsighttech.com/hc/en-us/articles/231872628-API-Documentation-Overview
- Splunk Documentation: https://docs.splunk.com
Apache License 2.0