Full Splunk App for Bitsight Security Ratings. Monitor and visualize security ratings, portfolio companies, alerts, findings, exposed credentials, users, and threat intelligence from the Bitsight API.
This tool is not an official BitSight product.
Use of this software is not covered by any license, warranty, or support agreement you may have with BitSight. All functionality is implemented independently using publicly available Bitsight API Documentation: https://help.bitsighttech.com/hc/en-us/articles/231872628-API-Documentation-Overview
| Feature | Description |
|---|---|
| π Security Ratings Monitoring | Track your organization's security rating over time |
| π’ Portfolio Management | Monitor third-party vendor security posture with sparklines |
| π Alert Management | Real-time notifications for security rating changes |
| π Findings Analysis | Detailed vulnerability and security finding tracking with CVSS scores |
| π Exposed Credentials | Data breach and credential exposure monitoring |
| CVE and vulnerability threat tracking | |
| π₯ User Management | Track user activity, quota usage, and access review |
| π 21 Risk Vectors | Complete coverage of all Bitsight risk vectors |
| Feature | Description |
|---|---|
| π Ratings Trending | Company-level ratings trending over time |
| π Findings Trending | WoW, MoM, QoQ, YoY findings trend analysis |
| π Comparative Trending | WoW, MoM, QoQ, YoY rating comparisons |
| π Peer Benchmarking | Industry and peer group comparisons |
| β±οΈ MTTR Executive | Mean Time to Remediate executive metrics |
| π― Asset Risk Matrix | Asset importance vs severity heat mapping |
| π³ Ratings Tree | Company hierarchy and subsidiary ratings visualization |
| Feature | Description |
|---|---|
| ποΈ NIST CSF Mapping | Risk vectors mapped to NIST Cybersecurity Framework |
| β° SLA Tracking | Remediation SLA monitoring and breach alerts |
| π€ User Access Review | Periodic access review and audit support |
| Feature | Description |
|---|---|
| π Operational Metrics | Records processed, API calls, ingestion rates |
| π Health Monitoring | Data freshness and collection status |
| β Configuration Validation | Automatic setup validation on first launch |
| π Scheduled Health Checks | Daily validation and hourly API health checks |
| π Log Viewer | API activity and error monitoring |
| Feature | Description |
|---|---|
| π 26 Pre-built Dashboards | Immediate insights out of the box |
| π₯οΈ Web UI Setup | No CLI required - configure via Splunk Web |
| βοΈ Splunk Cloud Ready | AppInspect compliant for cloud deployment |
| π§ Alert Actions | Email, Webhook, Script, and PagerDuty integrations |
- Download the
BitSight_For_Splunk_App-1.0.0.tar.gzfile - In Splunk Web, navigate to Apps β Manage Apps
- Click Install app from file
- Upload the
.tar.gzfile and click Upload - Restart Splunk when prompted
- In Splunk Web, navigate to Apps β Bitsight β Setup
- Configure the following settings:
- Bitsight API Token: Enter your API token (obtain from the Bitsight portal)
- API Base URL: Default is
https://api.bitsighttech.com - Verify SSL: Enable SSL certificate verification (recommended)
- Request Timeout: Set timeout in seconds (default: 60)
- Use Proxy: Enable if your network requires a proxy
- Proxy URL: Enter proxy URL (e.g.,
http://proxy.example.com:8080) - Proxy Username: Enter username if proxy requires authentication
- Proxy Password: Enter password if proxy requires authentication
Select which data to collect:
- Portfolio Companies
- Security Ratings
- Ratings History (Trending)
- Security Findings
- Findings Summary
- Alerts
- Exposed Credentials
- Threat Intelligence
- Users & Quota
- Portfolio Interval: How often to collect portfolio data (seconds)
- Findings Interval: How often to collect findings data (seconds)
- Alerts Interval: How often to check for new alerts (seconds)
- Historical Data: Number of days of historical data to collect
- Click Save to apply the configuration
- After saving, click Test API Connection to verify your API token
- If using a proxy, click Test Proxy Connection to verify connectivity
- The app will automatically validate your configuration on first launch
In Splunk Web, run this search to verify data is being collected:
index=security_bitsight sourcetype=bitsight:*
| stats count by sourcetype
BitSight_For_Splunk_App/
βββ app.manifest # App manifest for Splunk Cloud
βββ LICENSE # Apache 2.0 License
βββ README.md # This file
βββ default/
β βββ app.conf # App configuration
β βββ alert_actions.conf # Alert action definitions
β βββ bitsight.conf # Default settings
β βββ indexes.conf # Index definitions
β βββ inputs.conf # Input definitions
β βββ macros.conf # Search macros
β βββ props.conf # Field extraction rules
β βββ restmap.conf # REST API configuration
β βββ savedsearches.conf # Saved searches & alerts
β βββ server.conf # Server configuration
β βββ transforms.conf # Field transformations
β βββ web.conf # Web settings
β βββ workflow_actions.conf # Workflow actions
β βββ data/ui/
β βββ nav/default.xml # Navigation menu
β βββ views/ # Dashboard XML files (26 dashboards)
β βββ setup.xml # Setup wizard
β βββ bitsight_overview.xml
β βββ bitsight_search.xml
β βββ bitsight_portfolio.xml
β βββ bitsight_ratings.xml
β βββ bitsight_ratings_tree.xml
β βββ bitsight_ratings_trending.xml
β βββ bitsight_trending.xml
β βββ bitsight_benchmarking.xml
β βββ bitsight_findings.xml
β βββ bitsight_findings_detailed.xml
β βββ bitsight_findings_trending.xml
β βββ bitsight_remediation.xml
β βββ bitsight_mttr_executive.xml
β βββ bitsight_asset_risk_matrix.xml
β βββ bitsight_nist_csf.xml
β βββ bitsight_threats.xml
β βββ bitsight_exposed_credentials.xml
β βββ bitsight_users.xml
β βββ bitsight_users_access_review.xml
β βββ bitsight_alerts.xml
β βββ bitsight_health.xml
β βββ bitsight_health_check.xml
β βββ bitsight_operations.xml
β βββ bitsight_logs.xml
β βββ bitsight_reports.xml
β βββ bitsight_help.xml
βββ bin/
β βββ bitsight_input.py # Modular input script
β βββ bitsight_setup_handler.py # Setup REST handler
β βββ bitsight_validation.py # Configuration validation
β βββ bitsight_email_alert.py # Email alert action
β βββ bitsight_webhook_alert.py # Webhook alert action
β βββ bitsight_script_alert.py # Script alert action
β βββ bitsight_pagerduty_alert.py # PagerDuty alert action
βββ lookups/
β βββ bitsight_rating_categories.csv
β βββ bitsight_risk_vectors.csv
β βββ bitsight_severity_levels.csv
βββ local/
β βββ inputs.conf.example # Example configuration
βββ metadata/
β βββ default.meta # Default permissions
β βββ local.meta # Local permissions
βββ README/
β βββ bitsight.conf.spec # Config specification
β βββ alert_actions.conf.spec # Alert actions spec
βββ static/
βββ appIcon.png # App icon (36x36)
βββ appIcon_2x.png # Retina app icon (72x72)
βββ appIconAlt.png # Alternative icon (36x36)
βββ appIconAlt_2x.png # Retina alt icon (72x72)
| Dashboard | Description |
|---|---|
| Overview | Executive summary with KPIs, rating trends, and alerts |
| Search | Company search and lookup |
| Portfolio | Third-party vendor portfolio management with sparklines |
| Ratings Tree | Company hierarchy and subsidiary ratings |
| Benchmarking | Peer and industry benchmarking comparisons |
| Ratings | Detailed security rating analysis with risk vectors |
| Ratings Trending | Company ratings trending over time |
| Trending | WoW, MoM, QoQ, YoY comparative trending analysis |
| Findings | Security findings summary by severity and risk vector |
| Findings Detailed | Detailed findings with CVSS scores, assets, remediation |
| Findings Trending | Findings WoW, MoM, QoQ, YoY trending analysis |
| Remediation | Remediation tracking and SLA monitoring |
| MTTR Executive | Mean Time to Remediate executive dashboard |
| Asset Risk Matrix | Asset importance vs severity risk matrix |
| NIST CSF | NIST Cybersecurity Framework compliance mapping |
| Threats | CVE and threat intelligence dashboard |
| Exposed Credentials | Data breach and credential exposure tracking |
| Users | User management, activity, and quota tracking |
| Users Access Review | User access review and audit dashboard |
| Alerts | Alert management and tracking |
| Health | Data health and ingestion monitoring |
| Health Check | Configuration validation and scheduled health checks |
| Operations | Records processed and ingestion metrics |
| Logs | Log viewer and API activity monitoring |
| Reports | Board-ready report generation |
| Help | Executive help and glossary |
- botnet_infections, spam_propagation, malware_servers, unsolicited_comm, potentially_exploited
- spf, dkim, ssl_certificates, ssl_configurations, open_ports, web_appsec
- patching_cadence, insecure_systems, server_software, desktop_software
- mobile_software, dnssec, mobile_application_security, application_security, dmarc
- file_sharing
| Sourcetype | Description |
|---|---|
bitsight:portfolio |
Portfolio company data |
bitsight:current_ratings |
Current security ratings |
bitsight:ratings_history |
Historical ratings for trending |
bitsight:findings |
Security findings |
bitsight:findings_summary |
Findings summary statistics |
bitsight:alerts |
Alert notifications |
bitsight:threats |
Threat intelligence |
bitsight:exposed_credentials |
Exposed credentials |
bitsight:users |
User accounts |
bitsight:user_quota |
User quota information |
bitsight:user_company_views |
User activity |
- Splunk Enterprise 8.0+ or Splunk Cloud
- Python 3.x (included with Splunk)
- Bitsight API Token (obtain from Bitsight portal)
This app is designed to pass Splunk AppInspect validation:
- β Proper directory structure
- β app.manifest for Splunk Cloud
- β No hardcoded credentials in default/
- β All inputs disabled by default
- β Proper metadata permissions
- β Apache 2.0 License included
- β README documentation
- β Setup validation script
- Navigate to Apps β Bitsight β Setup and verify your API token
- Click Test API Connection to validate connectivity
- Check that at least one data input is enabled
- In Splunk Web, search
index=_internal source=*bitsight*for errors
- Verify your API token has the correct permissions in the Bitsight portal
- Check Bitsight API rate limits
- Ensure network connectivity to
api.bitsighttech.com - If using a proxy, verify proxy settings and test connection
- Navigate to Apps β Bitsight β Setup
- Verify proxy URL format includes protocol (http:// or https://)
- Click Test Proxy Connection to validate
- Check proxy authentication credentials if required
The app automatically validates configuration on first launch. To re-run validation:
- Navigate to Apps β Bitsight β Setup
- Make any change and click Save
- Check the validation results in the app logs
- Bitsight API Documentation: https://help.bitsighttech.com/hc/en-us/articles/231872628-API-Documentation-Overview
- Splunk Documentation: https://docs.splunk.com
Apache License 2.0
#Copyright (c) 2025 Mark Teicher
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.