Skip to main content

BitSight Event Collector

This Integration is part of the Bitsight Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Use this integration to fetch BitSight security findings as events in Cortex XSIAM. This is important for organizations that wish to integrate BitSight programmatically into their security operations.

When configured as a fetching integration, it will continuously fetch new findings starting from the current day. The manual bitsight-get-events command fetches findings from the last 2 days (48 hours).

This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.

Configure BitSight Event Collector in Cortex#

ParameterDescriptionRequiredDefault Value
Server URLREST API Endpoint of BitSight server.Truehttps://api.bitsighttech.com
API KeyBitSight API token.True-
Company's GUIDOptional. If provided, findings for this company and its subsidiaries will be collected. If omitted, the collector attempts to use myCompany.guid.False-
Trust any certificate (not secure)False-
Use system proxy settingsFalse-
Max events per fetchMaximum number of findings to fetch at a time.False1000
Events Fetch IntervalInterval between fetch operations.False5

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

bitsight-get-events#


Gets findings as events from BitSight Event Collector. The command fetches findings from the last 2 days (48 hours).

Base Command#

bitsight-get-events

Input#

Argument NameDescriptionRequiredDefault Value
limitThe number of events to return.Optional5
guidOverride the Company GUID for this command only.Optional-
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. Possible values are: true, false.Requiredfalse

Context Output#

There is no context output for this command.

Notes#

API Date Format Limitation: The BitSight API returns first_seen timestamps in date-only format (YYYY-MM-DD) without hours or minutes. The integration converts these to full timestamps in the _time field for XSIAM compatibility. This means all events will show timestamps like 2025-08-30T00:00:00 (midnight UTC) regardless of when during that day the finding was actually discovered.