Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

GET: TLS/SSL Configurations Finding Details

Avatar
Ingrid
Follow
Publication Date – April 18, 2023

⇤ Findings

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=ssl_configurations

Get TLS/SSL Configurations finding details.

Parameters

For details specific to TLS/SSL Configurations, use the ?risk_vector=ssl_configurations parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=ssl_configurations -u api_token:

Example Response

{
  "links":{
    "next":"https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?limit=100&offset=100&risk_vector=ssl_configurations",
    "previous":null
  },
  "count":1533,
  "results":[
    {
      "temporary_id":"A1Aa11AAaaaa11111a1a11aa11a1aaa1a111aaa111",
      "affects_rating":true,
      "assets":[
        {
          "asset":"22.2.222.222",
          "identifier":null,
          "category":"low",
          "importance":0.0,
          "is_ip":true
        }
      ],
      "details":{
        "cvss":{
          "base":[ ]
        },
        "check_pass":"",
        "diligence_annotations":{
          "message":"Allows insecure protocol: TLSv1.0, Allows insecure protocol: TLSv1.1",
          "certchain":[
            […]
            {
              "dnsName":[
                "example.com"
              ],
              "endDate":"2038-01-15 12:00:00",
              "issuerName":"C=US,O=CertIssuer Inc,OU=www.certissuer.com,CN=CertIssuer Global Root G2",
              "keyAlgorithm":"RSA",
              "keyLength":2048,
              "serialNumber":"1231231231231231231231231231231231234",
              "signatureAlgorithm":"SHA256WITHRSA",
              "startDate":"2013-08-01 12:00:00",
              "subjectName":"C=US,O=CertIssuer Inc,OU=www.certissuer.com,CN=CertIssuer Global Root G2"
            }
          ]
        },
        "final_location":"https://11.2.333.444/",
        "geo_ip_location":"A1",
        "country":"Demo Country 1",
        "grade":"BAD",
        "observed_ips":[
          "11.2.333.444:443"
        ],
        "remediations":[
          […]
          {
            "message":"Allows insecure protocol: TLSv1.1",
            "help_text":"TLS version 1.1 has been deprecated.",
            "remediation_tip":"Update your company’s server-configurations to disable this protocol. Refer to the <a href=\"https://weakdh.org/sysadmin.html\" rel=\"noopener\" target=\"_blank\">Guide to Deploying Diffie-Hellman for TLS</a> for explicit instructions."
          }
        ],
        "sample_timestamp":"2023-04-05T12:52:46Z",
        "vulnerabilities":[ ],
        "dest_port":443,
        "rollup_end_date":"2023-04-05",
        "rollup_start_date":"2022-12-27",
        "searchable_details":"Allows insecure protocol: TLSv1.0, Allows insecure protocol: TLSv1.1,1111111111111111111111111111111111111111111111,22222222222222222222222222222222222222,3333333333333333333333333333333333333,C=US,O=Example Corporation,CN=Example TLS Issuing CA 02,C=US,O=CertIssuer Inc,OU=www.certissuer.com,CN=CertIssuer Global Root G2,C=US,O=CertIssuer Inc,OU=www.certissuer.com,CN=CertIssuer Global Root G2"
      },
      "evidence_key":"11.2.333.444:443",
      "first_seen":"2022-12-27",
      "last_seen":"2023-04-05",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"ssl_configurations",
      "risk_vector_label":"SSL Configurations",
      "rolledup_observation_id":"B-B2bb2BBB222Bbbbbbb2b==",
      "severity":10.0,
      "severity_category":"severe",
      "tags":[
        "Guest WiFi",
      ],
      "remediation_history":{
        "last_requested_refresh_date":null,
        "last_refresh_status_date":null,
        "last_refresh_status_label":null,
        "last_refresh_reason_code":null
      },
      "asset_overrides":[ ],
      "duration":null,
      "comments":null,
      "remaining_decay":59,
      "remediated":null
    }
  ]
}

Response Attributes

Field Description 
links
Object		 Navigation for multiple pages of results. See pagination.
  
next
String		 The URL for navigating to the next page of results. 
previous
String		 The URL for navigating to the previous page of results. 
count
Integer		 The number of findings. 
results
Array		 Finding objects.
  Object A finding.
  
temporary_id
String		 A temporary identifier for this finding. 
affects_rating
Boolean		 true = This finding has an impact on the risk vector letter grade. 
assets
Array		 Assets relating to this finding.
  Object An asset (IP address or domain). 
asset
String		 The asset associated with this finding. 
identifier
Null		 For internal Bitsight use. 
category
String		 The Bitsight-calculated asset importance. 
importance
Decimal		 Reiterates the category field. See asset importance. 
is_ip
Boolean		 true = This asset is an IP address. 
details
Object		 Finding details.
  
cvss
Object		 If the finding has an associated vulnerability, the CVSS score is listed below.
  
base
Array		 CVSS scores of vulnerabilities associated with this finding. 
check_pass
String		 For internal Bitsight use. 
diligence_annotations
Object		 Diligence finding details.
  
message
String		 The display name of this finding. 
certchain
Array		 Certificate chain details.
  Object A certificate in the chain.
  
dnsName
Array		 Domains within this chain. 
endDate
String [YYYY-MM-DD HH:MM:SS]		 The date when this certificate expires. 
issuerName
String		 The distinguished name of the certificate issuer, made up of attribute assertion values. 
keyAlgorithm
String		 The algorithm used to encrypt and decrypt messages. 
keyLength
Integer		 The bit strength of this key. See the recommended TLS/SSL key length. 
serialNumber
Integer		 The serial number of this certificate. 
signatureAlgorithm
String		 The signing algorithm used in this certificate. 
startDate
String [YYYY-MM-DD HH:MM:SS]		 The date when this certificate started. 
subjectName
String		 The distinguished name of the owner of the certificate, made up of attribute assertion values. 
final_location
String		 The URL. 
geo_ip_location
String		 A 2-letter ISO country code indicating the finding’s country of origin. 
country
String		 The finding’s country of origin. 
grade
String		 The finding grade. 
observed_ips
Array		 Observed IP addresses. 
remediations
Array		 Information about the finding and instructions to remediate it.
  Object A finding.
  
message
String		 The display name of this finding. 
help_text
String		 Details of this finding. 
remediation_tip
String		 The recommended remediation instructions. 
sample_timestamp
String [YYYY-MM-DDTHH:MM:SSZ]		 The date and time when this finding was observed. 
vulnerabilities
Array		 This is not applicable to TLS/SSL Configuration findings. 
dest_port
Integer		 The destination port number. 
rollup_end_date
String [YYYY-MM-DD]		 The date when this finding was last observed. 
rollup_start_date
String [YYYY-MM-DD]		 The date when this finding was first observed. 
searchable_details
String		 Certificate details. 
evidence_key
String		 The asset attributed to the finding. 
first_seen
String [YYYY-MM-DD]		 The date when this observation was first seen. 
last_seen
String [YYYY-MM-DD]		 The date when this observation was last seen. 
related_findings
Array		 Related findings and their details. 
risk_category
String		 The risk category of this finding. 
risk_vector
String		 The slug name of this risk vector. 
risk_vector_label
String		 The display name of this risk vector. 
rolledup_observation_id
String		 The observation’s identifier. 
severity
Decimal		 The finding severity, which is the measured risk that this finding introduces. 
severity_category
String		 The finding severity slug name. 
tags
Array		 Infrastructure tags that identify this asset. 
remediation_history
Object		 The finding’s remediation and refresh history.
  
last_requested_refresh_date
String [YYYY-MM-DD]		 The date when a finding refresh that included this finding was last requested. 
last_refresh_status_date
String [YYYY-MM-DD]		 The date when this finding’s remediation status was last refreshed. 
last_refresh_status_label
String [YYYY-MM-DD]		 The current refresh status of this finding. 
last_refresh_reason_code
String [YYYY-MM-DD]		 The current remediation status of this finding. 
asset_overrides
Array		 User-assigned asset importance details. 
duration
Integer		 Not applicable to TLS/SSL Configuration findings. 
comments
String		 Finding comments. 
remaining_decay
Integer		 The remaining finding lifetime. 
remediated
Boolean		  

Related articles