Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

GET: Patching Cadence Findings

Ingrid

⇤ Findings

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=patching_cadence

Get an organization’s Patching Cadence finding details.

Parameters

For details specific to Patching Cadence, use the ?risk_vector=patching_cadence parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=patching_cadence -u api_token:

Example Response

{
  "links":{
    "next":null,
    "previous":null
  },
  "count":18,
  "results":[
    […]
    {
      "temporary_id":"A9Jq47BBje3d147963774e284e3ddcc6542edbfbb0",
      "affects_rating":true,
      "assets":[
        {
          "asset":"23.4.136.143",
          "identifier":null,
          "category":"low",
          "importance":0.0,
          "is_ip":true
        }
      ],
      "details":{
        "cvss":{
          "base":[
            3.4
          ]
        },
        "check_pass":"",
        "diligence_annotations":{
          "remediation_dates":[
            {
              "first":"2019-03-06 12:59:09",
              "last":"now"
            }
          ],
          "is_remediated":false
        },
        "remediations":[
          {
            "message":"CVE-2014-3566 (POODLE)",
            "help_text":"The SSLv3 protocol, as used in OpenSSL through 1.0.1i and other products, makes it easier for Man-in-the-middle (MITM) attackers to obtain cleartext data via a padding-oracle attack (a.k.a. POODLE).",
            "remediation_tip":"Ensure all of your TLS/SSL libraries on the affected machines are up-to-date. Disable SSLv3 support on those servers, as described in <a target=\"new\" href=\"https://disablessl3.com/\">Disable SSLv3</a>."
          }
        ],
        "vulnerability_name":"cve-2014-3566",
        "vulnerabilities":[
          {
            "name":"CVE-2014-3566",
            "alias":"POODLE",
            "display_name":"POODLE",
            "description":"The SSLv3 protocol, as used in OpenSSL through 1.0.1i and other products, makes it easier for Man-in-the-middle (MITM) attackers to obtain cleartext data via a padding-oracle attack (a.k.a. POODLE).",
            "remediation_tip":"Ensure all of your TLS/SSL libraries on the affected machines are up-to-date. Disable SSLv3 support on those servers, as described in <a target=\"new\" href=\"https://disablessl3.com/\">Disable SSLv3</a>.",
            "confidence":"HIGH",
            "cvss":{
              "base":3.4
            },
            "severity":"Minor"
          }
        ],
        "rollup_end_date":"2023-08-28",
        "rollup_start_date":"2019-03-06",
        "searchable_details":"CVE-2014-3566"
      },
      "evidence_key":"23.4.136.143:443",
      "first_seen":"2019-03-06",
      "last_seen":"2023-08-28",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"patching_cadence",
      "risk_vector_label":"Patching Cadence",
      "rolledup_observation_id":"wgJohEX15wwNEfyZfyR31A==",
      "severity":4.3,
      "severity_category":"moderate",
      "tags":[
        "PrimaryDCHyd",
        "public"
      ],
      "remediation_history":{
        "last_requested_refresh_date":"2024-06-19",
          "last_refresh_status_date":"2024-06-23",
          "last_refresh_status_label":"failed",
        "last_refresh_status_reason": "asset_not_found",
          "last_refresh_reason_code":"asset unreachable",
          "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
        "result_finding_date": null
      },
      "asset_overrides":[ ],
      "duration":"1637 days",
      "comments":null,
      "remaining_decay":292,
      "remediated":false
    }
  ]
}

Response Attributes

Field Description 
links
Object 		Navigation for multiple pages of results. See pagination.
  
next
String 		The URL for navigating to the next page of results. 
previous
String 		The URL for navigating to the previous page of results. 
count
Integer 		The number of findings. 
results
Array 		Findings and their details.
  Object A finding.
  
temporary_id
String 		A temporary identifier for this finding. 
affects_rating
Boolean 		true = This finding has an impact on the risk vector letter grade. 
assets
Array 		Asset details.
  Object An asset (IP address or domain).
  
asset
String 		The asset associated with this finding. 
identifier
String 		This is not applicable to Patching Cadence findings. 
category
String 		The Bitsight-calculated asset importance. 
importance
Decimal 		For internal Bitsight use. 
is_ip
Boolean 		true = This asset is an IP address. 
details
Object 		Details of this finding.
  
cvss
Object 		If the finding has an associated vulnerability, this contains the CVSS score.
  
base
Array 		CVSS scores of vulnerabilities associated with this finding. 
check_pass
String 		For internal Bitsight use. 
diligence_annotations
Object 		Diligence finding details.
  
remediation_dates
Array 		Remediation timeline details.
  Object The remediation timeline.
  
first
String [YYYY-MM-DD HH:MM:SS]		 The date and time when the finding first appeared. 
last
String 		When the finding is remediated. 
is_remediated
Boolean 		true = The finding is remediated. 
remediations
Array 		Information about the finding and instructions to remediate it, if any.
  Object The information.
  
message
String 		Details of this finding. 
help_text
String 		An overview of this finding. 
remediation_tip
String 		The recommended remediation instructions. 
vulnerability_name
String 		The vulnerability name or CVE ID. 
vulnerabilities
Array 		Vulnerabilities affecting the finding.
  Object A vulnerability and its details.
  
name
String 		The name of the vulnerability. 
alias
String 		The vulnerability name if it’s a prominent vulnerability. 
display_name
String 		The vulnerability name if it’s a prominent vulnerability. 
description
String 		Details about the vulnerability. 
remediation_tip
String 		Remediation and mitigation instructions. 
confidence
String 		  
cvss
Object 		Contains the CVSS score.
  
base
Decimal 		CVSS scores of vulnerabilities associated with this finding. 
severity
String 		The finding severity, which is the measured risk that this finding introduces. 
rollup_end_date
String [YYYY-MM-DD]		 The date when this finding was last observed. 
rollup_start_date
String [YYYY-MM-DD]		 The date when this finding was first observed. 
searchable_details
String 		Details that can be searched in the Bitsight platform. 
evidence_key
String 		The asset attributed to the finding. 
first_seen
String [YYYY-MM-DD]		 The date when this observation was first seen. 
last_seen
String [YYYY-MM-DD]		 The date when this observation was last seen. 
related_findings
Array 		Related findings and their details. 
risk_category
String 		The risk category of this finding. 
risk_vector
String 		The slug name of this risk vector. 
risk_vector_label
String 		The display name of this risk vector. 
rolledup_observation_id
String 		A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. 
severity
Decimal 		The finding severity, which is the measured risk that this finding introduces. 
severity_category
String 		The finding severity slug name. 
tags
Array 		Infrastructure tags identifying this asset. 
remediation_history

Object

 If ?expand=remediation_history parameter is set, the remediation history of the finding is included.
  
last_requested_refresh_date

String [YYYY‑MM‑DD]

 The date when a finding rescan that included this finding was last requested.
  
last_refresh_status_date

String [YYYY‑MM‑DD]

 The date when a rescan of the remediation status of this finding was last requested. 
last_refresh_status_label

String

 The current rescan status of this finding. 
last_refresh_status_reason

String

 The rescan status.
  
last_refresh_reason_code

String

 The reason code for the resacn status. 
last_refresh_requester

String [user_guid]

 The unique identifier of the user who requested the rescan. 
result_finding_date

String [YYYY-MM-DD]

 The first seen date of the finding that resulted from the rescan, if applicable. 
asset_overrides
Array 		User-assigned asset importance details. 
duration
String 		This finding’s duration. 
comments
Null 		Finding comments. 
remaining_decay
Integer 		The remaining finding lifetime. 
remediated
Boolean 		true = The finding is remediated.
  • February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
  • September 7, 2023: Separated from GET Diligence Finding Details; More details on the vulnerability, remediation, and data confidence based on the evidence.

Related articles

Feedback

0 comments

Please sign in to leave a comment.