https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=open_ports
Get an organization’s Open Ports finding details.
Parameters
For details specific to Open Ports, use the ?risk_vector=open_ports parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=open_ports -u api_token:
Example Response
{
"links":{
"next":"https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?limit=100&offset=100&risk_vector=open_ports",
"previous":null
},
"count":7988,
"results":[
[…]
{
"temporary_id":"A9Jq47BBje36fc970103a54dec7a1a4944622d0f71",
"affects_rating":true,
"assets":[
{
"asset":"23.102.37.182",
"identifier":null,
"category":"critical",
"importance":0.36,
"is_ip":true
}
],
"details":{
"cvss":{
"base":[
7.5
]
},
"check_pass":"",
"diligence_annotations":{
"message":"Detected service: AMQP",
"CPE":[
"a:vmware:rabbitmq:3.9.13"
],
"Product":"RabbitMQ",
"Version":"3.9.13",
"transport":"tcp"
},
"geo_ip_location":"IE",
"country":"Ireland",
"grade":"WARN",
"remediations":[
{
"message":"Detected service: AMQP",
"help_text":"This port was observed running the Advanced Messaging Queuing Protocol (AMQP), which is used for sending messages between distributed systems.",
"remediation_tip":"Create company firewall rules to only allow approved AQMP destinations or block the port entirely in the company edge network infrastructure and tunnel AQMP requests through a Virtual Private Network (VPN)."
}
],
"sample_timestamp":"2023-09-06T19:38:57Z",
"vulnerabilities":[
{
"name":"CVE-2022-31008",
"alias":"",
"display_name":"CVE-2022-31008",
"description":"RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.",
"remediation_tip":"",
"confidence":"LOW",
"cvss":{
"base":7.5
},
"severity":"Material"
}
],
"dest_port":5672,
"rollup_end_date":"2023-09-06",
"rollup_start_date":"2023-08-31",
"searchable_details":"Detected service: AMQP,tcp,RabbitMQ"
},
"evidence_key":"23.102.37.182:5672",
"first_seen":"2023-08-31",
"last_seen":"2023-09-06",
"related_findings":[ ],
"risk_category":"Diligence",
"risk_vector":"open_ports",
"risk_vector_label":"Open Ports",
"rolledup_observation_id":"No72KfYkacdJk4Cy03TuFg==",
"severity":6.0,
"severity_category":"moderate",
"tags":[ ],
"remediation_history":{
"last_requested_refresh_date":null,
"last_refresh_status_date":null,
"last_refresh_status_label":null,
"last_refresh_reason_code":null
},
"asset_overrides":[ ],
"duration":null,
"comments":null,
"remaining_decay":59,
"remediated":null
}
]
}
Response Attributes
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | ||||||
next String |
The URL for navigating to the next page of results. | ||||||
previous String |
The URL for navigating to the previous page of results. | ||||||
count Integer |
The number of findings. | ||||||
results Array |
Findings and their details. | ||||||
| Object | A finding. | ||||||
temporary_id String |
A temporary identifier for this finding. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Assets and their details. | ||||||
| Object | An asset (IP address or domain). | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance. | ||||||
importance Decimal |
Reiterates the category field. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
cvss Object |
CVSS scores. | ||||||
base Array |
CVSS scores of vulnerabilities associated with this finding. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
diligence_annotations Object |
Diligence finding details. | ||||||
message String |
Indicates if the DKIM record is effective. | ||||||
CPE Array |
Common Platform Enumeration (CPE) names. | ||||||
Product String |
The web server. | ||||||
Version String |
The server software version. | ||||||
transport String |
The transmission protocol used in the connection. | ||||||
geo_ip_location String |
A 2-letter ISO country code indicating the finding’s country of origin. | ||||||
country String |
The finding’s country of origin. | ||||||
grade String |
The finding grade. | ||||||
remediations Array |
Information about a finding and instructions to remediate it. | ||||||
| Object | A finding. | ||||||
message String |
The display name of this finding. | ||||||
help_text String |
Details of this finding. | ||||||
remediation_tip String |
Remediation and mitigation instructions. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
vulnerabilities Array |
Vulnerabilities affecting the finding. | ||||||
| Object | A vulnerability and its details. | ||||||
name String |
The name of the vulnerability. | ||||||
alias String |
The vulnerability name if it’s a prominent vulnerability. | ||||||
display_name String |
The vulnerability name if it’s a prominent vulnerability. | ||||||
description String |
Details about the vulnerability. | ||||||
remediation_tip String |
Remediation and mitigation instructions. | ||||||
confidence String |
|||||||
cvss Object |
Contains the CVSS score. | ||||||
base Decimal |
CVSS scores of vulnerabilities associated with this finding. | ||||||
severity String |
The finding severity, which is the measured risk that this finding introduces. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
searchable_details String |
Details that can be searched in the Bitsight platform. | ||||||
evidence_key String |
The asset attributed to the finding. | ||||||
first_seen String [ |
The date when this observation was first seen. | ||||||
last_seen String [ |
The date when this observation was last seen. | ||||||
related_findings Array |
Related findings and their details. | ||||||
risk_category String |
The risk category of this finding. | ||||||
risk_vector String |
The slug name of this risk vector. | ||||||
risk_vector_label String |
The display name of this risk vector. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
The finding severity, which is the measured risk that this finding introduces. | ||||||
severity_category String |
The finding severity slug name. | ||||||
tags Array |
Infrastructure tags that identify this asset. | ||||||
remediation_history Object |
The finding’s remediation and refresh history. | ||||||
last_requested_refresh_date String [ |
The date when a finding refresh that included this finding was last requested. | ||||||
last_refresh_status_date String [ |
The date when this finding’s remediation status was last refreshed. | ||||||
last_refresh_status_label String [ |
The current refresh status of this finding. | ||||||
last_refresh_reason_code String [ |
The current remediation status of this finding. | ||||||
asset_overrides Array |
User-assigned asset importance details. | ||||||
duration Integer |
This finding’s duration. | ||||||
comments Null |
Finding comments. | ||||||
remaining_decay Integer |
The remaining finding lifetime. | ||||||
remediated Boolean |
true = The finding is remediated. |
||||||
- September 8, 2023: Separated from GET Diligence Finding Details.
Feedback
0 comments
Please sign in to leave a comment.