GET: Server Software Finding Details – Bitsight Knowledge Base

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=server_software

Get an organization’s Server Software finding details.

Parameters

For details specific to Server Software, use the ?risk_vector=server_software parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=server_software -u api_token:

Example Response

{
  "links":{
      "next":null,
      "previous":null
  },
  "count":13,
  "results":[
    […]
    {
      "temporary_id":"A9Jq47BBje3ff2913a5e18d1cb127402aa1209f3ea",
      "pcap_id":"UENBUHBjYXBQQ0FQcGNhcPmm1cVnxXe1XdjWaSuFKFRoNhN2q0aYtxOmuvofUnsU01_2PhvV9dhk5Y0LBZ9I7paQ30uU5Ni99PtHWfMOs4A=",
      "affects_rating":true,
      "assets":[
        {
          "asset":"63.208.139.45",
          "identifier":null,
          "category":"low",
          "importance":0.0,
          "is_ip":true
        }
      ],
      "details":{
        "cvss":{
          "base":[ ]
        },
        "check_pass":"",
        "diligence_annotations":{
          "message":"Remote management: Symantec EPM",
          "risks":[
            "Hijack - Domain owners can interact with endpoints potentially interfering with patch or endpoint management."
          ],
          "references":[
            "https://support.symantec.com/en_US/article.HOWTO80785.html",
            "https://www.symantec.com/products/threat-protection/endpoint-management"
          ],
          "source_ip":"63.208.139.45",
          "path_info":"/secars/secars.dll"
        },
        "geo_ip_location":"US",
        "country":"United States",
        "grade":"BAD",
        "remediations":[
          {
            "message":"Remote management: Symantec EPM",
            "help_text":"Corporate endpoints are contacting abandoned domains from Symantec Endpoint Protection Manager.",
            "remediation_tip":"Track down the endpoint system by using the available details, and then reinstall or remove the related insecure application."
          }
        ],
        "sample_timestamp":"2023-09-24T18:59:16Z",
        "sample_count":1,
        "sample_values":"[UA: Sylink]",
        "server_name":"SAPPSEPP01V",
        "user_agent":"Sylink",
        "vulnerabilities":[ ],
        "dest_port":8014,
        "rollup_end_date":"2023-09-24",
        "rollup_start_date":"2023-09-24",
        "searchable_details":"Remote management: Symantec EPM",
        "src_port":49690
      },
      "evidence_key":"63.208.139.45",
      "first_seen":"2023-09-24",
      "last_seen":"2023-09-24",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"insecure_systems",
      "risk_vector_label":"Insecure Systems",
      "rolledup_observation_id":"RSf_fGg2KrXH894SLes14g==",
      "severity":10.0,
      "severity_category":"severe",
      "tags":[ ],
      "remediation_history":{
        "last_requested_refresh_date":"2024-06-19",
          "last_refresh_status_date":"2024-06-23",
          "last_refresh_status_label":"failed",
        "last_refresh_status_reason": "asset_not_found",
          "last_refresh_reason_code":"asset unreachable",
          "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
        "result_finding_date": null
      },
      "asset_overrides":[ ],
      "duration":null,
      "comments":null,
      "remaining_decay":59,
      "remediated":null
    },
    […]
  ]
}

Response Attributes

Field						Description
links Object						Navigation for multiple pages of results. See pagination.
	next String					The URL for navigating to the next page of results.
	previous String					The URL for navigating to the previous page of results.
count Integer						The number of findings.
results Array						Findings and their details.
	Object					A finding.
		temporary_id String				A temporary identifier for this finding.
		pcap_id String				The packet capture (PCAP or libpcap) ID.
		affects_rating Boolean				`true` = This finding has an impact on the risk vector letter grade.
		assets Array				Asset details.
			Object			An asset (IP address or domain).
				asset String		The asset associated with this finding.
				identifier Null		This is not applicable to Server Software findings.
				category String		The Bitsight-calculated asset importance.
				importance Decimal		For internal Bitsight use.
				is_ip Boolean		`true` = The asset is an IP address.
		details Object				Details of this finding.
			cvss Object			If the finding has an associated vulnerability, this contains the CVSS score.
				base Array		CVSS scores of vulnerabilities associated with this finding.
			check_pass String			For internal Bitsight use.
			diligence_annotations Object			Diligence finding details.
				message String		The display name of this finding.
				risks Array		A description of the risks involved with this system.
				references Array		Source URL for more information.
				source_ip String		The IP address of this insecure system.
				path_info String
			geo_ip_location String			A 2-letter ISO country code indicating this finding’s country of origin.
			country String			This finding’s country of origin.
			grade String			The finding grade.
			remediations Array			Information about the finding and instructions to remediate it, if any.
				Object		The information.
					message String	Details of this finding.
					help_text String	An overview of this finding.
					remediation_tip String	The recommended remediation instructions.
			sample_timestamp String [`YYYY-MM-DDTHH:MM:SSZ`]			The date and time when this finding was observed.
			sample_count Integer
			sample_values String
			server_name String			The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware.
			user_agent String			The `user-agent` string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version.
			vulnerabilities Array
			dest_port Integer			The destination port.
			rollup_end_date String [`YYYY-MM-DD`]			The date when this finding was last observed.
			rollup_start_date String [`YYYY-MM-DD`]			The date when this finding was first observed.
			searchable_details String			Details that can be searched in the Bitsight platform.
			src_port Integer			The port where traffic from a compromised device was observed.
		evidence_key String				The asset (domain or IP address) that’s attributed to this finding.
		first_seen String [`YYYY-MM-DD`]				The date when this finding was first observed.
		last_seen String [`YYYY-MM-DD`]				The date when this finding was last observed.
		related_findings Array				Related findings and their details.
		risk_category String				The risk category.
		risk_vector String				The risk vector slug name.
		risk_vector_label String				The risk vector display name.
		rolledup_observation_id String				A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.
		severity Decimal				This finding’s Bitsight severity.
		severity_category String				This finding’s Bitsight severity.
		tags Array				Infrastructure tags identifying the asset.
		remediation_history Object				If `?expand=remediation_history` parameter is set, the remediation history of the finding is included.
			last_requested_refresh_date String [`YYYY‑MM‑DD`]			The date when a finding rescan that included this finding was last requested.
				last_refresh_status_date String [`YYYY‑MM‑DD`]		The date when a rescan of the remediation status of this finding was last requested.
				last_refresh_status_label String		The current rescan status of this finding.
			last_refresh_status_reason String			The rescan status.
				last_refresh_reason_code String		The reason code for the rescan status.
				last_refresh_requester String [`user_guid`]		The unique identifier of the user who requested the rescan.
			result_finding_date String [`YYYY-MM-DD`]			The first seen date of the finding that resulted from the rescan, if applicable.
		asset_overrides Array				User-assigned asset importance details.
		duration Null				For internal Bitsight use.
		comments Null				A thread of finding comments.
		remaining_decay Integer				The remaining finding lifetime.
		remediated Boolean				`true` = The finding is remediated.

February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
September 26, 2023: Published.

Parameters

Example Request

Example Response

Response Attributes

Related articles