GET: Mobile Software Finding Details – Bitsight Knowledge Base

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=mobile_software

Get an organization’s Mobile Software finding details.

Parameters

For details specific to Mobile Software, use the ?risk_vector=mobile_software parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=mobile_software -u api_token:

Example Response

{
  "links":{
    "next":"https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?limit=100&offset=100&risk_vector=mobile_software",
    "previous":null
  },
  "count":963,
  "results":[
    […]
    {
      "temporary_id":"A9Jq47BBje0112d0711e31da5eab5b1881262625b8",
      "affects_rating":true,
      "assets":[
        {
          "asset":"192.199.225.10",
          "identifier":null,
          "category":"critical",
          "importance":1.0,
          "is_ip":true
        }
      ],
      "details":{
        "cvss":{
          "base":[ ]
        },
        "check_pass":"",
        "estimation_of_users":"1",
        "diligence_annotations":{
          "count_ips":1,
          "operating_system_rule":{
            "version":"7.1.1",
            "eol":"2019-10-04",
            "launch":"2016-12-05",
            "is":"match"
          },
          "user_agent_rule":{
            "version":"68.0.3440",
            "eol":"2018-09-11",
            "launch":"2018-08-07",
            "is":"match"
          },
          "sample_ips":[
            "192.199.225.10"
          ],
          "sample_user_agent_strings":[
            "Mozilla/5.0 (Linux; Android 7.1.1; A574BL Build/NMF26F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Mobile Safari/537.36"
          ],
          "sample_domains":[
            "example.com"
          ]
          "sample_records": [{
          "ip": "63.208.139.45",
          "timestamp": "timestamp",
          "user_agent": "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36",
          "domain": "www.dictionary.com"
        }]
        },
        "geo_ip_location":"US",
        "country":"United States",
        "grade":"BAD",
        "operating_system_family":"Android",
        "operating_system_grade":"WARN",
        "operating_system_support_status":"UNSUPPORTED",
        "operating_system_version":"7.1.1",
        "remediations":[
          {
            "message":"Unsupported Operating System and Browser",
            "help_text":"The operating system and browser are both not supported.",
            "remediation_tip":"Ensure the latest version of the operating system is installed. After that, install the latest supported version of the desired browser."
          }
        ],
        "sample_timestamp":"2023-09-01T23:59:59Z",
        "user_agent_family":"Chrome Mobile",
        "user_agent_grade":"BAD",
        "user_agent_support_status":"UNSUPPORTED",
        "user_agent_version":"68.0.3440",
        "vulnerabilities":[ ],
        "rollup_end_date":"2023-09-01",
        "rollup_start_date":"2023-09-01",
        "searchable_details":"Unsupported Operating System and Browser"
      },
      "evidence_key":"Android 7.1.1 / Chrome Mobile 68.0.3440",
      "first_seen":"2023-09-01",
      "last_seen":"2023-09-01",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"mobile_software",
      "risk_vector_label":"Mobile Software",
      "rolledup_observation_id":"80HWkmlsihnWHaQ0i-BGaQ==",
      "severity":8.0,
      "severity_category":"material",
      "tags":[
        "Data Center 1"
      ],
      "remediation_history":{
        "last_requested_refresh_date":"2024-06-19",
          "last_refresh_status_date":"2024-06-23",
          "last_refresh_status_label":"failed",
        "last_refresh_status_reason": "asset_not_found",
          "last_refresh_reason_code":"asset unreachable",
          "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
        "result_finding_date": null
      },
      "asset_overrides":[
        {
          "asset":"192.199.225.10",
          "importance":"high",
          "override_importance":"high"
        }
      ],
      "duration":null,
      "comments":null,
      "remaining_decay":40,
      "remediated":null
    }
  ]
}

Response Attributes

Field						Description
links Object						Navigation for multiple pages of results. See pagination.
	next String					The URL for navigating to the next page of results.
	previous String					The URL for navigating to the previous page of results.
count Integer						The number of findings.
results Array						Findings and their details.
	Object					A finding.
		temporary_id String				A temporary identifier for this finding.
		affects_rating Boolean				`true` = This finding impacts the risk vector letter grade.
		assets Array				Asset (IP address or domain) details.
			Object			An asset.
				asset String		The asset associated with this finding.
				identifier Null		This is not applicable to Mobile Software findings.
				category String		The Bitsight-calculated asset importance.
				importance Decimal		The Bitsight-calculated asset importance.
				is_ip Boolean		`true` = This asset is an IP address.
		details Object				Details of this finding.
			cvss Object			If the finding has an associated vulnerability, this contains the CVSS score.
				base Array		CVSS scores of vulnerabilities associated with this finding.
			check_pass String			For internal Bitsight use.
			estimation_of_users String			The estimated number of affected users.
			diligence_annotations Object			Diligence finding details.
				count_ips Integer		The number of IP addresses that are attributed to this finding.
				operating_system_rule Object		Details of the logic for determining the supported status of the operating system (OS).
					version String	The operating system version.
					eol String [`YYYY-MM-DD`]	The OS version’s end-of-life date.
					launch String [`YYYY-MM-DD`]	The OS version’s launch date.
					is String
				user_agent_rule Object		Details of the logic for determining the supported status of the browser.
					version String	The browser version.
					eol String [`YYYY-MM-DD`]	The browser version’s end-of-life date.
					launch String [`YYYY-MM-DD`]	The browser version’s launch date.
					is String
				sample_ips Array		A sample of attributed IP addresses.
				sample_user_agent_strings Array		A sample of browsers.
				sample_domains Array		A sample of domains.
				sample_records Array		Sample records.
					ip String	The source IP address of the connection when the evaluated desktop made an outbound request. This is typically an IP address associated with a firewall. The source IP and user-agent string are used to determine the OS and browser version.
					timestamp String	Date and time (in UTC) the traffic was observed.
					user_agent String	The `user-agent` string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version.
					domain String	The target host that the browser connected with (if available). If we were able to collect target host information, it is useful for searching the firewall logs to determine which internal host made the connection. Search for the egress IP in the source IP field, the target host, and representative timestamp.
			geo_ip_location String			A 2-letter ISO country code indicating this finding’s country of origin.
			country String			This finding’s country of origin.
			grade String			The finding grade.
			operating_system_family String			The operating system type.
			operating_system_grade String			An assessment of this operating system. See graded mobile operating systems.
			operating_system_support_status String			The support status of this operating system.
			operating_system_version String			The current OS version.
			remediations Array			Information about the finding and instructions to remediate it, if any.
				Object		The information.
					message String	Details of this finding.
					help_text String	A description of this finding.
					remediation_tip String	The recommended remediation instructions.
			sample_timestamp String [`YYYY-MM-DDTHH:MM:SSZ`]			The date and time when this finding was observed.
			user_agent_family String			The browser type.
			user_agent_grade String			An assessment of this browser. See graded mobile browsers.
			user_agent_support_status String			This browser’s support status.
			user_agent_version String			The current browser version.
			vulnerabilities Array			Not applicable to Mobile Software findings.
			rollup_end_date String [`YYYY-MM-DD`]			The date when this finding was last observed.
			rollup_start_date String [`YYYY-MM-DD`]			The date when this finding was first observed.
			searchable_details String			Details that can be searched in the Bitsight platform.
		evidence_key String				The asset attributed to the finding.
		first_seen String [`YYYY-MM-DD`]				The date when an observation was first seen.
		last_seen String [`YYYY-MM-DD`]				The date when an observation was last seen.
		related_findings Array				Related findings and their details.
		risk_category String				The risk category of this finding.
		risk_vector String				The risk vector slug name.
		risk_vector_label String				The risk vector display name.
		rolledup_observation_id String				A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.
severity Decimal				The finding severity, which is the measured risk that this finding introduces.
severity_category String				The finding severity slug name.
tags Array				Infrastructure tags that identify this asset.
remediation_history Object				If `?expand=remediation_history` parameter is set, the remediation history of the finding is included.
		last_requested_refresh_date String [`YYYY‑MM‑DD`]			The date when a finding rescan that included this finding was last requested.
		last_refresh_status_date String [`YYYY‑MM‑DD`]		The date when a rescan of the remediation status of this finding was last requested.
		last_refresh_status_label String		The current rescan status of this finding.
	last_refresh_status_reason String			The rescan status.
		last_refresh_reason_code String		The reason code for the rescan status.
		last_refresh_requester String [`user_guid`]		The unique identifier of the user who requested the rescan.
	result_finding_date String [`YYYY-MM-DD`]			The first seen date of the finding that resulted from the rescan, if applicable.
asset_overrides Array				User-assigned asset importance details.
	Object			User-assigned asset importance details.
		asset String		The domain or IP address.
		importance String		The user-assigned asset importance.
		override_importance String		For internal Bitsight use.
duration Integer				For internal Bitsight use.
comments String				A thread of finding comments.
remaining_decay Integer				The remaining finding lifetime.
remediated Boolean				`true` = The finding is remediated.

February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
October 16, 2024: sample_records:domain is "target host" and updated description; sample_records:ip is "source IP" and updated description.
March 11, 2024: Added sample_records, ip, timestamp, user_agent, and domain response attributes.

Parameters

Example Request

Example Response

Response Attributes

Related articles