GET: DMARC Finding Details – Bitsight Knowledge Base

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dmarc

Get an organization’s DMARC finding details.

The DMARC risk vector is non-graded. It is assigned an N/A grade. See how it is assessed.

Parameters

For details specific to DMARC, use the ?risk_vector=dmarc parameter. Other query parameters are listed in GET: Finding Details.

Example Response

{
  "links":{
    "next":null,
    "previous":null
  },
  "count":9,
  "results":[
    […]
    {
      "temporary_id":"ABCd12EFgh345i678901j2k34567lmnop8901qr23s456t789uv0w12x34567yzzz8z99z0000",
      "affects_rating":true,
      "assets":[
        {
          "asset":"example.com",
          "identifier":null,
          "category":"critical",
          "importance":0.1,
          "is_ip":false,
          "asset_type":"Domain"
        }
      ],
      "details":{
        "cvss":{
          "base":[ ]
        },
        "check_pass":"",
        "diligence_annotations":{
          "message":"Record does not exist",
          "record":[
            [ ]
          ],
          "percentage":0,
          "policy":"reject",
          "ruaReportEmail":[ ],
          "rufReportEmail":[ ]
        },
        "grade":"BAD",
        "remediations":[
          {
            "message":"Record does not exist",
            "help_text":"Domain has no DMARC record in place.",
            "remediation_tip":"Implement a DMARC policy for this domain."
          }
        ],
        "sample_timestamp":"2024-03-22T21:19:11Z",
        "vulnerabilities":[ ],
        "rollup_end_date":"2024-03-22",
        "rollup_start_date":"2024-01-17"
      },
      "evidence_key":"example.com",
      "first_seen":"2024-01-17",
      "last_seen":"2024-03-22",
      "related_findings":[ ],
      "risk_category":"Diligence",
      "risk_vector":"dmarc",
      "risk_vector_label":"DMARC",
      "rolledup_observation_id":"0aaaaAaaaAaaaaaaA0aa0A==",
      "severity":8.0,
      "severity_category":"material",
      "tags":[
        "TagName"
      ],
      "remediation_history":{
        "last_requested_refresh_date":"2024-06-19",
          "last_refresh_status_date":"2024-06-23",
          "last_refresh_status_label":"failed",
        "last_refresh_status_reason": "asset_not_found",
          "last_refresh_reason_code":"asset unreachable",
          "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
        "result_finding_date": null
      },
      "asset_overrides":[ ],
      "duration":null,
      "comments":null,
      "remaining_decay":56,
      "remediated":null,
      "impacts_risk_vector_details":"AFFECTS_RATING"
    }
  ]
}

Response Attributes

Field						Description
links Object						Navigation for multiple pages of results. See pagination.
	next String					The URL for navigating to the next page of results.
	previous String					The URL for navigating to the previous page of results.
count Integer						The number of findings.
results Array						Findings and their details.
	Object					A finding.
		temporary_id String				A temporary identifier for this finding.
		affects_rating Boolean				`true` = This finding has an impact on the letter grade.
		assets Array				Asset details.
			Object			An asset.
				asset Array		The asset name.
				identifier String		For internal Bitsight use.
				category String		The Bitsight-calculated asset importance.
				importance Decimal		The Bitsight-calculated asset importance.
				is_ip Boolean		`true` = This asset is an IP address.
				asset_type String		The type of asset.
		details Object				Details of this finding.
			cvss Object			If the finding has an associated vulnerability, this contains the CVSS score.
				base Array		CVSS scores of vulnerabilities associated with this finding.
			check_pass String			For internal Bitsight use.
			diligence_annotations Object			Diligence finding details.
				message String		The finding message.
				record Array		The DMARC record configuration details.
				percentage Integer		The proportion of email that have a passthrough policy protecting recipients of spoofed email.
				policy String		How emails that fail authentication are handled. Values: `quarantine` `reject` `none` = Allow all email to pass through.
				ruaReportEmail Array		The mailbox where the RUA report (a.k.a. DMARC aggregate report) containing authentication failures statistics are sent.
				rufReportEmail Array		A second set of recipients of the RUA report. If available, this may be used to request detailed forensic authentication reports.
			grade String			The finding grade.
			remediations Array			Information about the finding and instructions to remediate it, if any.
				Object		The information.
					message String	The finding message.
					help_text String	An overview of this finding.
					remediation_tip String	The recommended remediation instructions.
			sample_timestamp String [`YYYY-MM-DDTHH:MM:SSZ`]			The date and time when this finding was observed.
			vulnerabilities Array			Vulnerability details.
			rollup_end_date String [`YYYY-MM-DD`]			The date when this finding was last observed.
			rollup_start_date String [`YYYY-MM-DD`]			The date when this finding was first observed.
		evidence_key String				The asset attributed to this finding.
		first_seen String [`YYYY-MM-DD`]				The date when this finding was first observed.
		last_seen String [`YYYY-MM-DD`]				The date when this finding was last observed.
		related_findings Array				Related findings.
		risk_category String				The risk category.
		risk_vector String				The risk vector slug name.
		risk_vector_label String				The risk vector display name.
		rolledup_observation_id String				A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession.
		severity Decimal				This finding’s Bitsight severity.
		severity_category String				This finding’s Bitsight severity.
		tags Array				Infrastructure tags identifying the asset.
		remediation_history Object				If `?expand=remediation_history` parameter is set, the remediation history of the finding is included.
			last_requested_refresh_date String [`YYYY‑MM‑DD`]			This is not applicable to DMARC.
				last_refresh_status_date String [`YYYY‑MM‑DD`]		TThis is not applicable to DMARC.
				last_refresh_status_label String		This is not applicable to DMARC.
			last_refresh_status_reason String			This is not applicable to DMARC.
				last_refresh_reason_code String		This is not applicable to DMARC.
				last_refresh_requester String [`user_guid`]		This is not applicable to DMARC.
			result_finding_date String [`YYYY-MM-DD`]			This is not applicable to DMARC.
		asset_overrides Array				User-assigned asset importance.
		duration String				This is not applicable to DMARC.
		comments String				Finding comments.
		remaining_decay Integer				This finding’s remaining lifetime.
		remediated Boolean				`true` = The finding is remediated.
		impacts_risk_vector_details String				Indicates how the risk vector is impacted. Values: `AFFECTS_RATING` `DELEGATED_CONTROL` `LIFETIME_EXPIRED`

February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes.
March 29, 2024: Published.

Parameters

Example Response

Response Attributes

Related articles