Unsolicited Communications indicates a host is trying to contact a service on another host. It might be attempting to communicate with a server that is not providing or advertising any useful services, the attempt may be unexpected, or the service is unsupported.
Data Structure Diagram
Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Unsolicited Communications Intelligence data feed:
Schema
Unsolicited Communications data available in Compromised Systems Intelligence:
Field | Description |
---|---|
temporary_finding_id String [ |
The temporary unique identifier for this finding. |
entity_guid String [ |
The unique identifier of the company. |
event_date String [ |
When the finding was first observed. |
affects_rating Boolean |
true = This finding affects the rating. |
country String |
The country where the asset attributed with this finding is located. |
country_code String |
The country code where the asset attributed with this finding is located. |
decay_date String [ |
The date when this finding stops impacting the rating if nothing else changes. |
event_grade String |
The finding grade. |
evidence_key String |
The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port. |
first_seen String [ |
The first time the finding was observed. |
impacts_risk_vector_code String |
A reason code for why the finding does not impact on the rating. |
impacts_risk_vector_label String |
The reason why the finding no longer impacts the rating. |
last_seen String [ |
The most recent time the finding was observed. |
observation_id String |
The unique identifier of this observation. |
remediation_duration Integer |
The number of days it took to remediate the finding. |
risk_category String |
The risk category. |
risk_vector String |
The risk vector slug name. |
risk_vector_label String |
The risk vector name. |
rollup_start_date String [ |
The date when this finding was first observed, which is used for determining the number of Compromised Systems events. |
rollup_end_date String [ |
The date when the infection was last observed, which is used for determining the number of Compromised Systems events. |
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. |
severity Decimal |
This finding’s Bitsight severity. |
severity_category String |
This finding’s Bitsight severity. |
count Integer |
The number of events. See event count considerations for Compromised Systems events. |
dest_port Integer |
A compromised device was observed to be sending traffic from this port. |
detection_method String |
The method used to detect the infection. See the data collection methods. |
infection_id Integer |
An identifier for the infection. |
sinkhole_ip String |
The masked destination IP address of the sinkhole. |
src_port Integer |
The port where traffic from a compromised device was observed. |
protocol String |
The network protocol used in the observed event. |
- September 11, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.