Compromised Systems Intelligence: Unsolicited Communications Ingrid Unsolicited Communications indicates a host is trying to contact a service on another host. It might be attempting to communicate with a server that is not providing or advertising any useful services, the attempt may be unexpected, or the service is unsupported. Data Structure Diagram Data Solutions data feeds are optimized for relational databases. Refer to the structure conveyed in the following diagram to make the best use of entity relationships within the Unsolicited Communications Intelligence data feed: Schema Unsolicited Communications data available in Compromised Systems Intelligence: temporary_finding_id The temporary unique identifier for this finding. String [temp_finding_guid] company_guid The unique identifier of the company. String [entity_guid] event_date When the finding was first observed. String [YYYY-MM-DD] affects_rating true = This finding affects the rating. Boolean country The country where the asset attributed with this finding is located. String country_code The country code where the asset attributed with this finding is located. String decay_date The date when this finding stops impacting the rating if nothing else changes. String [YYYY-MM-DD] event_grade The finding grade. String evidence_key The source of evidence for the finding. It may be from an IP address, domain, IP/domain combination, or port. String first_seen The first time the finding was observed. String [YYYY-MM-DD HH:MM:SS] impacts_risk_vector_code A reason code for why the finding does not impact on the rating. String impacts_risk_vector_label The reason why the finding no longer impacts the rating. String last_seen The most recent time the finding was observed. String [YYYY-MM-DD HH:MM:SS] observation_id The unique identifier of this observation. String remediation_duration The number of days it took to remediate the finding. Integer risk_category The risk category. String risk_vector The risk vector slug name. String risk_vector_label The risk vector name. String rollup_start_date The date when this finding was first observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] rollup_end_date The date when the infection was last observed, which is used for determining the number of Compromised Systems events. String [YYYY-MM-DD] rolledup_observation_id A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. String severity This finding’s Bitsight severity. Decimal severity_category This finding’s Bitsight severity. String count The number of events. See event count considerations for Compromised Systems events. Integer dest_port A compromised device was observed to be sending traffic from this port. Integer detection_method The method used to detect the infection. See the data collection methods. String infection_id An identifier for the infection. Integer sinkhole_ip The masked destination IP address of the sinkhole. String src_port The port where traffic from a compromised device was observed. Integer protocol The network protocol used in the observed event. String September 11, 2024: Published. Related articles GET: Portfolio Details Data Solutions: Compromised Systems Intelligence Compromised Systems Intelligence: Malware Servers API Fields: Vulnerability Status Alerts API Endpoint Feedback 0 comments Please sign in to leave a comment.