https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name
The details field for the /findings path shows the details of findings. The included fields vary, depending on the risk vector.
The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.
Parameters
See parameters.
To get details on specific risk vectors, use the risk_vector parameter along with the following values:
-
Botnet Infections =
botnet_infections -
Spam Propagation =
spam_propagation -
Malware Servers =
malware_servers -
Unsolicited Communications =
unsolicited_comm -
Potentially Exploited =
potentially_exploited
Example Response
"geo_ip_location":"US", "infection":{ "family":"Gamarue", "description":"Gamarue is a family of malware that can give attackers remote access to infected devices. It is distributed through spam messages and infected removable storage devices.", "references":[ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fGamarue" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":false, "resource_abuse":false, "target_platforms":[ "Win32" ] }, "remediations":[ ], [Risk Vector-Specific Fields] "rollup_end_date":"2019-05-31", "rollup_start_date":"2019-05-21",
Response Attributes
The following attributes apply to all Compromised Systems findings:
| Field | Description | |
|---|---|---|
geo_ip_location String |
A 2-letter ISO country code indicating this finding’s country of origin. | |
infection Object |
Contains infection details. | |
family String |
The malware family of this infection. | |
description String |
An overview of this infection. | |
references Array |
A list of URLs as a source of information. | |
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
|
unauthorized_access Boolean |
Indicates if this infection allows attackers to connect and then log in as a legitimate user. | |
implies_other_infections Boolean |
true = This infection may lead to other infections. |
|
resource_abuse Boolean |
true = This infection is misusing assets. |
|
target_platforms Array |
A list of platforms that are potentially affected. | |
remediations Object |
If this is a Diligence finding, the details contain information about the finding and instructions to remediate it. | |
rollup_end_date String [ |
The date of the most recent observation. | |
rollup_start_date String [ |
The date of the first observation. | |
- April 20, 2022: Separated each risk vector to its own page.
-
March 22, 2022: Added
pcap_id,sinkhole_ip,sinkhole_ip_masked, &remaining_decayto GET: Botnet Infections Finding Details. - September 19, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.