GET: Compromised Systems Finding Details – Bitsight Knowledge Base

April 20, 2022: Separated each risk vector to its own page.
March 22, 2022: Added pcap_id, sinkhole_ip, sinkhole_ip_masked, & remaining_decay to GET: Botnet Infections Finding Details.
September 19, 2019: Published.

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name

The details field for the /findings path shows the details of findings. The included fields vary, depending on the risk vector.

The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.

Example Response

To get details on specific risk vectors, use the risk_vector parameter along with the following values:

Botnet Infections = botnet_infections
Spam Propagation = spam_propagation
Malware Servers = malware_servers
Unsolicited Communications = unsolicited_comm
Potentially Exploited = potentially_exploited

  "geo_ip_location":"US",
  "infection":{
    "family":"Gamarue",
    "description":"Gamarue is a family of malware that can give attackers remote access to infected devices. It is distributed through spam messages and infected removable storage devices.",
    "references":[
      "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fGamarue"
    ],
    "data_exfiltration":true,
    "unauthorized_access":true,
    "implies_other_infections":false,
    "resource_abuse":false,
    "target_platforms":[
      "Win32"
    ]
  },
  "remediations":[ ],
  
  [Risk Vector-Specific Fields]

  "rollup_end_date":"2019-05-31",
  "rollup_start_date":"2019-05-21",

Response Attributes

The following attributes apply to all Compromised Systems findings:

Field		Description
geo_ip_location String		A 2-letter ISO country code indicating this finding’s country of origin.
infection Object		Contains infection details.
	family String	The malware family of this infection.
	description String	An overview of this infection.
	references Array	A list of URLs as a source of information.
	data_exfiltration Boolean	`true` = This infection allows any unauthorized transfers of sensitive information.
	unauthorized_access Boolean	Indicates if this infection allows attackers to connect and then log in as a legitimate user.
	implies_other_infections Boolean	`true` = This infection may lead to other infections.
	resource_abuse Boolean	`true` = This infection is misusing assets.
	target_platforms Array	A list of platforms that are potentially affected.
remediations Object		If this is a Diligence finding, the details contain information about the finding and instructions to remediate it.
rollup_end_date String [`YYYY-MM-DD`]		The date of the most recent observation.
rollup_start_date String [`YYYY-MM-DD`]		The date of the first observation.

Articles in this section

Example Response

Response Attributes

Related articles