https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name
The details
field for the /findings
path shows the details of findings. The included fields vary, depending on the risk vector.
The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.
Example Response
To get details on specific risk vectors, use the risk_vector
parameter along with the following values:
- Botnet Infections =
botnet_infections
- Spam Propagation =
spam_propagation
- Malware Servers =
malware_servers
- Unsolicited Communications =
unsolicited_comm
- Potentially Exploited =
potentially_exploited
"geo_ip_location":"US", "infection":{ "family":"Gamarue", "description":"Gamarue is a family of malware that can give attackers remote access to infected devices. It is distributed through spam messages and infected removable storage devices.", "references":[ "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fGamarue" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":false, "resource_abuse":false, "target_platforms":[ "Win32" ] }, "remediations":[ ], [Risk Vector-Specific Fields] "rollup_end_date":"2019-05-31", "rollup_start_date":"2019-05-21",
Response Attributes
The following attributes apply to all Compromised Systems findings:
Field | Description | |
---|---|---|
geo_ip_locationString |
A 2-letter ISO country code indicating this finding’s country of origin. | |
infectionObject |
Contains infection details. | |
familyString |
The malware family of this infection. | |
descriptionString |
An overview of this infection. | |
referencesArray |
A list of URLs as a source of information. | |
data_exfiltrationBoolean |
true = This infection allows any unauthorized transfers of sensitive information. |
|
unauthorized_accessBoolean |
Indicates if this infection allows attackers to connect and then log in as a legitimate user. | |
implies_other_infectionsBoolean |
true = This infection may lead to other infections. |
|
resource_abuseBoolean |
true = This infection is misusing assets. |
|
target_platformsArray |
A list of platforms that are potentially affected. | |
remediationsObject |
If this is a Diligence finding, the details contain information about the finding and instructions to remediate it. | |
rollup_end_dateString [ YYYY-MM-DD ] |
The date of the most recent observation. | |
rollup_start_dateString [ YYYY-MM-DD ] |
The date of the first observation. |
- April 20, 2022: Separated each risk vector to its own page.
- March 22, 2022: Added
pcap_id
,sinkhole_ip
,sinkhole_ip_masked
, &remaining_decay
to GET: Botnet Infections Finding Details. - September 19, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.