https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name
The details
field for the /findings
path shows the details of findings. The included details vary, depending on the risk vector.
The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=spf -u api_token:
To get details on specific risk vectors, use the risk_vector
parameter along with the following values:
- SPF Domains =
spf
- DKIM Records =
dkim
- TLS/SSL Certificates =
ssl_certificates
- TLS/SSL Configurations =
ssl_configurations
- Open Ports =
open_ports
- Web Application Headers =
application_security
- Patching Cadence =
patching_cadence
- Insecure Systems =
insecure_systems
- Server Software =
server_software
- Desktop Software =
desktop_software
- Mobile Software =
mobile_software
- DNSSEC Records =
dnssec
- Mobile Application Security =
mobile_application_security
- Web Application Security =
web_appsec
- Domain Squatting - Findings for this risk vector cannot be queried via the API
Example Response
⊕ See Fields That Apply to All Findings "diligence_annotations":{ […] }, "grade":"NEUTRAL", "remediations":[ { "help_text":"This domain is missing a DNSKEY record and therefore cannot be authenticated using DNSSEC.", "message":"DNSSEC is not configured on this domain", "remediation_tip":"You will need to set up DNSSEC for your domain, including generating necessary keys and updating DNS zone records accordingly. See this <a target=\"new\" href=\"https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2\">DigitalOcean guide</a> for instructions which may be applicable to your server configuration, as well as <a target=\"new\" href=\"http://www.dnssec.net/practical-documents\">dnssec.net</a> for practical documents related to DNSSEC setup." } ], "rollup_end_date":"2019-01-26", "rollup_start_date":"2018-10-06" }, "evidence_key":"example.com",
Response Attributes
The following attributes apply to all Diligence findings:
Field | Description | ||
---|---|---|---|
diligence_annotationsObject |
Diligence finding details. | ||
gradeString |
|||
remediationsObject |
Information about the finding and instructions to remediate it, if any. | ||
help_textString |
An overview of this finding. | ||
messageString |
Details of this finding. | ||
remediation_tipString [ HTML ] |
The recommended remediation instructions. | ||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. |
- September 27, 2023: Insecure Systems, Server Software, Desktop Software, & Mobile Software separated to their own pages.
- September 8, 2023: Separated Open Ports & Patching Cadence to their own pages; Added Mobile Application Security findings.
- June 7, 2023: Separated Mobile Application Security to its own page.
Feedback
0 comments
Please sign in to leave a comment.