https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name
The details field for the /findings path shows the details of findings. The included details vary, depending on the risk vector.
The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=spf -u api_token:
To get details on specific risk vectors, use the risk_vector parameter along with the following values:
-
SPF Domains =
spf -
DKIM Records =
dkim -
TLS/SSL Certificates =
ssl_certificates -
TLS/SSL Configurations =
ssl_configurations -
Open Ports =
open_ports -
Web Application Headers =
application_security -
Patching Cadence =
patching_cadence -
Insecure Systems =
insecure_systems -
Server Software =
server_software -
Desktop Software =
desktop_software -
Mobile Software =
mobile_software -
DNSSEC Records =
dnssec -
Mobile Application Security =
mobile_application_security -
Web Application Security =
web_appsec - Domain Squatting - Findings for this risk vector cannot be queried via the API
Example Response
⊕ See Fields That Apply to All Findings "diligence_annotations":{ […] }, "grade":"NEUTRAL", "remediations":[ { "help_text":"This domain is missing a DNSKEY record and therefore cannot be authenticated using DNSSEC.", "message":"DNSSEC is not configured on this domain", "remediation_tip":"You will need to set up DNSSEC for your domain, including generating necessary keys and updating DNS zone records accordingly. See this <a target=\"new\" href=\"https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2\">DigitalOcean guide</a> for instructions which may be applicable to your server configuration, as well as <a target=\"new\" href=\"http://www.dnssec.net/practical-documents\">dnssec.net</a> for practical documents related to DNSSEC setup." } ], "rollup_end_date":"2019-01-26", "rollup_start_date":"2018-10-06" }, "evidence_key":"example.com",
Response Attributes
The following attributes apply to all Diligence findings:
| Field | Description | ||
|---|---|---|---|
diligence_annotations Object |
Diligence finding details. | ||
grade String |
|||
remediations Object |
Information about the finding and instructions to remediate it, if any. | ||
help_text String |
An overview of this finding. | ||
message String |
Details of this finding. | ||
remediation_tip String [ |
The recommended remediation instructions. | ||
rollup_end_date String [ |
The date when this finding was last observed. | ||
rollup_start_date String [ |
The date when this finding was first observed. | ||
- September 27, 2023: Insecure Systems, Server Software, Desktop Software, & Mobile Software separated to their own pages.
- September 8, 2023: Separated Open Ports & Patching Cadence to their own pages; Added Mobile Application Security findings.
- June 7, 2023: Separated Mobile Application Security to its own page.
Feedback
0 comments
Please sign in to leave a comment.