- September 8, 2023: Separated Open Ports & Patching Cadence to their own pages; Added Mobile Application Security findings.
- June 7, 2023: Separated Mobile Application Security to its own page.
- March 31, 2023: Separated TLS/SSL Certificates to its own page.
https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name
The details
field for the /findings
path shows the details of findings. The included details vary, depending on the risk vector.
The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.
Example Response
To get details on specific risk vectors, use the risk_vector
parameter along with the following values:
- SPF Domains =
spf
- DKIM Records =
dkim
- TLS/SSL Certificates =
ssl_certificates
- TLS/SSL Configurations =
ssl_configurations
- Open Ports =
open_ports
- Web Application Headers =
application_security
- Patching Cadence =
patching_cadence
- Insecure Systems =
insecure_systems
- Server Software =
server_software
- Desktop Software =
desktop_software
- Mobile Software =
mobile_software
- DNSSEC Records =
dnssec
- Mobile Application Security =
mobile_application_security
- Web Application Security =
web_appsec
- Domain Squatting - Findings for this risk vector cannot be queried via the API
⊕ See Fields That Apply to All Findings "diligence_annotations":{ […] }, "grade":"NEUTRAL", "remediations":[ { "help_text":"This domain is missing a DNSKEY record and therefore cannot be authenticated using DNSSEC.", "message":"DNSSEC is not configured on this domain", "remediation_tip":"You will need to set up DNSSEC for your domain, including generating necessary keys and updating DNS zone records accordingly. See this <a target=\"new\" href=\"https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2\">DigitalOcean guide</a> for instructions which may be applicable to your server configuration, as well as <a target=\"new\" href=\"http://www.dnssec.net/practical-documents\">dnssec.net</a> for practical documents related to DNSSEC setup." } ], "rollup_end_date":"2019-01-26", "rollup_start_date":"2018-10-06" }, "evidence_key":"example.com",
Response Attributes
The following attributes apply to all Diligence findings:
Field | Description | ||
---|---|---|---|
diligence_annotationsObject |
Diligence finding details. | ||
gradeString |
|||
remediationsObject |
Information about the finding and instructions to remediate it, if any. | ||
help_textString |
An overview of this finding. | ||
messageString |
Details of this finding. | ||
remediation_tipString [ HTML ] |
The recommended remediation instructions. | ||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. |
Insecure Systems Finding Details
Example Insecure Systems Request
curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=insecure_systems -u API_token:
Example Insecure Systems Response
⊕ See Fields That Apply to All Diligence Findings "risks":[ "Remote command execution" ], "references":[ "http://domain.com/path/filename.pdf", "https://domain2.com/path2/", "https://subdomain.domain3.com/path.html" ], "source_ip":"00.00.000.00", "path_info":"/store/products" }, "sample_count":1, "sample_values":" ", "server_name":"domain4.com", "user_agent":" ", "dest_port":80, "src_port":39994
Insecure Systems Response Attributes
Field | Description | |
---|---|---|
risksArray |
A description of the risks involved with this system. | |
referencesArray |
A list of URLs as a source of information. | |
source_ipString |
The IP address of this insecure system. | |
path_infoString |
The URL path. | |
sample_countInteger |
||
sample_valuesString |
||
server_nameString |
The domain name of the affected server. | |
user_agentString |
Browser details. | |
dest_portInteger |
The number of the affected port. | |
src_portInteger |
The number of the source port. |
Server Software Finding Details
Example Server Software Request
curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=server_software -u API_token:
Example Server Software Response
⊕ See Fields That Apply to All Diligence Findings "modal_data":{ "url":"https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes", "type":"obsolete-os-release", "name":"Ubuntu 12.04 LTS", "supportEndedOn":"2017-04-28", "supportedReleases":[ { "url":"https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes", "familyName":"Ubuntu", "name":"Ubuntu 19.04", "version":"19.04" } ] }, "modal_tags":{ "Upstream version":"5.3.10", "Type":"PHP", "HTTP Server header":"", "HTTP X-Powered-By header":"PHP/5.3.10-1ubuntu3.26" "OS family":"CentOS" }, "server":"PHP", "version":"5.3.10" }, "geo_ip_locat":"TH", "observed_ips":[ "55.555.555.55" ], "port_list":[ 81 ], "dest_port":81,
Server Software Response Attributes
Field | Description | Data Type | |||
---|---|---|---|---|---|
modal_data |
Contains server details. | Object | |||
url |
The release notes from the developer. | String | |||
type |
Indicates the status of this server software. | String | |||
name |
The name and version of the operating system. | String | |||
supportEndedOn |
The date when this server software version was no longer supported. | String [YYYY-MM-DD ] |
|||
supportedReleases |
A list of supported operating systems and their details. | Array | |||
url |
The release notes for this supported operating system from the developer. | String | |||
familyName |
The product line of this supported operating system. | String | |||
name |
The name of this supported operating system. | String | |||
version |
The version of this supported operating system. | String | |||
modal_tags |
Contains server software package details. | Object | |||
Upstream version |
String | ||||
Type |
The type of server software package. | String | |||
HTTP Server header |
String | ||||
HTTP X-Powered-By header |
String | ||||
OS family |
String | ||||
server |
String | ||||
version |
The current server software package. | String | |||
geo_ip_location |
A 2-letter ISO country code indicating this finding’s country of origin. | String | |||
observed_ips |
A list of observed IP addresses. | Array | |||
port_list |
A list of associated ports. | Array | |||
dest_port |
The number of the affected port. | Integer |
Desktop Software Finding Details
Example Desktop Software Request
curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=desktop_software -u API_token:
Example Desktop Software Response
⊕ See Fields That Apply to All Diligence Findings "estimation_of_users":"1", "count_ips":1, "operating_system_rule":{ "is":"match", "version":"10895.56", "eol":"2018-11-02", "launch":"2018-09-18" }, "sample_ips":[ "55.5.555.555" ] }, "geo_ip_location":"US", "operating_system_family":"Chrome OS", "operating_system_grade":"WARN", "operating_system_support_status":"UNSUPPORTED", "operating_system_version":"10895.78.0", "user_agent_family":"Chrome", "user_agent_grade":"WARN", "user_agent_support_status":"UNSUPPORTED", "user_agent_version":"69.0.3497",
Desktop Software Response Attributes
Field | Description | ||
---|---|---|---|
estimation_of_usersInteger |
The estimated number of affected users, which is based on the number of distinct cookies with a unique pair of browser and operating system versions. | ||
count_ipsInteger |
The number IP addresses that are attributed to this finding. | ||
operating_system_ruleObject |
Contains details of the logic for determining the supported status of the operating system. | ||
isString |
|||
versionString |
The version of the operating system. | ||
eolString [ YYYY-MM-DD ] |
The end-of-life date for this operating system. | ||
launchString [ YYYY-MM-DD ] |
The launch date of this operating system version. | ||
sample_ipsArray |
A sampled list of attributed IP addresses. | ||
geo_ip_locationString |
A 2-letter ISO country code indicating this finding’s country of origin. | ||
operating_system_familyString |
The operating system type. | ||
operating_system_gradeString |
An assessment of this operating system. See how the Desktop Software risk vector is assessed. | ||
operating_system_support_statusString |
Indicates if this operating system is supported. | ||
operating_system_versionString |
The current version of this operating system. | ||
user_agent_familyString |
The browser type. | ||
user_agent_gradeString |
An assessment of this browser. See how the Desktop Software risk vector is assessed. | ||
user_agent_support_statusString |
Indicates if this browser is supported. | ||
user_agent_versionString |
The current version of this browser. |
Mobile Software Finding Details
Example Mobile Software Request
curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=mobile_software -u API_token:
Example Mobile Software Response
{ ⊕ See Fields That Apply to All Diligence Findings "estimation_of_users":"1", "count_ips":1, "operating_system_rule":{ "is":"match", "version":"8", "eol":"9999-01-01", "launch":"2017-08-21" }, "sample_ips":[ "55.5.555.55" ] }, "geo_ip_location":"US", "operating_system_family":"Android", "operating_system_grade":"GOOD", "operating_system_support_status":"SUPPORTED", "operating_system_version":"8.0.0", "user_agent_family":"Chrome Mobile", "user_agent_grade":"GOOD", "user_agent_support_status":"SUPPORTED", "user_agent_version":"71.0.3578",
Mobile Software Response Attributes
Field | Description | ||
---|---|---|---|
estimation_of_usersInteger |
The estimated number of affected users. | ||
count_ipsInteger |
The number IP addresses that are attributed to this finding. | ||
operating_system_ruleObject |
Contains details of the logic for determining the supported status of the operating system. | ||
isString |
|||
versionString |
The version of the operating system. | ||
eolString [ YYYY-MM-DD ] |
The end-of-life date for this operating system. | ||
launchString [ YYYY-MM-DD ] |
The launch date of this version. | ||
sample_ipsArray |
A sampled list of attributed IP addresses. | ||
geo_ip_locationString |
A 2-letter ISO country code indicating this finding’s country of origin. | ||
operating_system_familyString |
The operating system type. | ||
operating_system_gradeString |
An assessment of this operating system. See how the Mobile Software risk vector is assessed. | ||
operating_system_support_statusString |
Indicates if this operating system is supported. | ||
operating_system_versionString |
The current version of this operating system. | ||
user_agent_familyString |
The browser type. | ||
user_agent_gradeString |
An assessment of this browser. See how the Mobile Software risk vector is assessed. | ||
user_agent_support_statusString |
Indicates if this browser is supported. | ||
user_agent_versionString |
The current version of the browser. |