GET: Diligence Finding Details – Bitsight Knowledge Base

September 8, 2023: Separated Open Ports & Patching Cadence to their own pages; Added Mobile Application Security findings.
June 7, 2023: Separated Mobile Application Security to its own page.
March 31, 2023: Separated TLS/SSL Certificates to its own page.

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=risk_vector_name

The details field for the /findings path shows the details of findings. The included details vary, depending on the risk vector.

The IP addresses of other companies are masked, in accordance with our responsible disclosure policy. Please review our terms and conditions, and then update your IP Visibility configurations accordingly.

Example Response

To get details on specific risk vectors, use the risk_vector parameter along with the following values:

SPF Domains = spf
DKIM Records = dkim
TLS/SSL Certificates = ssl_certificates
TLS/SSL Configurations = ssl_configurations
Open Ports = open_ports
Web Application Headers = application_security
Patching Cadence = patching_cadence
Insecure Systems = insecure_systems
Server Software = server_software
Desktop Software = desktop_software
Mobile Software = mobile_software
DNSSEC Records = dnssec
Mobile Application Security = mobile_application_security
Web Application Security = web_appsec
Domain Squatting - Findings for this risk vector cannot be queried via the API

    ⊕ See Fields That Apply to All Findings

    "diligence_annotations":{
      […]
    },
    "grade":"NEUTRAL",
    "remediations":[
      {
        "help_text":"This domain is missing a DNSKEY record and therefore cannot be authenticated using DNSSEC.",
        "message":"DNSSEC is not configured on this domain",
        "remediation_tip":"You will need to set up DNSSEC for your domain, including generating necessary keys and updating DNS zone records accordingly. See this <a target=\"new\" href=\"https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2\">DigitalOcean guide</a> for instructions which may be applicable to your server configuration, as well as <a target=\"new\" href=\"http://www.dnssec.net/practical-documents\">dnssec.net</a> for practical documents related to DNSSEC setup."
      }
    ],
    "rollup_end_date":"2019-01-26",
    "rollup_start_date":"2018-10-06"
  },
  "evidence_key":"example.com",

Response Attributes

The following attributes apply to all Diligence findings:

Field			Description
diligence_annotations Object			Diligence finding details.
	grade String
	remediations Object		Information about the finding and instructions to remediate it, if any.
		help_text String	An overview of this finding.
		message String	Details of this finding.
		remediation_tip String [`HTML`]	The recommended remediation instructions.
	rollup_end_date String [`YYYY-MM-DD`]		The date when this finding was last observed.
	rollup_start_date String [`YYYY-MM-DD`]		The date when this finding was first observed.

Insecure Systems Finding Details

Example Insecure Systems Request

curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=insecure_systems -u API_token:

Example Insecure Systems Response

⊕ See Fields That Apply to All Diligence Findings

               "risks":[
                  "Remote command execution"
               ],
               "references":[
                  "http://domain.com/path/filename.pdf",
                  "https://domain2.com/path2/",
                  "https://subdomain.domain3.com/path.html"
               ],
               "source_ip":"00.00.000.00",
               "path_info":"/store/products"
            },
            "sample_count":1,
            "sample_values":" ",
            "server_name":"domain4.com",
            "user_agent":" ",
            "dest_port":80,
            "src_port":39994

Insecure Systems Response Attributes

Field		Description
	risks Array	A description of the risks involved with this system.
	references Array	A list of URLs as a source of information.
	source_ip String	The IP address of this insecure system.
	path_info String	The URL path.
sample_count Integer
sample_values String
server_name String		The domain name of the affected server.
user_agent String		Browser details.
dest_port Integer		The number of the affected port.
src_port Integer		The number of the source port.

Server Software Finding Details

Example Server Software Request

curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=server_software -u API_token:

Example Server Software Response

⊕ See Fields That Apply to All Diligence Findings

    "modal_data":{
      "url":"https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes",
      "type":"obsolete-os-release",
      "name":"Ubuntu 12.04 LTS",
      "supportEndedOn":"2017-04-28",
      "supportedReleases":[
        {
          "url":"https://wiki.ubuntu.com/DiscoDingo/ReleaseNotes",
          "familyName":"Ubuntu",
          "name":"Ubuntu 19.04",
          "version":"19.04"
        }
      ]
    },
    "modal_tags":{
      "Upstream version":"5.3.10",
      "Type":"PHP",
      "HTTP Server header":"",
      "HTTP X-Powered-By header":"PHP/5.3.10-1ubuntu3.26"
      "OS family":"CentOS"
    },
    "server":"PHP",
    "version":"5.3.10"
  },
  "geo_ip_locat":"TH",
  "observed_ips":[  
    "55.555.555.55"
  ],
  "port_list":[  
    81
  ],
  "dest_port":81,

Server Software Response Attributes

Field				Description	Data Type
	`modal_data`			Contains server details.	Object
		`url`		The release notes from the developer.	String
		`type`		Indicates the status of this server software.	String
		`name`		The name and version of the operating system.	String
		`supportEndedOn`		The date when this server software version was no longer supported.	String [`YYYY-MM-DD`]
		`supportedReleases`		A list of supported operating systems and their details.	Array
			`url`	The release notes for this supported operating system from the developer.	String
			`familyName`	The product line of this supported operating system.	String
			`name`	The name of this supported operating system.	String
			`version`	The version of this supported operating system.	String
	`modal_tags`			Contains server software package details.	Object
		`Upstream version`			String
		`Type`		The type of server software package.	String
		`HTTP Server header`			String
		`HTTP X-Powered-By header`			String
		`OS family`			String
	`server`				String
	`version`			The current server software package.	String
`geo_ip_location`				A 2-letter ISO country code indicating this finding’s country of origin.	String
`observed_ips`				A list of observed IP addresses.	Array
`port_list`				A list of associated ports.	Array
`dest_port`				The number of the affected port.	Integer

Desktop Software Finding Details

Example Desktop Software Request

curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=desktop_software -u API_token:

Example Desktop Software Response

⊕ See Fields That Apply to All Diligence Findings

            "estimation_of_users":"1",
               "count_ips":1,
               "operating_system_rule":{
                  "is":"match",
                  "version":"10895.56",
                  "eol":"2018-11-02",
                  "launch":"2018-09-18"
               },
               "sample_ips":[
                  "55.5.555.555"
               ]
            },
            "geo_ip_location":"US",
            "operating_system_family":"Chrome OS",
            "operating_system_grade":"WARN",
            "operating_system_support_status":"UNSUPPORTED",
            "operating_system_version":"10895.78.0",
            "user_agent_family":"Chrome",
            "user_agent_grade":"WARN",
            "user_agent_support_status":"UNSUPPORTED",
            "user_agent_version":"69.0.3497",

Desktop Software Response Attributes

Field			Description
estimation_of_users Integer			The estimated number of affected users, which is based on the number of distinct cookies with a unique pair of browser and operating system versions.
	count_ips Integer		The number IP addresses that are attributed to this finding.
	operating_system_rule Object		Contains details of the logic for determining the supported status of the operating system.
		is String
		version String	The version of the operating system.
		eol String [`YYYY-MM-DD`]	The end-of-life date for this operating system.
		launch String [`YYYY-MM-DD`]	The launch date of this operating system version.
	sample_ips Array		A sampled list of attributed IP addresses.
geo_ip_location String			A 2-letter ISO country code indicating this finding’s country of origin.
operating_system_family String			The operating system type.
operating_system_grade String			An assessment of this operating system. See how the Desktop Software risk vector is assessed.
operating_system_support_status String			Indicates if this operating system is supported.
operating_system_version String			The current version of this operating system.
user_agent_family String			The browser type.
user_agent_grade String			An assessment of this browser. See how the Desktop Software risk vector is assessed.
user_agent_support_status String			Indicates if this browser is supported.
user_agent_version String			The current version of this browser.

Mobile Software Finding Details

Example Mobile Software Request

curl https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=mobile_software -u API_token:

Example Mobile Software Response

 {

    ⊕ See Fields That Apply to All Diligence Findings

    "estimation_of_users":"1",
    "count_ips":1,
    "operating_system_rule":{
      "is":"match",
      "version":"8",
      "eol":"9999-01-01",
      "launch":"2017-08-21"
    },
    "sample_ips":[  
      "55.5.555.55"
    ]
  },
  "geo_ip_location":"US",
  "operating_system_family":"Android",
  "operating_system_grade":"GOOD",
  "operating_system_support_status":"SUPPORTED",
  "operating_system_version":"8.0.0",
  "user_agent_family":"Chrome Mobile",
  "user_agent_grade":"GOOD",
  "user_agent_support_status":"SUPPORTED",
  "user_agent_version":"71.0.3578",

Mobile Software Response Attributes

Field			Description
estimation_of_users Integer			The estimated number of affected users.
	count_ips Integer		The number IP addresses that are attributed to this finding.
	operating_system_rule Object		Contains details of the logic for determining the supported status of the operating system.
		is String
		version String	The version of the operating system.
		eol String [`YYYY-MM-DD`]	The end-of-life date for this operating system.
		launch String [`YYYY-MM-DD`]	The launch date of this version.
	sample_ips Array		A sampled list of attributed IP addresses.
geo_ip_location String			A 2-letter ISO country code indicating this finding’s country of origin.
operating_system_family String			The operating system type.
operating_system_grade String			An assessment of this operating system. See how the Mobile Software risk vector is assessed.
operating_system_support_status String			Indicates if this operating system is supported.
operating_system_version String			The current version of this operating system.
user_agent_family String			The browser type.
user_agent_grade String			An assessment of this browser. See how the Mobile Software risk vector is assessed.
user_agent_support_status String			Indicates if this browser is supported.
user_agent_version String			The current version of the browser.

Articles in this section