https://api.bitsighttech.com/ratings/v1/findings/wfh
Use Work From Home (WFH) to get findings for a set of IP addresses.
Parameters
* Either the bulk_request or ips parameter is required.
bulk_request-
* Either the ‘bulk_request’ or ‘ips’ parameter is required.
[Query] Filter by a previous bulk request.
Value: [String] Bulk upload unique identifiers [
wfh_guid]. See GET: Bulk Work From Home Requests. ips-
* Either the ‘bulk_request’ or ‘ips’ parameter is required.
[Query] Identify the IP addresses to query.
- IP addresses that belong to a non-telecommunications company in the Bitsight inventory will not return results.
- IP addresses in the telecommunications industry are dynamic. The older the finding, the less likely it belongs to a single user.
Value: [Array] Up to 50 comma-separated IP addresses. See the recommended WFH IP addresses.
IPv6 not supported.
date_interval-
[Query] Filter by date interval.
Value: [String]
7d30d
risk_types-
[Query] Filter by risk vectors.
Value: [String]
limit-
[Query] Set the maximum number of results per query. The results might include fewer records (even zero), but not more.
Value: [Integer] Default: ↻
100 offset-
[Query] Set the starting point of the return.
Value: [Integer]
0(zero) = Start the results from the first record in the result set.
Example Request
curl 'https://api.bitsighttech.com/ratings/v1/findings/wfh/?ips=IP_addresses' -u api_token:
Example Response
{
"links":{
"previous":null,
"next":null
},
"count":16,
"summaries":{
"service_providers":[
{
"ips":{
"total_count":1
},
"grades":[
"NEUTRAL",
"GOOD"
],
"guid":"12345678-abcd-efgh-1234-abcdefghijkl",
"name":"Anon Telecomm, Inc.",
"findings":{
"total_count":16
}
}
],
"risk_types":[
{
"ips":{
"total_count":1
},
"grades":[
"NEUTRAL",
"GOOD"
],
"risk_type":"open_ports",
"findings":{
"total_count":11
}
}
],
"vulnerabilities":[
{
"ips":{
"total_count":1
},
"vulnerability":"CVE-2020-8772",
"findings":{
"total_count":1
}
}
],
"request":{
"ip_with_event_count":1,
"requested_ip_count":1,
"ineligible_ip_count":0,
"requested_ips":[
"123.123.123.123"
],
"non_isp":[ ],
"eligible_ip_count":1
},
"infections":[
{
"ips":{
"total_count":1
},
"findings":{
"total_count":7
},
"infection":"Rovnix"
}
],
"locations":[
{
"country":"United States of America",
"grades":[
"NEUTRAL",
"GOOD"
],
"findings":{
"total_count":16
},
"country_code":"US",
"ips":{
"total_count":1
}
}
],
"ips":[
{
"service_providers":[
"12345678-abcd-efgh-1234-abcdefghijkl"
],
"risk_types":[
"botnet_infections",
"vulnerability",
"open_ports"
],
"findings":{
"total_count":16
},
"vulnerabilities":[
"CVE-2019-8942",
"CVE-2020-8772"
],
"infections":[
"Rovnix"
],
"locations":[
"US"
],
"grades":[
"NEUTRAL",
"GOOD"
],
"services":[
"IMAP with STARTTLS",
"HTTPS"
],
"ip_address":"123.123.123.123"
}
],
"services":[
[…]
{
"ips":{
"total_count":1
},
"grades":[
"GOOD"
],
"findings":{
"total_count":1
},
"service":"SMTPS"
}
],
"non_isp":[ ]
},
"results":[
{
"entities":[
{
"name":"Anon Telecomm, Inc.",
"industry_sector":"Telecommunications",
"is_service_provider":false,
"has_parent":false,
"guid":"12345678-abcd-efgh-1234-abcdefghijkl"
}
],
"observation_id":"_aAAa1AA_a1aAA1A1aaAAa==",
"country":{
"code":"US",
"name":"United States of America"
},
"collection_date":"2020-08-19",
"forensics":{
"host_port":80,
"host_ip":"123.123.123.123"
},
"occurrences":{
"count":2,
"event_date":"2020-08-19",
"first_seen":"2020-08-19 01:01:23",
"representative_timestamp":"2020-08-19 21:04:45",
"last_seen":"2020-08-19 21:04:45"
},
"event_date":"2020-08-19",
"risk_type":"open_ports",
"details":{
⊕ See WFH Finding Details By Risk Type
}
}
]
}
Response Attributes
| Field | Description | |||
|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | |||
previous String |
The URL to navigate to the previous page of results. | |||
next String |
The URL to navigate to the next page of results. | |||
count Integer |
The number of WFH findings. | |||
summaries Object |
A summary of WFH findings. | |||
service_providers Array |
Service provider details. | |||
ips Object |
IP addresses provided by this service provider. | |||
total_count Integer |
The number of IP addresses provided by an ISP. | |||
grades Array |
If the finding is an Open Port ("risk_type":"open_ports"), these record grades are included. |
|||
guid String [ |
The unique identifier of the service provider. | |||
name String |
The name of the service provider. | |||
findings Object |
WFH findings associated with this service provider. | |||
total_count Integer |
The number of WFH findings associated with this service provider. | |||
risk_types Array |
WFH findings by risk type. | |||
ips Object |
IP addresses provided by this service provider. | |||
total_count Integer |
The number of IP addresses provided by an ISP. | |||
grades Array |
If the finding is an Open Port ("risk_type":"open_ports"), these record grades are included. |
|||
risk_type String |
The slug name of this risk type. | |||
findings Object |
WFH findings associated with this risk type. | |||
total_count Integer |
The number of WFH findings associated with this risk type. | |||
vulnerabilities Array |
Vulnerability WFH findings. | |||
ips Object |
IP addresses with vulnerabilities. | |||
total_count Integer |
The number of IP addresses with vulnerabilities. | |||
vulnerability String |
The Common Vulnerabilities and Exposures ID (CVE ID). | |||
findings Object |
WFH findings that are vulnerabilities. | |||
total_count Integer |
The number of WFH findings that have vulnerabilities. | |||
request Object |
Details of the WFH request. | |||
ip_with_event_count Integer |
The number of IP addresses with WFH findings. | |||
requested_ip_count Integer |
The number of requested IP addresses. | |||
ineligible_ip_count Integer |
The number of requested IP addresses that were not eligible for WFH.
|
|||
requested_ips Array |
The requested IP addresses. | |||
non_isp Array |
Requested IP addresses that do not belong to an Internet Service Provider (ISP). | |||
eligible_ip_count Integer |
The number of requested IP addresses that were not eligible for WFH. | |||
infections Array |
Details of infection WFH findings. | |||
ips Object |
IP addresses that have infections. | |||
total_count Integer |
The number of IP addresses that have infections. | |||
findings Object |
WFH findings that are infections. | |||
total_count Integer |
The number of WFH findings that are infections. | |||
infection String |
The name of this infection. | |||
locations Array |
Location details of the WFH findings. | |||
country String |
The name of this country. | |||
grades Array |
If the finding is an Open Port ["risk_type":"open_ports"], these record grades are included. |
|||
findings Object |
Location details of the WFH findings. | |||
total_count Integer |
The number of findings in this location. | |||
country_code String |
The 2-letter country code of this country. | |||
ips Object |
IP address location details of the WFH findings. | |||
total_count Integer |
The number of IP addresses in this location. | |||
ips Array |
IP address details of the WFH findings. | |||
service_providers Array [ |
Associated service providers. | |||
risk_types Array |
Risk types of WFH findings in this IP address. | |||
findings Object |
WFH finding information of the requested IP addresses. | |||
total_count Integer |
The number of WFH findings among the requested IP addresses. | |||
vulnerabilities Array |
Vulnerabilities of the requested IP addresses. | |||
infections Array |
Infections among the requested IP addresses. | |||
locations Array |
Locations of the requested IP addresses. | |||
grades Array |
If the finding is an Open Port ["risk_type":"open_ports"], these record grades are included. |
|||
services Array |
Services that result with an Open Port WFH finding. | |||
ip_address String |
The IP address of the findings. | |||
services Array |
Services that result with an Open Port WFH finding. | |||
ips Object |
IP address details of the services. | |||
total_count Integer |
The number of IP services used in the IP address. | |||
grades Array |
If the finding is an Open Port ["risk_type":"open_ports"], these record grades are included. |
|||
findings Object |
WFH finding details. | |||
total_count Integer |
The number of WFH findings. | |||
service String |
Open Port services. | |||
non_isp Array |
IP addresses that do not belong to an Internet Service Provider (ISP). | |||
results Array |
WFH findings. | |||
entities Array |
Service provider company details. | |||
name String |
The name of this company. | |||
industry_sector String |
The industry of this company. | |||
is_service_provider Boolean |
true = This company is an internet service provider (ISP). |
|||
has_parent Boolean |
true = This company has a parent company. |
|||
guid String [ |
The unique identifier of this company. | |||
observation_id String [ |
The observation (finding) identifier. | |||
country Object |
Country details. | |||
code String |
The 2-letter country code of this country. | |||
name String |
The name of this country. | |||
collection_date String [ |
The date when the WFH data was compiled. | |||
forensics Object |
Asset details. | |||
host_port Integer |
The port number used by the host. | |||
host_ip String |
The IP address of the host. | |||
domain_name String |
The domain name. | |||
occurrences Object |
Observation occurrence details. | |||
count Integer |
The number of occurrences. | |||
event_date String [ |
The date when the event occurred. | |||
first_seen String [ |
The datetime when the event was first seen. | |||
representative_timestamp String [ |
The datetime when the event occurred. | |||
last_seen String [ |
The datetime when the event was last seen. | |||
event_date String [ |
The date when the event occurred. | |||
risk_type String |
The risk type. | |||
details Object |
WFH finding details. WFH finding details vary by risk type [risk_type]. |
|||
Status Codes
See the common errors and status codes.
400 – Bad Request- No IP addresses were submitted via the required
ipsparameter or a submitted IP address was invalid. 403 – Forbidden- Review the Work From Home Privacy Notice and ensure you have met the requirements to use Work From Home.
-
August 27, 2020: Now includes
summariesandvulnerabilityinformation. - June 30, 2020: Initial publication.
Feedback
1 comment
Hello, I have a problem when I try to do a search using this endpoint(https://api.bitsighttech.com/ratings/v1/findings/wfh), I got 403 unauthorized, although other endpoints are working correctly.
Can someone help me ?
my email adress: allan-magalhaes.silva.ext@bureauveritas.com.
Best regards.
Please sign in to leave a comment.