The details [details
] that are included with Work From Home (WFH) findings vary by risk type [risk_type
].
See the WFH API endpoint [/v1/findings/wfh
].
Botnet Infections
Slug Name: botnet_infections
Botnet Infections Example Response
"detection_method":"Sinkhole", "cc_ip":"123.123.123.123", "infection_id":183, "infection":"Rovnix", "request_method":"GET", "source_port":41650, "dest_port":80
Botnet Infections Response Attributes
Field | Description |
---|---|
detection_methodString |
The method used to detect the infection. See the data collection methods. |
cc_ipString |
The destination IP address. |
infection_idInteger |
For internal Bitsight use. |
infectionString |
The name of the infection. |
request_methodString |
For internal Bitsight use. |
source_portInteger |
The source port number. |
dest_portInteger |
A compromised device was observed to be sending traffic from this port. |
Potentially Exploited
Slug Name: potentially_exploited
Potentially Exploited Example Response
"cc_ip":"123.123.123.123", "infection_id":426, "infection":"ArrkiiSDK", "request_method":"GET", "user_agent":"Dalvik/2.1.0 (Linux; U; Android 10; SM-G965U Build/QP1A.190711.020)", "source_port":35222, "dest_port":80
Potentially Exploited Response Attributes
Field | Description |
---|---|
cc_ipString |
The destination IP address. |
infection_idInteger |
For internal Bitsight use. |
infectionString |
The name of the infection. |
request_methodString |
For internal Bitsight use. |
user_agentString |
The user’s form of communication with the malware. |
source_portInteger |
The source port number. |
dest_portInteger |
A compromised device was observed to be sending traffic from this port. |
Open Ports
Slug Name: open_ports
Open Ports Example Response
"grade":{ "grade":"GOOD" }, "message":[ "Detected service: HTTPS" ], "response":"HTTP/1.1 200 OK\r\nDate: Sun, 23 Aug 2020 08:15:02 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade\r\nLast-Modified: Fri, 10 May 2019 03:34:15 GMT\r\nETag: \"24002b-7ab-588803db2483a\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1963\r\nVary: Accept-Encoding,User-Agent\r\nContent-Type: text/html", "service":"HTTPS"
Open Ports Response Attributes
Field | Description | |
---|---|---|
gradeObject |
Open Port record grade details. | |
gradeString |
The record grade of an Open Port finding. | |
messageArray |
A brief description of Open Port findings. | |
responseString |
Details of the service. | |
serviceString |
The type of service running on this port. |
Vulnerability
Slug Name: vulnerability
Example Response
"status":"vulnerable", "vulnerabilities":[ "CVE-2020-8772" ], "annotation":[ ]
Vulnerability Response Attributes
Field | Description |
---|---|
statusString |
The status of the vulnerability.
Values: |
vulnerabilitiesArray |
The Common Vulnerabilities and Exposures ID (CVE ID) of the vulnerabilities. |
annotationArray |
- May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked.
- August 27, 2020: Published.
Feedback
0 comments
Please sign in to leave a comment.