Work From Home Finding Details Ingrid The details [details] that are included with Work From Home (WFH) findings vary by risk type [risk_type]. See the WFH API endpoint [/v1/findings/wfh]. Botnet Infections Potentially Exploited Open Ports Vulnerability Botnet Infections Slug Name: botnet_infections Botnet Infections Example Response "detection_method":"Sinkhole", "cc_ip":"123.123.123.123", "infection_id":183, "infection":"Rovnix", "request_method":"GET", "source_port":41650, "dest_port":80 Botnet Infections Response Attributes Field Description detection_method String The method used to detect the infection. See the data collection methods. cc_ip String The destination IP address. infection_id Integer For internal Bitsight use. infection String The name of the infection. request_method String For internal Bitsight use. source_port Integer The source port number. dest_port Integer A compromised device was observed to be sending traffic from this port. ⇪ Back to Directory Potentially Exploited Slug Name: potentially_exploited Potentially Exploited Example Response "cc_ip":"123.123.123.123", "infection_id":426, "infection":"ArrkiiSDK", "request_method":"GET", "user_agent":"Dalvik/2.1.0 (Linux; U; Android 10; SM-G965U Build/QP1A.190711.020)", "source_port":35222, "dest_port":80 Potentially Exploited Response Attributes Field Description cc_ip String The destination IP address. infection_id Integer For internal Bitsight use. infection String The name of the infection. request_method String For internal Bitsight use. user_agent String The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. source_port Integer The source port number. dest_port Integer A compromised device was observed to be sending traffic from this port. ⇪ Back to Directory Open Ports Slug Name: open_ports Open Ports Example Response "grade":{ "grade":"GOOD" }, "message":[ "Detected service: HTTPS" ], "response":"HTTP/1.1 200 OK\r\nDate: Sun, 23 Aug 2020 08:15:02 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade\r\nLast-Modified: Fri, 10 May 2019 03:34:15 GMT\r\nETag: \"24002b-7ab-588803db2483a\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1963\r\nVary: Accept-Encoding,User-Agent\r\nContent-Type: text/html", "service":"HTTPS" Open Ports Response Attributes Field Description grade Object Open Port record grade details. grade String The record grade of an Open Port finding. message Array A brief description of Open Port findings. response String Details of the service. service String The type of service running on this port. ⇪ Back to Directory Vulnerability Slug Name: vulnerability Example Response "status":"vulnerable", "vulnerabilities":[ "CVE-2020-8772" ], "annotation":[ ] Vulnerability Response Attributes Field Description status String The status of the vulnerability. Values: vulnerable = A test was performed and the software or device is vulnerable to the vulnerability. not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability. unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive). not-applicable = The software or device does not match the criteria for testing. vulnerabilities Array The Common Vulnerabilities and Exposures ID (CVE ID) of the vulnerabilities. annotation Array ⇪ Back to Directory May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked. August 27, 2020: Published. Related articles GET: Work From Home Findings WFH Findings API Endpoint GET: Bulk Work From Home Requests Recommended Work From Home IP Addresses GET: Spam Propagation Finding Details Feedback 0 comments Please sign in to leave a comment.