Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Work From Home Finding Details

Avatar
Ingrid
Follow
  • May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked.
  • August 27, 2020: Published.

The details [details] that are included with Work From Home (WFH) findings vary by risk type [risk_type].

See the WFH API endpoint [/v1/findings/wfh].

Botnet Infections

Slug Name: botnet_infections

Botnet Infections Example Response

  "detection_method":"Sinkhole",
  "cc_ip":"123.123.123.123",
  "infection_id":183,
  "infection":"Rovnix",
  "request_method":"GET",
  "source_port":41650,
  "dest_port":80

Botnet Infections Response Attributes

Field Description 
detection_method
String		 The method used to detect this observation. See the data collection methods directory. 
cc_ip
String		 The destination IP address. 
infection_id
Integer		 For internal Bitsight use. 
infection
String		 The name of the infection. 
request_method
String		 For internal Bitsight use. 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number.

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Potentially Exploited Example Response

  "cc_ip":"123.123.123.123",
  "infection_id":426,
  "infection":"ArrkiiSDK",
  "request_method":"GET",
  "user_agent":"Dalvik/2.1.0 (Linux; U; Android 10; SM-G965U Build/QP1A.190711.020)",
  "source_port":35222,
  "dest_port":80

Potentially Exploited Response Attributes

Field Description 
cc_ip
String		 The destination IP address. 
infection_id
Integer		 For internal Bitsight use. 
infection
String		 The name of the infection. 
request_method
String		 For internal Bitsight use. 
user_agent
String		 The user’s form of communication with the malware. 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Open PortsExample Response

  "grade":{
    "grade":"GOOD"
  },
  "message":[
    "Detected service: HTTPS"
  ],
  "response":"HTTP/1.1 200 OK\r\nDate: Sun, 23 Aug 2020 08:15:02 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade\r\nLast-Modified: Fri, 10 May 2019 03:34:15 GMT\r\nETag: \"24002b-7ab-588803db2483a\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1963\r\nVary: Accept-Encoding,User-Agent\r\nContent-Type: text/html",
  "service":"HTTPS"

Open Ports Response Attributes

Field Description 
grade
Object		 Open Port record grade details.
  
grade
String		 The record grade of an Open Port finding. 
message
Array		 A brief description of Open Port findings. 
response
String		 Details of the service. 
service
String		 The type of service running on this port.

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

  "status":"vulnerable",
  "vulnerabilities":[
    "CVE-2020-8772"
  ],
  "annotation":[ ]

Vulnerability Response Attributes

Field Description 
status
String		 The status of the vulnerability.
Values:
  • vulnerable = A test was performed and the software or device is vulnerable to the vulnerability.
  • not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability.
  • unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive).
  • not-applicable = The software or device does not match the criteria for testing.
 
vulnerabilities
Array		 The Common Vulnerabilities and Exposures ID (CVE ID) of the vulnerabilities. 
annotation
Array		  

⇪ Back to Directory

Related articles