Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Work From Home Finding Details

Ingrid

The details [details] that are included with Work From Home (WFH) findings vary by risk type [risk_type].

See the WFH API endpoint [/v1/findings/wfh].

Botnet Infections

Slug Name: botnet_infections

Botnet Infections Example Response

  "detection_method":"Sinkhole",
  "cc_ip":"123.123.123.123",
  "infection_id":183,
  "infection":"Rovnix",
  "request_method":"GET",
  "source_port":41650,
  "dest_port":80

Botnet Infections Response Attributes

Field Description 
detection_method
String 		The method used to detect the infection. See the data collection methods. 
cc_ip
String 		The destination IP address. 
infection_id
Integer 		For internal Bitsight use. 
infection
String 		The name of the infection. 
request_method
String 		For internal Bitsight use. 
source_port
Integer 		The source port number. 
dest_port
Integer 		A compromised device was observed to be sending traffic from this port.

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Potentially Exploited Example Response

  "cc_ip":"123.123.123.123",
  "infection_id":426,
  "infection":"ArrkiiSDK",
  "request_method":"GET",
  "user_agent":"Dalvik/2.1.0 (Linux; U; Android 10; SM-G965U Build/QP1A.190711.020)",
  "source_port":35222,
  "dest_port":80

Potentially Exploited Response Attributes

Field Description 
cc_ip
String 		The destination IP address. 
infection_id
Integer 		For internal Bitsight use. 
infection

String

 The name of the infection. 
request_method

String

 For internal Bitsight use. 
user_agent

String

 The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. 
source_port

Integer

 The source port number. 
dest_port

Integer

 A compromised device was observed to be sending traffic from this port.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Open Ports Example Response

  "grade":{
    "grade":"GOOD"
  },
  "message":[
    "Detected service: HTTPS"
  ],
  "response":"HTTP/1.1 200 OK\r\nDate: Sun, 23 Aug 2020 08:15:02 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConnection: Upgrade\r\nLast-Modified: Fri, 10 May 2019 03:34:15 GMT\r\nETag: \"24002b-7ab-588803db2483a\"\r\nAccept-Ranges: bytes\r\nContent-Length: 1963\r\nVary: Accept-Encoding,User-Agent\r\nContent-Type: text/html",
  "service":"HTTPS"

Open Ports Response Attributes

Field Description 
grade
Object 		Open Port record grade details.
  
grade
String 		The record grade of an Open Port finding. 
message
Array 		A brief description of Open Port findings. 
response
String 		Details of the service. 
service
String 		The type of service running on this port.

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

  "status":"vulnerable",
  "vulnerabilities":[
    "CVE-2020-8772"
  ],
  "annotation":[ ]

Vulnerability Response Attributes

Field Description 
status
String 		The status of the vulnerability.
Values:
  • vulnerable = A test was performed and the software or device is vulnerable to the vulnerability.
  • not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability.
  • unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive).
  • not-applicable = The software or device does not match the criteria for testing.
 
vulnerabilities
Array 		The Common Vulnerabilities and Exposures ID (CVE ID) of the vulnerabilities. 
annotation
Array 		 

⇪ Back to Directory

  • May 11, 2021: To allow for faster identification of infected machines, destination IP addresses of Compromised System findings for your organization are now unmasked.
  • August 27, 2020: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.