https://api.bitsighttech.com/ratings/v1/companies/company_guid/observations
The details
field that’s included with GET: Detailed Company Observations (/v1/companies/company_guid/observations
) shows the details of observations. Observation details vary, depending on the risk type [risk_types
].
- Botnet Infections
- Potentially Exploited
- SPF Domains
- TLS/SSL Certificates
- TLS/SSL Configurations
- Open Ports
- Patching Cadence
- Server Software
- DNSSEC
- File Sharing
- Vulnerability
Botnet Infections
Slug Name: botnet_infections
Botnet Infections Example Response
"source_port":54710, "dest_port":80, "server_name":"example.server.com", "cc_ip":"XXX.111.222.33", "request_method":"POST", "detection_mechanism":"Sinkhole", "infection":"RootSTV",
Botnet Infections Response Attributes
Field | Description |
---|---|
source_portInteger |
The source port number. |
dest_portInteger |
A compromised device was observed to be sending traffic from this port. |
server_nameString |
The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. |
cc_ipString |
The IP address of the malware’s Command and Control Server (C&C or C2 Server). |
request_methodString |
The request method used to communicate with the malware. |
detection_mechanismString |
The method used to detect this observation. See our data collection methods. |
infectionString |
The name of the infection. |
Potentially Exploited
Slug Name: potentially_exploited
Potentially Exploited Example Response
"source_port":56273, "dest_port":80, "server_name":"example.server.com", "cc_ip":"XXX.111.222.33", "request_method":"POST", "user_agent":"Apache-HttpClient/UNAVAILABLE (java 1.4)", "infection":"MobiDash",
Potentially Exploited Response attributes
Field | Description |
---|---|
source_portInteger |
The source port number. |
dest_portInteger |
A compromised device was observed to be sending traffic from this port. |
server_nameString |
The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. |
cc_ipString |
The IP address of the malware’s Command and Control Server (C&C or C2 Server). |
request_methodString |
The request method used to communicate with the malware. |
user_agentString |
The user’s form of communication with the malware. |
infectionString |
The name of the potential infection. |
SPF Domains
Slug Name: spf
SPF Domains Example Response
"occurrences":{ "first_seen":"2020-08-05 03:42:12", "last_seen":"2020-08-05 03:42:12", "representative_timestamp":"2020-08-05 03:42:12", "count":1 }, "grade":"GOOD", "issue":"Effective", "dns":{ "query_type":16, "error_code":0, "answer":"[ [TXT, v=spf1 include:spf.efwd.registrar-servers.com ~all] ]" }, "spf_records":[ { "domain":"actorsfilms.us", "record":[ "v=spf1 include:spf.efwd.registrar-servers.com ~all" ], "grade":"GOOD", "issue":"Effective" } ]
SPF Domains Response Attributes
Field | Description | |
---|---|---|
occurrencesObject |
Occurrence details. | |
first_seenString [ YYYY‑MM‑DD HH:MM:SS ] |
The starting date and time of this occurrence’s duration. | |
last_seenString [ YYYY‑MM‑DD HH:MM:SS ] |
The ending date and time of this occurrence’s duration. | |
representative_timestampString [ YYYY‑MM‑DD HH:MM:SS ] |
The representative date and time of this occurrence. | |
countInteger |
The number of times this observation was counted. | |
gradeString |
The finding grade for this observation. | |
issueString |
A description of this observation. | |
dnsObject |
Domain Name System (DNS) details. | |
query_typeInteger |
For internal Bitsight use. | |
error_codeInteger |
For internal Bitsight use. | |
answerString |
The contents of the returned record from the DNS. | |
spf_recordsArray |
SPF records. | |
domainString |
The domain name. | |
recordArray |
Record details. | |
gradeString |
The finding grade for this observation. | |
issueString |
A description of this observation. |
TLS/SSL Certificates
Slug Name: ssl_certificates
TLS/SSL Certificates Example Response
"grade":"WARN", "cert_chain":[ { "startDate":"2020-06-29", "endDate":"2030-06-28", "issuerName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com", "subjectName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com", "keyAlgorithm":"RSA", "signatureAlgorithm":"SHA256WITHRSA", "keyLength":2048, "serialNumber":"934606686", "dnsName":[ "vpn.blakemanpropane.com" ], "serialNumberHex":"37B4F75E" } ], "certificate_serial":"934606686", "certificate_serial_hex":"37B4F75E", "issues":[ "Self-signed certificate" ], "observed_ips":[ "75.127.18.14:443" ], "hostnames":[ "vpn.blakemanpropane.com" ]
TLS/SSL Certificates Response Attributes
Field | Description | |
---|---|---|
gradeString |
The finding grade for this observation. | |
cert_chainArray |
Certificate chain details. | |
startDateString [ YYYY‑MM‑DD ] |
The date when this certificate started. | |
endDateString [ YYYY‑MM‑DD ] |
The date when this certificate expired or expires. | |
issuerNameString |
The distinguished name of the certificate issuer, made up of attribute assertion values.
Values: |
|
subjectNameString |
The distinguished name of the owner of the certificate, made up of attribute assertion values.
Values: |
|
keyAlgorithmString |
The algorithm used to encrypt and decrypt messages. | |
signatureAlgorithmString |
The signing algorithm used in this certificate. | |
keyLengthInteger |
The bit strength of this key. See the recommended TLS key length. | |
serialNumberInteger |
The serial number of the certificate within this chain. | |
dnsNameArray |
A list of domain names within this chain. | |
serialNumberHexString |
The hex serial number of the certificate within this chain. | |
certificate_serialInteger |
The serial number of the certificate within this chain. | |
certificate_serial_hexString |
The hex serial number of the certificate within this chain. | |
issuesArray |
Descriptions of any observations. | |
observed_ipsArray |
Observed IP addresses. | |
hostnamesArray |
Observed hostnames. |
TLS/SSL Configurations
Slug Name: ssl_configuration
TLS/SSL Configurations Example Response
"grade":"BAD", "issues":[ "Allows insecure protocol: TLSv1.0", "Allows insecure protocol: TLSv1.1" ], "dh_prime":"ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff", "dh_length":"2048"
TLS/SSL Configurations Response Attributes
Field | Description |
---|---|
gradeString |
The finding grade for this observation. |
issuesArray |
TLS/SSL Configuration observations. |
dh_primeString |
The Diffie-Hellman prime. |
dh_lengthInteger |
The configured key length. See the recommended TLS key length. |
Open Ports
Slug Name: open_ports
Open Ports Example Response
"grade":"NEUTRAL", "response":"HTTP/1.0 400 Bad Request\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 209\r\nExpires: Wed, 05 Aug 2020 03:27:03 GMT\r\nDate: Wed, 05 Aug 2020 03:27:03 GMT\r\nConnection: close", "message":"Detected service: HTTP"
Open Ports Response Attributes
Field | Description |
---|---|
gradeString |
The finding grade for this observation. |
responseString |
The response code that indicates if the server was able to process the request sent by the client. |
messageString |
The type of service running on this port. |
Patching Cadence
Slug Name: patching_cadence
Patching Cadence Example Response
"vulnerability":"cve-2016-7103", "is_remediated":false
Patching Cadence Response Attributes
Field | Description |
---|---|
vulnerabilityString |
The Common Vulnerabilities and Exposures (CVE) ID. |
is_remediatedBoolean |
true = This vulnerability has been patched. |
Insecure Systems
Slug Name: insecure_systems
Example Response
"grade":"WARN", "description":"Endpoint is using abandoned Samsung Media Hub platform", "category":"AbandonedIPTv", "subcategory":"abandoned_media_hub", "user_agent":"SAMSUNG-Android"
Response Attributes
Field | Description |
---|---|
gradeString |
The finding grade for this observation. |
descriptionString |
A description of this observation. |
categoryString |
The system’s category. |
subcategoryString |
The slug name of the system’s subcategory. |
user_agentString |
The user’s form of communication with the malware. |
Server Software
Slug Name: server_software
Server Software Example Response
"grade":"NEUTRAL", "grade_explanation":{ "type":"possible-backports" }, "tags":{ "Type":"nginx", "Version":"1.14.0" }
Server Software Response Attributes
Field | Description | ||
---|---|---|---|
gradeString |
The finding grade for this observation. | ||
grade_explanationObject |
The reason for the given finding grade. | ||
typeString |
The type of software status. | ||
nameString |
The name of the version of the software. | ||
urlString |
The URL to the software developer’s release notes. | ||
supportEndedOnString [ YYYY‑MM‑DD ] |
The date when this software was no longer supported. | ||
supportedReleasesArray |
Supported software. | ||
nameString |
The name of this software and its version. | ||
familyNameString |
The name of this software. | ||
versionString |
The version of this software. | ||
urlString |
The URL to the software developer’s release notes. | ||
tagsObject |
Server software details. | ||
TypeString |
The type of server software package. | ||
BannerString |
|||
OS familyString |
The operating system family. | ||
Upstream versionString |
The upstream software version. | ||
HTTP Server headerString |
|||
HTTP X-Powered-By headerString |
|||
VersionString |
The software version. |
DNSSEC
Slug Name: dnssec
DNSSEC Example Response
"grade":"NEUTRAL", "issue":"DNSSEC is not configured on this domain", "dns":{ "query_type":48, "error_code":0, "answer":"[[NSEC3, R3110FQIESVOLC2M36DSAG652FSLGGVE.com. 86400 IN NSEC3 1 1 0 - r31272c70r2p5loina902eut1lvapvmt NS DS RRSIG]]" }
DNSSEC Response Attributes
Field | Description | |
---|---|---|
gradeString |
The finding grade for this observation. | |
issueString |
A description of this observation. | |
dnsObject |
Domain Name Service (DNS) record details. | |
query_typeInteger |
||
error_codeInteger |
||
answerString |
Vulnerability
Slug Name: vulnerability
Example Response
"vulnerability":"CVE-2016-7103", "status":"vulnerable", "evidence":" "
Vulnerability Response Attributes
Field | Description |
---|---|
vulnerabilityString |
The Common Vulnerabilities and Exposures ID (CVE ID). |
statusString |
The status of the vulnerability.
Values: |
evidenceNull |
For internal Bitsight use. |
- May 24, 2023: Separated File Sharing.
- August 18, 2020: Published.
Feedback
0 comments
Please sign in to leave a comment.