Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Observation Details

Ingrid

https://api.bitsighttech.com/ratings/v1/companies/company_guid/observations

The details field that’s included with GET: Detailed Company Observations (/v1/companies/company_guid/observations) shows the details of observations. Observation details vary, depending on the risk type [risk_types].

Botnet Infections

Slug Name: botnet_infections

Botnet Infections Example Response

  "source_port":54710,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "detection_mechanism":"Sinkhole",
  "infection":"RootSTV",

Botnet Infections Response Attributes

Field Description 
source_port

Integer

 The source port number. 
dest_port

Integer

 A compromised device was observed to be sending traffic from this port. 
server_name

String

 The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. 
cc_ip

String

 The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method

String

 The request method used to communicate with the malware. 
detection_mechanism

String

 The method used to detect this observation. See our data collection methods. 
infection

String

 The name of the infection.

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Potentially Exploited Example Response

  "source_port":56273,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "user_agent":"Apache-HttpClient/UNAVAILABLE (java 1.4)",
  "infection":"MobiDash",

Potentially Exploited Response attributes

Field Description 
source_port

Integer

 The source port number. 
dest_port

Integer

 A compromised device was observed to be sending traffic from this port. 
server_name

String

 The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. 
cc_ip

String

 The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method

String

 The request method used to communicate with the malware. 
user_agent

String

 The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. 
infection

String

 The name of the potential infection.

⇪ Back to Directory

SPF Domains

Slug Name: spf

SPF Domains Example Response

  "occurrences":{
    "first_seen":"2020-08-05 03:42:12",
    "last_seen":"2020-08-05 03:42:12",
    "representative_timestamp":"2020-08-05 03:42:12",
  "count":1
  },
  "grade":"GOOD",
  "issue":"Effective",
  "dns":{
    "query_type":16,
    "error_code":0,
    "answer":"[
      [TXT, v=spf1 include:spf.efwd.registrar-servers.com ~all]
    ]"
  },
  "spf_records":[
    {
      "domain":"actorsfilms.us",
      "record":[
        "v=spf1 include:spf.efwd.registrar-servers.com ~all"
      ],
      "grade":"GOOD",
      "issue":"Effective"
    }
  ]

SPF Domains Response Attributes

Field Description 
occurrences

Object

 Occurrence details.
  
first_seen

String [YYYY‑MM‑DD HH:MM:SS]

 The starting date and time of this occurrence’s duration. 
last_seen

String [YYYY‑MM‑DD HH:MM:SS]

 The ending date and time of this occurrence’s duration. 
representative_timestamp

String [YYYY‑MM‑DD HH:MM:SS]

 The representative date and time of this occurrence. 
count

Integer

 The number of times this observation was counted. 
grade

String

 The finding grade for this observation. 
issue

String

 A description of this observation. 
dns

Object

 Domain Name System (DNS) details.
  
query_type

Integer

 For internal Bitsight use. 
error_code

Integer

 For internal Bitsight use. 
answer

String

 The contents of the returned record from the DNS. 
spf_records

Array

 SPF records.
  
domain

String

 The domain name. 
record

Array

 Record details. 
grade

String

 The finding grade for this observation. 
issue

String

 A description of this observation.

⇪ Back to Directory

TLS/SSL Certificates

Slug Name: ssl_certificates

TLS/SSL Certificates Example Response

  "grade":"WARN",
  "cert_chain":[
    {
      "startDate":"2020-06-29",
      "endDate":"2030-06-28",
      "issuerName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "subjectName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "keyAlgorithm":"RSA",
      "signatureAlgorithm":"SHA256WITHRSA",
      "keyLength":2048,
      "serialNumber":"934606686",
      "dnsName":[
        "vpn.blakemanpropane.com"
      ],
      "serialNumberHex":"37B4F75E"
    }
  ],
  "certificate_serial":"934606686",
  "certificate_serial_hex":"37B4F75E",
  "issues":[
    "Self-signed certificate"
  ],
  "observed_ips":[
    "75.127.18.14:443"
  ],
  "hostnames":[
    "vpn.blakemanpropane.com"
  ]

TLS/SSL Certificates Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
cert_chain

Array

 Certificate chain details.
  
startDate

String [YYYY‑MM‑DD]

 The date when this certificate started. 
endDate

String [YYYY‑MM‑DD]

 The date when this certificate expired or expires. 
issuerName

String

 The distinguished name of the certificate issuer, made up of attribute assertion values.
Values:
  • C = 2-letter ISO Country Code
  • ST = State/Province
  • L = Locality
  • O = Organization Name
  • OU = Country or Region
  • CN = Common Name
 
subjectName

String

 The distinguished name of the owner of the certificate, made up of attribute assertion values.
Values:
  • OU = Country or Region
  • C = 2-letter ISO Country Code
  • O = Organization Name
  • CN = Common Name
 
keyAlgorithm

String

 The algorithm used to encrypt and decrypt messages. 
signatureAlgorithm

String

 The signing algorithm used in this certificate. 
keyLength

Integer

 The bit strength of this key. See the recommended TLS key length. 
serialNumber

Integer

 The serial number of the certificate within this chain. 
dnsName

Array

 A list of domain names within this chain. 
serialNumberHex

String

 The hex serial number of the certificate within this chain. 
certificate_serial

Integer

 The serial number of the certificate within this chain. 
certificate_serial_hex

String

 The hex serial number of the certificate within this chain. 
issues

Array

 Descriptions of any observations. 
observed_ips

Array

 Observed IP addresses. 
hostnames

Array

 Observed hostnames.

⇪ Back to Directory

TLS/SSL Configurations

Slug Name: ssl_configuration

TLS/SSL Configurations Example Response

  "grade":"BAD",
  "issues":[
    "Allows insecure protocol: TLSv1.0",
    "Allows insecure protocol: TLSv1.1"
  ],
  "dh_prime":"ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff",
  "dh_length":"2048"

TLS/SSL Configurations Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
issues

Array

 TLS/SSL Configuration observations. 
dh_prime

String

 The Diffie-Hellman prime. 
dh_length

Integer

 The configured key length. See the recommended TLS key length.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Open Ports Example Response

  "grade":"NEUTRAL",
  "response":"HTTP/1.0 400 Bad Request\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 209\r\nExpires: Wed, 05 Aug 2020 03:27:03 GMT\r\nDate: Wed, 05 Aug 2020 03:27:03 GMT\r\nConnection: close",
  "message":"Detected service: HTTP"

Open Ports Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
response

String

 The response code that indicates if the server was able to process the request sent by the client. 
message

String

 The type of service running on this port.

⇪ Back to Directory

Patching Cadence

Slug Name: patching_cadence

Patching Cadence Example Response

 "vulnerability":"cve-2016-7103",
  "is_remediated":false

Patching Cadence Response Attributes

Field Description 
vulnerability

String

 The Common Vulnerabilities and Exposures (CVE) ID. 
is_remediated

Boolean

 true = This vulnerability has been patched.

⇪ Back to Directory

Insecure Systems

Slug Name: insecure_systems

Example Response

  "grade":"WARN",
  "description":"Endpoint is using abandoned Samsung Media Hub platform",
  "category":"AbandonedIPTv",
  "subcategory":"abandoned_media_hub",
  "user_agent":"SAMSUNG-Android"

Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
description

String

 A description of this observation. 
category

String

 The system’s category. 
subcategory

String

 The slug name of the system’s subcategory. 
user_agent

String

 The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version.

⇪ Back to Directory

Server Software

Slug Name: server_software

Server Software Example Response

  "grade":"NEUTRAL",
  "grade_explanation":{
    "type":"possible-backports"
  },
  "tags":{
    "Type":"nginx",
    "Version":"1.14.0"
  }

Server Software Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
grade_explanation

Object

 The reason for the given finding grade.
  
type

String

 The type of software status. 
name

String

 The name of the version of the software. 
url

String

 The URL to the software developer’s release notes. 
supportEndedOn

String [YYYY‑MM‑DD]

 The date when this software was no longer supported. 
supportedReleases

Array

 Supported software.
  
name

String

 The name of this software and its version. 
familyName

String

 The name of this software. 
version

String

 The version of this software. 
url

String

 The URL to the software developer’s release notes. 
tags

Object

 Server software details.
  
Type

String

 The type of server software package. 
Banner

String

   
OS family

String

 The operating system family. 
Upstream version

String

 The upstream software version. 
HTTP Server header

String

   
HTTP X-Powered-By header

String

   
Version

String

 The software version.

⇪ Back to Directory

DNSSEC

Slug Name: dnssec

DNSSEC Example Response

  "grade":"NEUTRAL",
  "issue":"DNSSEC is not configured on this domain",
  "dns":{
    "query_type":48,
    "error_code":0,
    "answer":"[[NSEC3, R3110FQIESVOLC2M36DSAG652FSLGGVE.com. 86400 IN NSEC3 1 1 0 - r31272c70r2p5loina902eut1lvapvmt NS DS RRSIG]]"
  }

DNSSEC Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
issue

String

 A description of this observation. 
dns

Object

 Domain Name Service (DNS) record details.
  
query_type

Integer

   
error_code

Integer

   
answer

String

  

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

  "vulnerability":"CVE-2016-7103",
  "status":"vulnerable",
  "evidence":" "

Vulnerability Response Attributes

Field Description 
vulnerability

String

 The Common Vulnerabilities and Exposures ID (CVE ID). 
status

String

 The status of the vulnerability.
Values:
  • vulnerable = A test was performed and the software or device is vulnerable to the vulnerability.
  • not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability.
  • unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive).
  • not-applicable = The software or device does not match the criteria for testing.
 
evidence

Null

 For internal Bitsight use.

⇪ Back to Directory

  • May 24, 2023: Separated File Sharing.
  • August 18, 2020: Published.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.