Observation Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/observations The details field that’s included with GET: Detailed Company Observations (/v1/companies/company_guid/observations) shows the details of observations. Observation details vary, depending on the risk type [risk_types]. Botnet Infections Potentially Exploited SPF Domains TLS/SSL Certificates TLS/SSL Configurations Open Ports Patching Cadence Server Software DNSSEC File Sharing Vulnerability Botnet Infections Slug Name: botnet_infections Botnet Infections Example Response "source_port":54710, "dest_port":80, "server_name":"example.server.com", "cc_ip":"XXX.111.222.33", "request_method":"POST", "detection_mechanism":"Sinkhole", "infection":"RootSTV", Botnet Infections Response Attributes Field Description source_port Integer The source port number. dest_port Integer A compromised device was observed to be sending traffic from this port. server_name String The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. cc_ip String The IP address of the malware’s Command and Control Server (C&C or C2 Server). request_method String The request method used to communicate with the malware. detection_mechanism String The method used to detect this observation. See our data collection methods. infection String The name of the infection. ⇪ Back to Directory Potentially Exploited Slug Name: potentially_exploited Potentially Exploited Example Response "source_port":56273, "dest_port":80, "server_name":"example.server.com", "cc_ip":"XXX.111.222.33", "request_method":"POST", "user_agent":"Apache-HttpClient/UNAVAILABLE (java 1.4)", "infection":"MobiDash", Potentially Exploited Response attributes Field Description source_port Integer The source port number. dest_port Integer A compromised device was observed to be sending traffic from this port. server_name String The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. cc_ip String The IP address of the malware’s Command and Control Server (C&C or C2 Server). request_method String The request method used to communicate with the malware. user_agent String The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. infection String The name of the potential infection. ⇪ Back to Directory SPF Domains Slug Name: spf SPF Domains Example Response "occurrences":{ "first_seen":"2020-08-05 03:42:12", "last_seen":"2020-08-05 03:42:12", "representative_timestamp":"2020-08-05 03:42:12", "count":1 }, "grade":"GOOD", "issue":"Effective", "dns":{ "query_type":16, "error_code":0, "answer":"[ [TXT, v=spf1 include:spf.efwd.registrar-servers.com ~all] ]" }, "spf_records":[ { "domain":"actorsfilms.us", "record":[ "v=spf1 include:spf.efwd.registrar-servers.com ~all" ], "grade":"GOOD", "issue":"Effective" } ] SPF Domains Response Attributes Field Description occurrences Object Occurrence details. first_seen String [YYYY‑MM‑DD HH:MM:SS] The starting date and time of this occurrence’s duration. last_seen String [YYYY‑MM‑DD HH:MM:SS] The ending date and time of this occurrence’s duration. representative_timestamp String [YYYY‑MM‑DD HH:MM:SS] The representative date and time of this occurrence. count Integer The number of times this observation was counted. grade String The finding grade for this observation. issue String A description of this observation. dns Object Domain Name System (DNS) details. query_type Integer For internal Bitsight use. error_code Integer For internal Bitsight use. answer String The contents of the returned record from the DNS. spf_records Array SPF records. domain String The domain name. record Array Record details. grade String The finding grade for this observation. issue String A description of this observation. ⇪ Back to Directory TLS/SSL Certificates Slug Name: ssl_certificates TLS/SSL Certificates Example Response "grade":"WARN", "cert_chain":[ { "startDate":"2020-06-29", "endDate":"2030-06-28", "issuerName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com", "subjectName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com", "keyAlgorithm":"RSA", "signatureAlgorithm":"SHA256WITHRSA", "keyLength":2048, "serialNumber":"934606686", "dnsName":[ "vpn.blakemanpropane.com" ], "serialNumberHex":"37B4F75E" } ], "certificate_serial":"934606686", "certificate_serial_hex":"37B4F75E", "issues":[ "Self-signed certificate" ], "observed_ips":[ "75.127.18.14:443" ], "hostnames":[ "vpn.blakemanpropane.com" ] TLS/SSL Certificates Response Attributes Field Description grade String The finding grade for this observation. cert_chain Array Certificate chain details. startDate String [YYYY‑MM‑DD] The date when this certificate started. endDate String [YYYY‑MM‑DD] The date when this certificate expired or expires. issuerName String The distinguished name of the certificate issuer, made up of attribute assertion values. Values: C = 2-letter ISO Country Code ST = State/Province L = Locality O = Organization Name OU = Country or Region CN = Common Name subjectName String The distinguished name of the owner of the certificate, made up of attribute assertion values. Values: OU = Country or Region C = 2-letter ISO Country Code O = Organization Name CN = Common Name keyAlgorithm String The algorithm used to encrypt and decrypt messages. signatureAlgorithm String The signing algorithm used in this certificate. keyLength Integer The bit strength of this key. See the recommended TLS key length. serialNumber Integer The serial number of the certificate within this chain. dnsName Array A list of domain names within this chain. serialNumberHex String The hex serial number of the certificate within this chain. certificate_serial Integer The serial number of the certificate within this chain. certificate_serial_hex String The hex serial number of the certificate within this chain. issues Array Descriptions of any observations. observed_ips Array Observed IP addresses. hostnames Array Observed hostnames. ⇪ Back to Directory TLS/SSL Configurations Slug Name: ssl_configuration TLS/SSL Configurations Example Response "grade":"BAD", "issues":[ "Allows insecure protocol: TLSv1.0", "Allows insecure protocol: TLSv1.1" ], "dh_prime":"ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff", "dh_length":"2048" TLS/SSL Configurations Response Attributes Field Description grade String The finding grade for this observation. issues Array TLS/SSL Configuration observations. dh_prime String The Diffie-Hellman prime. dh_length Integer The configured key length. See the recommended TLS key length. ⇪ Back to Directory Open Ports Slug Name: open_ports Open Ports Example Response "grade":"NEUTRAL", "response":"HTTP/1.0 400 Bad Request\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 209\r\nExpires: Wed, 05 Aug 2020 03:27:03 GMT\r\nDate: Wed, 05 Aug 2020 03:27:03 GMT\r\nConnection: close", "message":"Detected service: HTTP" Open Ports Response Attributes Field Description grade String The finding grade for this observation. response String The response code that indicates if the server was able to process the request sent by the client. message String The type of service running on this port. ⇪ Back to Directory Patching Cadence Slug Name: patching_cadence Patching Cadence Example Response "vulnerability":"cve-2016-7103", "is_remediated":false Patching Cadence Response Attributes Field Description vulnerability String The Common Vulnerabilities and Exposures (CVE) ID. is_remediated Boolean true = This vulnerability has been patched. ⇪ Back to Directory Insecure Systems Slug Name: insecure_systems Example Response "grade":"WARN", "description":"Endpoint is using abandoned Samsung Media Hub platform", "category":"AbandonedIPTv", "subcategory":"abandoned_media_hub", "user_agent":"SAMSUNG-Android" Response Attributes Field Description grade String The finding grade for this observation. description String A description of this observation. category String The system’s category. subcategory String The slug name of the system’s subcategory. user_agent String The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. ⇪ Back to Directory Server Software Slug Name: server_software Server Software Example Response "grade":"NEUTRAL", "grade_explanation":{ "type":"possible-backports" }, "tags":{ "Type":"nginx", "Version":"1.14.0" } Server Software Response Attributes Field Description grade String The finding grade for this observation. grade_explanation Object The reason for the given finding grade. type String The type of software status. name String The name of the version of the software. url String The URL to the software developer’s release notes. supportEndedOn String [YYYY‑MM‑DD] The date when this software was no longer supported. supportedReleases Array Supported software. name String The name of this software and its version. familyName String The name of this software. version String The version of this software. url String The URL to the software developer’s release notes. tags Object Server software details. Type String The type of server software package. Banner String OS family String The operating system family. Upstream version String The upstream software version. HTTP Server header String HTTP X-Powered-By header String Version String The software version. ⇪ Back to Directory DNSSEC Slug Name: dnssec DNSSEC Example Response "grade":"NEUTRAL", "issue":"DNSSEC is not configured on this domain", "dns":{ "query_type":48, "error_code":0, "answer":"[[NSEC3, R3110FQIESVOLC2M36DSAG652FSLGGVE.com. 86400 IN NSEC3 1 1 0 - r31272c70r2p5loina902eut1lvapvmt NS DS RRSIG]]" } DNSSEC Response Attributes Field Description grade String The finding grade for this observation. issue String A description of this observation. dns Object Domain Name Service (DNS) record details. query_type Integer error_code Integer answer String ⇪ Back to Directory Vulnerability Slug Name: vulnerability Example Response "vulnerability":"CVE-2016-7103", "status":"vulnerable", "evidence":" " Vulnerability Response Attributes Field Description vulnerability String The Common Vulnerabilities and Exposures ID (CVE ID). status String The status of the vulnerability. Values: vulnerable = A test was performed and the software or device is vulnerable to the vulnerability. not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability. unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive). not-applicable = The software or device does not match the criteria for testing. evidence Null For internal Bitsight use. ⇪ Back to Directory May 24, 2023: Separated File Sharing. August 18, 2020: Published. Related articles GET: Detailed Company Observations GET: Finding Details GET: Findings Summary of a Company GET: Assets GET: Remediation Tracking Feedback 0 comments Please sign in to leave a comment.