Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Observation Details

Avatar
Ingrid
Follow
  • May 24, 2023: Separated File Sharing.
  • August 18, 2020: Published.

⇤ Observations

https://api.bitsighttech.com/ratings/v1/companies/company_guid/observations

The details field that’s included with GET: Detailed Company Observations (/v1/companies/company_guid/observations) shows the details of observations. Observation details vary, depending on the risk type [risk_types].

Botnet Infections

Slug Name: botnet_infections

Botnet Infections Example Response

  "source_port":54710,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "detection_mechanism":"Sinkhole",
  "infection":"RootSTV",

Botnet Infections Response Attributes

Field Description 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number. 
server_name
String		 The name of the server associated with this observation. 
cc_ip
String		 The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method
String		 The request method used to communicate with the malware. 
detection_mechanism
String		 The method used to detect this observation. See our data collection methods. 
infection
String		 The name of the infection.

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Potentially Exploited Example Response

  "source_port":56273,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "user_agent":"Apache-HttpClient/UNAVAILABLE (java 1.4)",
  "infection":"MobiDash",

Potentially Exploited Response attributes

Field Description 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number. 
server_name
String		 The name of the server associated with this observation. 
cc_ip
String		 The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method
String		 The request method used to communicate with the malware. 
user_agent
String		 The user’s form of communication with the malware. 
infection
String		 The name of the potential infection.

⇪ Back to Directory

SPF Domains

Slug Name: spf

SPF Domains Example Response

  "occurrences":{
    "first_seen":"2020-08-05 03:42:12",
    "last_seen":"2020-08-05 03:42:12",
    "representative_timestamp":"2020-08-05 03:42:12",
  "count":1
  },
  "grade":"GOOD",
  "issue":"Effective",
  "dns":{
    "query_type":16,
    "error_code":0,
    "answer":"[
      [TXT, v=spf1 include:spf.efwd.registrar-servers.com ~all]
    ]"
  },
  "spf_records":[
    {
      "domain":"actorsfilms.us",
      "record":[
        "v=spf1 include:spf.efwd.registrar-servers.com ~all"
      ],
      "grade":"GOOD",
      "issue":"Effective"
    }
  ]

SPF Domains Response Attributes

Field Description 
occurrences
Object		 Occurrence details.
  
first_seen
String [YYYY‑MM‑DD HH:MM:SS]		 The starting date and time of this occurrence’s duration. 
last_seen
String [YYYY‑MM‑DD HH:MM:SS]		 The ending date and time of this occurrence’s duration. 
representative_timestamp
String [YYYY‑MM‑DD HH:MM:SS]		 The representative date and time of this occurrence. 
count
Integer		 The number of times this observation was counted. 
grade
String		 The finding grade for this observation. 
issue
String		 A description of this observation. 
dns
Object		 Domain Name System (DNS) details.
  
query_type
Integer		 For internal Bitsight use. 
error_code
Integer		 For internal Bitsight use. 
answer
String		 The contents of the returned record from the DNS. 
spf_records
Array		 SPF records.
  
domain
String		 The domain name. 
record
Array		 Record details. 
grade
String		 The finding grade for this observation. 
issue
String		 A description of this observation.

⇪ Back to Directory

TLS/SSL Certificates

Slug Name: ssl_certificates

TLS/SSL Certificates Example Response

  "grade":"WARN",
  "cert_chain":[
    {
      "startDate":"2020-06-29",
      "endDate":"2030-06-28",
      "issuerName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "subjectName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "keyAlgorithm":"RSA",
      "signatureAlgorithm":"SHA256WITHRSA",
      "keyLength":2048,
      "serialNumber":"934606686",
      "dnsName":[
        "vpn.blakemanpropane.com"
      ],
      "serialNumberHex":"37B4F75E"
    }
  ],
  "certificate_serial":"934606686",
  "certificate_serial_hex":"37B4F75E",
  "issues":[
    "Self-signed certificate"
  ],
  "observed_ips":[
    "75.127.18.14:443"
  ],
  "hostnames":[
    "vpn.blakemanpropane.com"
  ]

TLS/SSL Certificates Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
cert_chain
Array		 Certificate chain details.
  
startDate
String [YYYY‑MM‑DD]		 The date when this certificate started. 
endDate
String [YYYY‑MM‑DD]		 The date when this certificate expired or expires. 
issuerName
String		 The distinguished name of the certificate issuer, made up of attribute assertion values.
Values:
  • C = 2-letter ISO Country Code
  • ST = State/Province
  • L = Locality
  • O = Organization Name
  • OU = Country or Region
  • CN = Common Name
 
subjectName
String		 The distinguished name of the owner of the certificate, made up of attribute assertion values.
Values:
  • OU = Country or Region
  • C = 2-letter ISO Country Code
  • O = Organization Name
  • CN = Common Name
 
keyAlgorithm
String		 The algorithm used to encrypt and decrypt messages. 
signatureAlgorithm
String		 The signing algorithm used in this certificate. 
keyLength
Integer		 The bit strength of this key. See the recommended TLS key length. 
serialNumber
Integer		 The serial number of the certificate within this chain. 
dnsName
Array		 A list of domain names within this chain. 
serialNumberHex
String		 The hex serial number of the certificate within this chain. 
certificate_serial
Integer		 The serial number of the certificate within this chain. 
certificate_serial_hex
String		 The hex serial number of the certificate within this chain. 
issues
Array		 Descriptions of any observations. 
observed_ips
Array		 Observed IP addresses. 
hostnames
Array		 Observed hostnames.

⇪ Back to Directory

TLS/SSL Configurations

Slug Name: ssl_configuration

TLS/SSL Configurations Example Response

  "grade":"BAD",
  "issues":[
    "Allows insecure protocol: TLSv1.0",
    "Allows insecure protocol: TLSv1.1"
  ],
  "dh_prime":"ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff",
  "dh_length":"2048"

TLS/SSL Configurations Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
issues
Array		 TLS/SSL Configuration observations. 
dh_prime
String		 The Diffie-Hellman prime. 
dh_length
Integer		 The configured key length. See the recommended TLS key length.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Open Ports Example Response

  "grade":"NEUTRAL",
  "response":"HTTP/1.0 400 Bad Request\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 209\r\nExpires: Wed, 05 Aug 2020 03:27:03 GMT\r\nDate: Wed, 05 Aug 2020 03:27:03 GMT\r\nConnection: close",
  "message":"Detected service: HTTP"

Open Ports Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
response
String		 The response code that indicates if the server was able to process the request sent by the client. 
message
String		 The type of service running on this port.

⇪ Back to Directory

Patching Cadence

Slug Name: patching_cadence

Patching Cadence Example Response

 "vulnerability":"cve-2016-7103",
  "is_remediated":false

Patching Cadence Response Attributes

Field Description 
vulnerability
String		 The Common Vulnerabilities and Exposures (CVE) ID. 
is_remediated
Boolean		 true = This vulnerability has been patched.

⇪ Back to Directory

Insecure Systems

Slug Name: insecure_systems

Example Response

  "grade":"WARN",
  "description":"Endpoint is using abandoned Samsung Media Hub platform",
  "category":"AbandonedIPTv",
  "subcategory":"abandoned_media_hub",
  "user_agent":"SAMSUNG-Android"

Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
description
String		 A description of this observation. 
category
String		 The system’s category. 
subcategory
String		 The slug name of the system’s subcategory. 
user_agent
String		 The user’s form of communication with the malware.

⇪ Back to Directory

Server Software

Slug Name: server_software

Server Software Example Response

  "grade":"NEUTRAL",
  "grade_explanation":{
    "type":"possible-backports"
  },
  "tags":{
    "Type":"nginx",
    "Version":"1.14.0"
  }

Server Software Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
grade_explanation
Object		 The reason for the given finding grade.
  
type
String		 The type of software status. 
name
String		 The name of the version of the software. 
url
String		 The URL to the software developer’s release notes. 
supportEndedOn
String [YYYY‑MM‑DD]		 The date when this software was no longer supported. 
supportedReleases
Array		 Supported software.
  
name
String		 The name of this software and its version. 
familyName
String		 The name of this software. 
version
String		 The version of this software. 
url
String		 The URL to the software developer’s release notes. 
tags
Object		 Server software details.
  
Type
String		 The type of server software package. 
Banner
String		   
OS family
String		 The operating system family. 
Upstream version
String		 The upstream software version. 
HTTP Server header
String		   
HTTP X-Powered-By header
String		   
Version
String		 The software version.

⇪ Back to Directory

DNSSEC

Slug Name: dnssec

DNSSEC Example Response

  "grade":"NEUTRAL",
  "issue":"DNSSEC is not configured on this domain",
  "dns":{
    "query_type":48,
    "error_code":0,
    "answer":"[[NSEC3, R3110FQIESVOLC2M36DSAG652FSLGGVE.com. 86400 IN NSEC3 1 1 0 - r31272c70r2p5loina902eut1lvapvmt NS DS RRSIG]]"
  }

DNSSEC Response Attributes

Field Description 
grade
String		 The finding grade for this observation. 
issue
String		 A description of this observation. 
dns
Object		 Domain Name Service (DNS) record details.
  
query_type
Integer		   
error_code
Integer		   
answer
String		  

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

  "vulnerability":"CVE-2016-7103",
  "status":"vulnerable",
  "evidence":" "

Vulnerability Response Attributes

Field Description 
vulnerability
String		 The Common Vulnerabilities and Exposures ID (CVE ID). 
status
String		 The status of the vulnerability.
Values:
  • vulnerable = A test was performed and the software or device is vulnerable to the vulnerability.
  • not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability.
  • unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive).
  • not-applicable = The software or device does not match the criteria for testing.
 
evidence
Null		 For internal Bitsight use.

⇪ Back to Directory

Related articles