Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Observation Details

Ingrid

⇤ Observations

https://api.bitsighttech.com/ratings/v1/companies/company_guid/observations

The details field that’s included with GET: Detailed Company Observations (/v1/companies/company_guid/observations) shows the details of observations. Observation details vary, depending on the risk type [risk_types].

Botnet Infections

Slug Name: botnet_infections

Botnet Infections Example Response

  "source_port":54710,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "detection_mechanism":"Sinkhole",
  "infection":"RootSTV",

Botnet Infections Response Attributes

Field Description 
source_port
Integer 		The source port number. 
dest_port
Integer 		A compromised device was observed to be sending traffic from this port. 
server_name
String 		The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. 
cc_ip
String 		The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method
String 		The request method used to communicate with the malware. 
detection_mechanism
String 		The method used to detect this observation. See our data collection methods. 
infection
String 		The name of the infection.

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Potentially Exploited Example Response

  "source_port":56273,
  "dest_port":80,
  "server_name":"example.server.com",
  "cc_ip":"XXX.111.222.33",
  "request_method":"POST",
  "user_agent":"Apache-HttpClient/UNAVAILABLE (java 1.4)",
  "infection":"MobiDash",

Potentially Exploited Response attributes

Field Description 
source_port
Integer 		The source port number. 
dest_port
Integer 		A compromised device was observed to be sending traffic from this port. 
server_name
String 		The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. 
cc_ip

String

 The IP address of the malware’s Command and Control Server (C&C or C2 Server). 
request_method
String 		The request method used to communicate with the malware. 
user_agent

String

 The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. 
infection

String

 The name of the potential infection.

⇪ Back to Directory

SPF Domains

Slug Name: spf

SPF Domains Example Response

  "occurrences":{
    "first_seen":"2020-08-05 03:42:12",
    "last_seen":"2020-08-05 03:42:12",
    "representative_timestamp":"2020-08-05 03:42:12",
  "count":1
  },
  "grade":"GOOD",
  "issue":"Effective",
  "dns":{
    "query_type":16,
    "error_code":0,
    "answer":"[
      [TXT, v=spf1 include:spf.efwd.registrar-servers.com ~all]
    ]"
  },
  "spf_records":[
    {
      "domain":"actorsfilms.us",
      "record":[
        "v=spf1 include:spf.efwd.registrar-servers.com ~all"
      ],
      "grade":"GOOD",
      "issue":"Effective"
    }
  ]

SPF Domains Response Attributes

Field Description 
occurrences
Object 		Occurrence details.
  
first_seen
String [YYYY‑MM‑DD HH:MM:SS]		 The starting date and time of this occurrence’s duration. 
last_seen
String [YYYY‑MM‑DD HH:MM:SS]		 The ending date and time of this occurrence’s duration. 
representative_timestamp
String [YYYY‑MM‑DD HH:MM:SS]		 The representative date and time of this occurrence. 
count
Integer 		The number of times this observation was counted. 
grade
String 		The finding grade for this observation. 
issue
String 		A description of this observation. 
dns
Object 		Domain Name System (DNS) details.
  
query_type
Integer 		For internal Bitsight use. 
error_code
Integer 		For internal Bitsight use. 
answer
String 		The contents of the returned record from the DNS. 
spf_records
Array 		SPF records.
  
domain
String 		The domain name. 
record
Array 		Record details. 
grade
String 		The finding grade for this observation. 
issue
String 		A description of this observation.

⇪ Back to Directory

TLS/SSL Certificates

Slug Name: ssl_certificates

TLS/SSL Certificates Example Response

  "grade":"WARN",
  "cert_chain":[
    {
      "startDate":"2020-06-29",
      "endDate":"2030-06-28",
      "issuerName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "subjectName":"CN=vpn.blakemanpropane.com,unstructuredName=vpn.blakemanpropane.com",
      "keyAlgorithm":"RSA",
      "signatureAlgorithm":"SHA256WITHRSA",
      "keyLength":2048,
      "serialNumber":"934606686",
      "dnsName":[
        "vpn.blakemanpropane.com"
      ],
      "serialNumberHex":"37B4F75E"
    }
  ],
  "certificate_serial":"934606686",
  "certificate_serial_hex":"37B4F75E",
  "issues":[
    "Self-signed certificate"
  ],
  "observed_ips":[
    "75.127.18.14:443"
  ],
  "hostnames":[
    "vpn.blakemanpropane.com"
  ]

TLS/SSL Certificates Response Attributes

Field Description 
grade
String 		The finding grade for this observation. 
cert_chain
Array 		Certificate chain details.
  
startDate
String [YYYY‑MM‑DD]		 The date when this certificate started. 
endDate
String [YYYY‑MM‑DD]		 The date when this certificate expired or expires. 
issuerName
String 		The distinguished name of the certificate issuer, made up of attribute assertion values.
Values:
  • C = 2-letter ISO Country Code
  • ST = State/Province
  • L = Locality
  • O = Organization Name
  • OU = Country or Region
  • CN = Common Name
 
subjectName
String 		The distinguished name of the owner of the certificate, made up of attribute assertion values.
Values:
  • OU = Country or Region
  • C = 2-letter ISO Country Code
  • O = Organization Name
  • CN = Common Name
 
keyAlgorithm
String 		The algorithm used to encrypt and decrypt messages. 
signatureAlgorithm
String 		The signing algorithm used in this certificate. 
keyLength
Integer 		The bit strength of this key. See the recommended TLS key length. 
serialNumber
Integer 		The serial number of the certificate within this chain. 
dnsName
Array 		A list of domain names within this chain. 
serialNumberHex
String 		The hex serial number of the certificate within this chain. 
certificate_serial
Integer 		The serial number of the certificate within this chain. 
certificate_serial_hex
String 		The hex serial number of the certificate within this chain. 
issues
Array 		Descriptions of any observations. 
observed_ips
Array 		Observed IP addresses. 
hostnames
Array 		Observed hostnames.

⇪ Back to Directory

TLS/SSL Configurations

Slug Name: ssl_configuration

TLS/SSL Configurations Example Response

  "grade":"BAD",
  "issues":[
    "Allows insecure protocol: TLSv1.0",
    "Allows insecure protocol: TLSv1.1"
  ],
  "dh_prime":"ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff",
  "dh_length":"2048"

TLS/SSL Configurations Response Attributes

Field Description 
grade
String 		The finding grade for this observation. 
issues
Array 		TLS/SSL Configuration observations. 
dh_prime
String 		The Diffie-Hellman prime. 
dh_length
Integer 		The configured key length. See the recommended TLS key length.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Open Ports Example Response

  "grade":"NEUTRAL",
  "response":"HTTP/1.0 400 Bad Request\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 209\r\nExpires: Wed, 05 Aug 2020 03:27:03 GMT\r\nDate: Wed, 05 Aug 2020 03:27:03 GMT\r\nConnection: close",
  "message":"Detected service: HTTP"

Open Ports Response Attributes

Field Description 
grade
String 		The finding grade for this observation. 
response
String 		The response code that indicates if the server was able to process the request sent by the client. 
message
String 		The type of service running on this port.

⇪ Back to Directory

Patching Cadence

Slug Name: patching_cadence

Patching Cadence Example Response

 "vulnerability":"cve-2016-7103",
  "is_remediated":false

Patching Cadence Response Attributes

Field Description 
vulnerability
String 		The Common Vulnerabilities and Exposures (CVE) ID. 
is_remediated
Boolean 		true = This vulnerability has been patched.

⇪ Back to Directory

Insecure Systems

Slug Name: insecure_systems

Example Response

  "grade":"WARN",
  "description":"Endpoint is using abandoned Samsung Media Hub platform",
  "category":"AbandonedIPTv",
  "subcategory":"abandoned_media_hub",
  "user_agent":"SAMSUNG-Android"

Response Attributes

Field Description 
grade

String

 The finding grade for this observation. 
description

String

 A description of this observation. 
category

String

 The system’s category. 
subcategory

String

 The slug name of the system’s subcategory. 
user_agent

String

 The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version.

⇪ Back to Directory

Server Software

Slug Name: server_software

Server Software Example Response

  "grade":"NEUTRAL",
  "grade_explanation":{
    "type":"possible-backports"
  },
  "tags":{
    "Type":"nginx",
    "Version":"1.14.0"
  }

Server Software Response Attributes

Field Description 
grade
String 		The finding grade for this observation. 
grade_explanation
Object 		The reason for the given finding grade.
  
type
String 		The type of software status. 
name
String 		The name of the version of the software. 
url
String 		The URL to the software developer’s release notes. 
supportEndedOn
String [YYYY‑MM‑DD]		 The date when this software was no longer supported. 
supportedReleases
Array 		Supported software.
  
name
String 		The name of this software and its version. 
familyName
String 		The name of this software. 
version
String 		The version of this software. 
url
String 		The URL to the software developer’s release notes. 
tags
Object 		Server software details.
  
Type
String 		The type of server software package. 
Banner
String 		  
OS family
String 		The operating system family. 
Upstream version
String 		The upstream software version. 
HTTP Server header
String 		  
HTTP X-Powered-By header
String 		  
Version
String 		The software version.

⇪ Back to Directory

DNSSEC

Slug Name: dnssec

DNSSEC Example Response

  "grade":"NEUTRAL",
  "issue":"DNSSEC is not configured on this domain",
  "dns":{
    "query_type":48,
    "error_code":0,
    "answer":"[[NSEC3, R3110FQIESVOLC2M36DSAG652FSLGGVE.com. 86400 IN NSEC3 1 1 0 - r31272c70r2p5loina902eut1lvapvmt NS DS RRSIG]]"
  }

DNSSEC Response Attributes

Field Description 
grade
String 		The finding grade for this observation. 
issue
String 		A description of this observation. 
dns
Object 		Domain Name Service (DNS) record details.
  
query_type
Integer 		  
error_code
Integer 		  
answer
String 		 

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

  "vulnerability":"CVE-2016-7103",
  "status":"vulnerable",
  "evidence":" "

Vulnerability Response Attributes

Field Description 
vulnerability
String 		The Common Vulnerabilities and Exposures ID (CVE ID). 
status
String 		The status of the vulnerability.
Values:
  • vulnerable = A test was performed and the software or device is vulnerable to the vulnerability.
  • not-vulnerable = A test was performed and the software or device is not vulnerable to the vulnerability.
  • unknown = The vulnerability status cannot be determined (e.g., the software or device is unresponsive).
  • not-applicable = The software or device does not match the criteria for testing.
 
evidence
Null 		For internal Bitsight use.

⇪ Back to Directory

  • May 24, 2023: Separated File Sharing.
  • August 18, 2020: Published.

Related articles

Feedback

0 comments

Please sign in to leave a comment.