Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

GET: National Cybersecurity Observation Details by Risk Type

Avatar
Ingrid
Follow
  • December 16, 2021: Added low_vulnerabilities field for vulnerability risk type.
  • November 8, 2021: Added dnsname to TLS/SSL Certificate observations; Added Server Software example responses based on server (e.g., Apache, PHP, etc.) to show varying response fields; Added Server Software modalData details; Added Server Software modalTags:Banner & modalTags:Version.
  • July 7, 2021: Published.

⇤ Observations

https://api.bitsighttech.com/sovereign/observations

The observations field that’s included with GET: National Cybersecurity Observations (/sovereign/observations) shows the details of observations. The details vary, depending on the risk type [risk_types].

This endpoint is only available for users with access to the National Cybersecurity app. It only returns information for countries you subscribe to.

All other risk types are not compatible with this endpoint.

Botnet Infections

Slug Name: botnet_infections

Example Response

                "infection": "RootSTV",
                "infection_id": 123,
                "source_port": 54264,
                "dest_port": 80,
                "cc_ip": "XXX.4.56.78",
                "detection_method": "Sinkhole",
                "request_method": "POST"

Response Attributes

Field Description 
infection
String		 The name of the infection. 
infection_id
Integer		 An identifier for the infection. 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number. 
cc_ip
String		 The IP address of the malware’s command and control server (C&C or C2 Server). 
detection_method
String		 The method used to detect this observation. See our data collection methods. 
request_method
String		 The method used to communicate with the malware.

⇪ Back to Directory

Spam Propagation

Slug Name: spam_propagation

Example Response

                "email_from_address": "<richard.kuga@saperix.com>",
                "email_sender_address": "<richard.kuga@saperix.com>",
                "email_subject": "Payment from your account.",
                "detection_method": "spam-trap",
                "infection": "Spam Bot"

Response Attributes

Field Description 
email_from_address
String		 The “From” email address. 
email_sender_address
String		 The “From” email address. 
email_subject
String		 The Subject of the email. 
detection_method
String		 The method used to detect this observation. See the data collection methods directory. 
infection
String		 The infection type.

⇪ Back to Directory

Malware Servers

Slug Name: malware_servers

Example Response

                "type": "Malware"

Response Attributes

Field Description 
type
String		 Values:
  • Malicious
  • Malware

⇪ Back to Directory

Potentially Exploited

Slug Name: potentially_exploited

Example Response

                "infection": "AMCleaner",
                "infection_id": 123,
                "source_port": 59186,
                "dest_port": 80,
                "cc_ip": "XXX.45.67.89",
                "request_method": "GET",
                "user_agent": "msphlpr/1.9 CFNetwork/811.11 Darwin/16.7.0 (x86_64)"

Response Attributes

Field Description 
infection
String		 The name of the potentially unwanted application (PUA) or potentially unwanted program (PUP). 
infection_id
Integer		 An identifier for the infection. 
source_port
Integer		 The source port number. 
dest_port
Integer		 The destination port number. 
cc_ip
String		 The IP address of the malware’s command and control server (C&C or C2 Server). 
detection_method
String		 The method used to detect this observation. See our data collection methods. 
request_method
String		 The method used to communicate with the malware.

⇪ Back to Directory

TLS/SSL Certificates

Slug Name: ssl_certificates

Example Response

                "grade": {
                    "grade": "GOOD"
                },
                "cert_chain": [
                    {
                        "startDate": "2016-11-10",
                        "endDate": "2041-11-11",
                        "issuerName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA",
                        "startsubjectName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA",
                        "startkeyAlgorithm": "RSA",
                        "startsignatureAlgorithm": "SHA1WITHRSA",
                        "keyLength": 2048,
                        "serialNumber": "1112223334445551112223334445551234567",
                        "dnsName": [
                            "*.example.com"
                        ]
                    }
                ],
                "observed_ips": [
                    "123.123.12.12",
                    "98.7.65.432"
                ]

Response Attributes

Field Description 
grade
Object		 Finding grade details.
  
grade
String		 The finding grade. 
cert_chain
Array		 Certificate chain details.
  Object The details of a certificate in the chain.
  
startDate
String [YYYY-MM-DD]		 The date when this certificate started. 
endDate
String [YYYY-MM-DD]		 The expiration date of this certificate. 
issuerName
String		 The distinguished name of the certificate issuer, made up of attribute assertion values. 
startsubjectNam
String		 The distinguished name of the owner of the certificate, made up of attribute assertion values. 
startkeyAlgorithm
String		 The algorithm used to encrypt and decrypt messages. 
startsignatureAlgorithm
String		 The signing algorithm used in this certificate. 
keyLength
Integer		 The bit strength of this key. See the recommended TLS key length. 
serialNumber
Integer		 The serial number of the certificate within this chain. 
dnsName
Array		 The name of the Domain Name Server (DNS). 
observed_ips
Array		 Observed IP addresses.

⇪ Back to Directory

TLS/SSL Configurations

Slug Name: ssl_configuration

Example Response

                "message": [
                    "Allows insecure protocol: TLSv1.0",
                    "Allows insecure protocol: TLSv1.1"
                ],
                "grade": {
                    "grade": "BAD"
                },
                "dh_length": 2048,
                "dh_prime": "ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff",
                "observed_ips": [
                    "123.456.789.000"
                ]

Response Attributes

Field Description 
message
Array		 A description of the finding. 
grade
Object		 Finding grade details.
  
grade
String		 The finding grade. 
dh_length
Integer		 The configured key length. See the recommended TLS key length. 
dh_prime
String		 The Diffie-Hellman prime. 
observed_ips
Array		 Observed IP addresses.

⇪ Back to Directory

Open Ports

Slug Name: open_ports

Example Response

                "grade": {
                    "grade": "GOOD"
                },
                "response": "HTTP/1.1 403 Forbidden\r\nDate: Sun, 27 Jun 2021 23:41:08 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nContent-Length: 280\r\nContent-Type: text/html; charset=iso-8859-1",
                "service": "HTTPS",
                "message": [
                    "Detected service: HTTPS"
                ],
                "low_vulnerabilities": [
                    "CVE-2017-7679",
                    "CVE-2016-8743"
                ]

Response Attributes

Field Description 
grade
Object		 Finding grade details.
  Object A finding grade.
  
grade
String		 The finding grade. 
response
String		 The response code that indicates if the server was able to process the request sent by the client. 
service
String		 The service that’s running on this port. 
message
Array		 The type of service running on this port. 
low_vulnerabilities
Array		 Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). 
high_vulnerabilities
Array		 Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID).

⇪ Back to Directory

Web Application Headers

Slug Name: application_security

Example Response

                "message": [
                    "hh_moved"
                ],
                "grade": {
                    "grade": "NEUTRAL"
                },
                "headers": [
                    "HTTP/1.1 301 Moved Permanently",
                    "Date: Sun, 27 Jun 2021 21:43:21 GMT",
                    "Server: Apache",
                    "Cache-Control: no-cache",
                    "Location: https://www.saperix.com",
                    "X-Powered-By: Apache2",
                    "MS-Author-Via: DAV",
                    "Vary: Accept-Encoding",
                    "Content-Length: 0",
                    "Content-Type: text/html; charset=utf-8"
                ],
                "http_issues": {
                    "general_issues": [
                        "hh_moved"
                    ]
                }

Response Attributes

Field Description 
message
Array		 Descriptions of the finding. 
grade
Object		 Finding grade details.
  
grade
String		 The finding grade. 
headers
Array		 Web application headers. 
http_issues
Object		 HTTP issue details.
  
general_issues
Array		 General HTTP issues.

⇪ Back to Directory

Insecure Systems

Slug Name: insecure_systems

Example Response

                "grade": {
                    "grade": "WARN"
                },
                "message": [
                    "File sharing: Tracker"
                ],
                "category": "TorrentTracker",
                "sub_category": "torrent_tracker_expired",
                "source_port": "58107",
               "path_info": "/announce.php",
                "user_agent": "uTorrent/355(111915940)(45988)"

Response Attributes

Field Description 
grade
Object		 Finding grade details.
  
grade
String		 The finding grade. 
message
Array		 A description of the finding. 
category
String		   
sub_category
String		   
source_port
Integer		 The source port number. 
path_info
String		 The file path information. 
user_agent
String		 The user’s form of communication with the malware.

⇪ Back to Directory

Server Software

Slug Name: server_software

Example Responses

Apache

                "grade": {
                    "grade": "NEUTRAL"
                },
                "typeColumnText": "Apache",
                "detailsColumnText": "Software version is incomplete",
                "modalData": {
                    "type": "incomplete-version"
                },
                "modalTags": {
                    "Type": "Apache",
                    "OS family": "Unknown",
                    "Upstream version": "",
                    "HTTP Server header": "Apache"
                }

NGINX

                "grade": {
                    "grade": "NEUTRAL"
                },
                "typeColumnText": "nginx",
                "versionColumnText": "1.12.1",
                "detailsColumnText": "OS-specific software version is unknown",
                "modalData": {
                    "type": "possible-backports"
                },
                "modalTags": {
                    "Type": "nginx",
                    "Version": "1.12.1"

OpenSSH

                "grade": {
                    "grade": "BAD"
                },
                "typeColumnText": "OpenSSH",
                "versionColumnText": "7.2p2",
                "detailsColumnText": "OS-specific software version is unsupported",
                "modalData": {
                    "name": "openssh-server",
                    "osRelease": {
                        "name": "Ubuntu 16.04 LTS",
                        "familyName": "Ubuntu",
                        "version": "16.04 LTS",
                        "url": "https://wiki.ubuntu.com/XenialXerus/ReleaseNotes"
                    },
                    "obsoletedOn": "2018-01-22",
                    "version": "1:7.2p2-4ubuntu2.2",
                    "latestPackageVersion": "1:7.2p2-4ubuntu2.8",
                    "type": "obsolete-package"
                },
                "modalTags": {
                    "Type": "OpenSSH",
                    "Banner": "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2",
                    "Upstream version": "7.2p2"
                }

PHP

                "grade": {
                    "grade": "NEUTRAL"
                },
                "typeColumnText": "PHP",
                "versionColumnText": "7.1.18",
                "detailsColumnText": "Support status is unknown",
                "modalData": {
                    "type": "unknown"
                },
                "modalTags": {
                    "Type": "PHP",
                    "Upstream version": "7.1.18",
                    "HTTP Server header": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.18",
                    "HTTP X-Powered-By header": "PHP/7.1.18"

Response Attributes

Field Description 
grade
Object		 Finding grade details.
  
grade
String		 The finding grade. 
typeColumnText
String		 The type of server software package. 
versionColumnText
String		 The software version. 
detailsColumnText
String		 Software support details. 
modalData
Object		 Software type details.
  
name
String		 The name of the server. 
osRelease
Object		 Released OS details.
  
name
String		 The full name of the server type. 
familyName
String		 The server type. 
version
String		 The latest software version. 
url
String		 The release notes URL. 
obsoletedOn
String [YYYY-MM-DD]		 The date when the software became obsolete. 
version
String		 The current software version. 
latestPackageVersion
String		 The latest package version. 
type
String		 The software status. 
modalTags
Object		 Server software details.
  
Type
String		 The type of server software package. 
Banner
String		 The software and package name. 
OS family
String		 The operating system family. 
Upstream version
String		 The upstream software version. 
HTTP Server header
String		 The HTTP server header. 
HTTP X-Powered-By header
String		 The HTTP X-Powered-By header. 
Version
String		 The software version.

⇪ Back to Directory

File Sharing

Slug Name: file_sharing

Example Response

                "category": "Movies",
                "node": "88.88.88.888"

Response Attributes

Field Description 
category
String		 The BitSight category for the type of torrent. See File Sharing categories. 
node
String		 The IP address of the endpoint device.

⇪ Back to Directory

Vulnerability

Slug Name: vulnerability

Example Response

                "vulnerabilities": [
                    "CVE-2019-17059"
                ],
                "status": "vulnerable",
                "annotation": [],
                "high_vulnerabilities": [
                    "CVE-2019-17059"
                ]

Response Attributes

Field Description 
vulnerabilities
Array		 Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). 
status
String		 The status of the vulnerability. 
annotation
Array		   
high_vulnerabilities
Array		 Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). 
low_vulnerabilities
Array		 Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID).

⇪ Back to Directory

Related articles