GET: National Cybersecurity Observation Details by Risk Type Ingrid https://api.bitsighttech.com/sovereign/observations The observations field that’s included with GET: National Cybersecurity Observations (/sovereign/observations) shows the details of observations. The details vary, depending on the risk type [risk_types]. This endpoint is only available for users with access to the National Cybersecurity app. It only returns information for countries you subscribe to. Botnet Infections Spam Propagation Malware Servers Unsolicited Communications Potentially Exploited TLS/SSL Certificates TLS/SSL Configurations Open Ports Web Application Headers Insecure Systems Server Software File Sharing Vulnerability All other risk types are not compatible with this endpoint. Botnet Infections Slug Name: botnet_infections Example Response "infection": "RootSTV", "infection_id": 123, "source_port": 54264, "dest_port": 80, "cc_ip": "XXX.4.56.78", "detection_method": "Sinkhole", "request_method": "POST" Response Attributes Field Description infection String The name of the infection. infection_id Integer An identifier for the infection. source_port Integer The source port number. dest_port Integer The destination port number. cc_ip String The IP address of the malware’s command and control server (C&C or C2 Server). detection_method String The method used to detect this observation. See our data collection methods. request_method String The method used to communicate with the malware. ⇪ Back to Directory Spam Propagation Slug Name: spam_propagation Example Response "email_from_address": "<richard.kuga@saperix.com>", "email_sender_address": "<richard.kuga@saperix.com>", "email_subject": "Payment from your account.", "detection_method": "spam-trap", "infection": "Spam Bot" Response Attributes Field Description email_from_address String The “From” email address. email_sender_address String The “From” email address. email_subject String The Subject of the email. detection_method String The method used to detect this observation. See the data collection methods directory. infection String The infection type. ⇪ Back to Directory Malware Servers Slug Name: malware_servers Example Response "type": "Malware" Response Attributes Field Description type String Values: Malicious Malware ⇪ Back to Directory Unsolicited Communications Slug Name: unsolicited_comms Example Response "destination_port": 3306, "protocol": "tcp", "num_scans": 1 } Response Attributes Field Description destination_port Integer The destination port number. protocol String The protocol observed. num_scans Integer The number of scans. ⇪ Back to Directory Potentially Exploited Slug Name: potentially_exploited Example Response . "infection": "AMCleaner", "infection_id": 123, "source_port": 59186, "dest_port": 80, "cc_ip": "XXX.45.67.89", "request_method": "GET", "user_agent": "msphlpr/1.9 CFNetwork/811.11 Darwin/16.7.0 (x86_64)" Response Attributes Field Description infection String The name of the potentially unwanted application (PUA) or potentially unwanted program (PUP). infection_id Integer An identifier for the infection. source_port Integer The source port number. dest_port Integer The destination port number. cc_ip String The IP address of the malware’s command and control server (C&C or C2 Server). detection_method String The method used to detect this observation. request_method String The method used to communicate with the malware. ⇪ Back to Directory TLS/SSL Certificates Slug Name: ssl_certificates Example Response "grade": { "grade": "GOOD" }, "cert_chain": [ { "startDate": "2016-11-10", "endDate": "2041-11-11", "issuerName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA", "startsubjectName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA", "startkeyAlgorithm": "RSA", "startsignatureAlgorithm": "SHA1WITHRSA", "keyLength": 2048, "serialNumber": "1112223334445551112223334445551234567", "dnsName": [ "*.example.com" ] } ], "observed_ips": [ "123.123.12.12", "98.7.65.432" ] Response Attributes Field Description grade Object Finding grade details. grade String The finding grade. cert_chain Array Certificate chain details. Object The details of a certificate in the chain. startDate String [YYYY-MM-DD] The date when this certificate started. endDate String [YYYY-MM-DD] The expiration date of this certificate. issuerName String The distinguished name of the certificate issuer, made up of attribute assertion values. startsubjectNam String The distinguished name of the owner of the certificate, made up of attribute assertion values. startkeyAlgorithm String The algorithm used to encrypt and decrypt messages. startsignatureAlgorithm String The signing algorithm used in this certificate. keyLength Integer The bit strength of this key. See the recommended TLS key length. serialNumber Integer The serial number of the certificate within this chain. dnsName Array The name of the Domain Name Server (DNS). observed_ips Array Observed IP addresses. ⇪ Back to Directory TLS/SSL Configurations Slug Name: ssl_configuration Example Response "message": [ "Allows insecure protocol: TLSv1.0", "Allows insecure protocol: TLSv1.1" ], "grade": { "grade": "BAD" }, "dh_length": 2048, "dh_prime": "ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff", "observed_ips": [ "123.456.789.000" ] Response Attributes Field Description message Array A description of the finding. grade Object Finding grade details. grade String The finding grade. dh_length Integer The configured key length. See the recommended TLS key length. dh_prime String The Diffie-Hellman prime. observed_ips Array Observed IP addresses. ⇪ Back to Directory Open Ports Slug Name: open_ports Example Response "grade": { "grade": "GOOD" }, "response": "HTTP/1.1 403 Forbidden\r\nDate: Sun, 27 Jun 2021 23:41:08 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nContent-Length: 280\r\nContent-Type: text/html; charset=iso-8859-1", "service": "HTTPS", "message": [ "Detected service: HTTPS" ], "low_vulnerabilities": [ "CVE-2017-7679", "CVE-2016-8743" ] Response Attributes Field Description grade Object Finding grade details. Object A finding grade. grade String The finding grade. response String The response code that indicates if the server was able to process the request sent by the client. service String The service that’s running on this port. message Array The type of service running on this port. low_vulnerabilities Array Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). high_vulnerabilities Array Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). ⇪ Back to Directory Web Application Headers Slug Name: application_security Example Response "message": [ "hh_moved" ], "grade": { "grade": "NEUTRAL" }, "headers": [ "HTTP/1.1 301 Moved Permanently", "Date: Sun, 27 Jun 2021 21:43:21 GMT", "Server: Apache", "Cache-Control: no-cache", "Location: https://www.saperix.com", "X-Powered-By: Apache2", "MS-Author-Via: DAV", "Vary: Accept-Encoding", "Content-Length: 0", "Content-Type: text/html; charset=utf-8" ], "http_issues": { "general_issues": [ "hh_moved" ] } Response Attributes Field Description message Array Descriptions of the finding. grade Object Finding grade details. grade String The finding grade. headers Array Web application headers. http_issues Object HTTP issue details. general_issues Array General HTTP issues. ⇪ Back to Directory Insecure Systems Slug Name: insecure_systems Example Response "grade": { "grade": "WARN" }, "message": [ "File sharing: Tracker" ], "category": "TorrentTracker", "sub_category": "torrent_tracker_expired", "source_port": "58107", "path_info": "/announce.php", "user_agent": "uTorrent/355(111915940)(45988)" Response Attributes Field Description grade Object Finding grade details. grade String The finding grade. message Array A description of the finding. category String sub_category String source_port Integer The source port number. path_info String The file path information. user_agent String The user’s form of communication with the malware. ⇪ Back to Directory Server Software Slug Name: server_software Example Responses Apache "grade": { "grade": "NEUTRAL" }, "typeColumnText": "Apache", "detailsColumnText": "Software version is incomplete", "modalData": { "type": "incomplete-version" }, "modalTags": { "Type": "Apache", "OS family": "Unknown", "Upstream version": "", "HTTP Server header": "Apache" } NGINX "grade": { "grade": "NEUTRAL" }, "typeColumnText": "nginx", "versionColumnText": "1.12.1", "detailsColumnText": "OS-specific software version is unknown", "modalData": { "type": "possible-backports" }, "modalTags": { "Type": "nginx", "Version": "1.12.1" } OpenSSH "grade": { "grade": "BAD" }, "typeColumnText": "OpenSSH", "versionColumnText": "7.2p2", "detailsColumnText": "OS-specific software version is unsupported", "modalData": { "name": "openssh-server", "osRelease": { "name": "Ubuntu 16.04 LTS", "familyName": "Ubuntu", "version": "16.04 LTS", "url": "https://wiki.ubuntu.com/XenialXerus/ReleaseNotes" }, "obsoletedOn": "2018-01-22", "version": "1:7.2p2-4ubuntu2.2", "latestPackageVersion": "1:7.2p2-4ubuntu2.8", "type": "obsolete-package" }, "modalTags": { "Type": "OpenSSH", "Banner": "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2", "Upstream version": "7.2p2" } PHP "grade": { "grade": "NEUTRAL" }, "typeColumnText": "PHP", "versionColumnText": "7.1.18", "detailsColumnText": "Support status is unknown", "modalData": { "type": "unknown" }, "modalTags": { "Type": "PHP", "Upstream version": "7.1.18", "HTTP Server header": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.18", "HTTP X-Powered-By header": "PHP/7.1.18" } Response Attributes Field Description grade Object Finding grade details. grade String The finding grade. typeColumnText String The type of server software package. versionColumnText String The software version. detailsColumnText String Software support details. modalData Object Software type details. name String The name of the server. osRelease Object Released OS details. name String The full name of the server type. familyName String The server type. version String The latest software version. url String The release notes URL. obsoletedOn String [YYYY-MM-DD] The date when the software became obsolete. version String The current software version. latestPackageVersion String The latest package version. type String The software status. modalTags Object Server software details. Type String The type of server software package. Banner String The software and package name. OS family String The operating system family. Upstream version String The upstream software version. HTTP Server header String The HTTP server header. HTTP X-Powered-By header String The HTTP X-Powered-By header. Version String The software version. ⇪ Back to Directory File Sharing Slug Name: file_sharing Example Response "category": "Movies", "node": "88.88.88.888" Response Attributes Field Description category String File Sharing categories, which is the Bitsight category for the type of torrent. node String The IP address of the endpoint device. ⇪ Back to Directory Vulnerability Slug Name: vulnerability Example Response "vulnerabilities": [ "CVE-2019-17059" ], "status": "vulnerable", "annotation": [], "high_vulnerabilities": [ "CVE-2019-17059" ] Response Attributes Field Description vulnerabilities Array Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). status String The status of the vulnerability. annotation Array high_vulnerabilities Array Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). low_vulnerabilities Array Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). ⇪ Back to Directory December 16, 2021: Added low_vulnerabilities field for vulnerability risk type. November 8, 2021: Added dnsname to TLS/SSL Certificate observations; Added Server Software example responses based on server (e.g., Apache, PHP, etc.) to show varying response fields; Added Server Software modalData details; Added Server Software modalTags:Banner & modalTags:Version. July 7, 2021: Published. Related articles API Fields: Risk Types GET: National Cybersecurity Observations API Fields: Vulnerability Status GET: National Cybersecurity Companies KPI Findings Remediation API Guide Feedback 0 comments Please sign in to leave a comment.