https://api.bitsighttech.com/sovereign/observations
The observations field that’s included with GET: National Cybersecurity Observations (/sovereign/observations
) shows the details of observations. The details vary, depending on the risk type [risk_types
].
This endpoint is only available for users with access to the National Cybersecurity app. It only returns information for countries you subscribe to.
- Botnet Infections
- Spam Propagation
- Malware Servers
- Potentially Exploited
- TLS/SSL Certificates
- TLS/SSL Configurations
- Open Ports
- Web Application Headers
- Insecure Systems
- Server Software
- File Sharing
- Vulnerability
All other risk types are not compatible with this endpoint.
Botnet Infections
Slug Name: botnet_infections
Example Response
"infection": "RootSTV", "infection_id": 123, "source_port": 54264, "dest_port": 80, "cc_ip": "XXX.4.56.78", "detection_method": "Sinkhole", "request_method": "POST"
Response Attributes
Field | Description |
---|---|
infectionString |
The name of the infection. |
infection_idInteger |
An identifier for the infection. |
source_portInteger |
The source port number. |
dest_portInteger |
The destination port number. |
cc_ipString |
The IP address of the malware’s command and control server (C&C or C2 Server). |
detection_methodString |
The method used to detect this observation. See our data collection methods. |
request_methodString |
The method used to communicate with the malware. |
Spam Propagation
Slug Name: spam_propagation
Example Response
. "email_from_address": "<richard.kuga@saperix.com>", "email_sender_address": "<richard.kuga@saperix.com>", "email_subject": "Payment from your account.", "detection_method": "spam-trap", "infection": "Spam Bot"
Response Attributes
Field | Description |
---|---|
email_from_addressString |
The “From” email address. |
email_sender_addressString |
The “From” email address. |
email_subjectString |
The Subject of the email. |
detection_methodString |
The method used to detect this observation. See the data collection methods directory. |
infectionString |
The infection type. |
Malware Servers
Slug Name: malware_servers
Example Response
"type": "Malware"
Response Attributes
Field | Description |
---|---|
typeString |
Values:
|
Potentially Exploited
Slug Name: potentially_exploited
Example Response
. "infection": "AMCleaner", "infection_id": 123, "source_port": 59186, "dest_port": 80, "cc_ip": "XXX.45.67.89", "request_method": "GET", "user_agent": "msphlpr/1.9 CFNetwork/811.11 Darwin/16.7.0 (x86_64)"
Response Attributes
Field | Description |
---|---|
infectionString |
The name of the potentially unwanted application (PUA) or potentially unwanted program (PUP). |
infection_idInteger |
An identifier for the infection. |
source_portInteger |
The source port number. |
dest_portInteger |
The destination port number. |
cc_ipString |
The IP address of the malware’s command and control server (C&C or C2 Server). |
detection_methodString |
The method used to detect this observation. See our data collection methods. |
request_methodString |
The method used to communicate with the malware. |
TLS/SSL Certificates
Slug Name: ssl_certificates
Example Response
"grade": { "grade": "GOOD" }, "cert_chain": [ { "startDate": "2016-11-10", "endDate": "2041-11-11", "issuerName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA", "startsubjectName": "C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert High Assurance EV Root CA", "startkeyAlgorithm": "RSA", "startsignatureAlgorithm": "SHA1WITHRSA", "keyLength": 2048, "serialNumber": "1112223334445551112223334445551234567", "dnsName": [ "*.example.com" ] } ], "observed_ips": [ "123.123.12.12", "98.7.65.432" ]
Response Attributes
Field | Description | ||
---|---|---|---|
gradeObject |
Finding grade details. | ||
gradeString |
The finding grade. | ||
cert_chainArray |
Certificate chain details. | ||
Object | The details of a certificate in the chain. | ||
startDateString [ YYYY-MM-DD ] |
The date when this certificate started. | ||
endDateString [ YYYY-MM-DD ] |
The expiration date of this certificate. | ||
issuerNameString |
The distinguished name of the certificate issuer, made up of attribute assertion values. | ||
startsubjectNamString |
The distinguished name of the owner of the certificate, made up of attribute assertion values. | ||
startkeyAlgorithmString |
The algorithm used to encrypt and decrypt messages. | ||
startsignatureAlgorithmString |
The signing algorithm used in this certificate. | ||
keyLengthInteger |
The bit strength of this key. See the recommended TLS key length. | ||
serialNumberInteger |
The serial number of the certificate within this chain. | ||
dnsNameArray |
The name of the Domain Name Server (DNS). | ||
observed_ipsArray |
Observed IP addresses. |
TLS/SSL Configurations
Slug Name: ssl_configuration
Example Response
"message": [ "Allows insecure protocol: TLSv1.0", "Allows insecure protocol: TLSv1.1" ], "grade": { "grade": "BAD" }, "dh_length": 2048, "dh_prime": "ffffffffffffffffc90fdaa2{464 digits}8aacaa68ffffffffffffffff", "observed_ips": [ "123.456.789.000" ]
Response Attributes
Field | Description | |
---|---|---|
messageArray |
A description of the finding. | |
gradeObject |
Finding grade details. | |
gradeString |
The finding grade. | |
dh_lengthInteger |
The configured key length. See the recommended TLS key length. | |
dh_primeString |
The Diffie-Hellman prime. | |
observed_ipsArray |
Observed IP addresses. |
Open Ports
Slug Name: open_ports
Example Response
"grade": { "grade": "GOOD" }, "response": "HTTP/1.1 403 Forbidden\r\nDate: Sun, 27 Jun 2021 23:41:08 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nContent-Length: 280\r\nContent-Type: text/html; charset=iso-8859-1", "service": "HTTPS", "message": [ "Detected service: HTTPS" ], "low_vulnerabilities": [ "CVE-2017-7679", "CVE-2016-8743" ]
Response Attributes
Field | Description | ||
---|---|---|---|
gradeObject |
Finding grade details. | ||
Object | A finding grade. | ||
gradeString |
The finding grade. | ||
responseString |
The response code that indicates if the server was able to process the request sent by the client. | ||
serviceString |
The service that’s running on this port. | ||
messageArray |
The type of service running on this port. | ||
low_vulnerabilitiesArray |
Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). | ||
high_vulnerabilitiesArray |
Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). |
Web Application Headers
Slug Name: application_security
Example Response
"message": [ "hh_moved" ], "grade": { "grade": "NEUTRAL" }, "headers": [ "HTTP/1.1 301 Moved Permanently", "Date: Sun, 27 Jun 2021 21:43:21 GMT", "Server: Apache", "Cache-Control: no-cache", "Location: https://www.saperix.com", "X-Powered-By: Apache2", "MS-Author-Via: DAV", "Vary: Accept-Encoding", "Content-Length: 0", "Content-Type: text/html; charset=utf-8" ], "http_issues": { "general_issues": [ "hh_moved" ] }
Response Attributes
Field | Description | |
---|---|---|
messageArray |
Descriptions of the finding. | |
gradeObject |
Finding grade details. | |
gradeString |
The finding grade. | |
headersArray |
Web application headers. | |
http_issuesObject |
HTTP issue details. | |
general_issuesArray |
General HTTP issues. |
Insecure Systems
Slug Name: insecure_systems
Example Response
"grade": { "grade": "WARN" }, "message": [ "File sharing: Tracker" ], "category": "TorrentTracker", "sub_category": "torrent_tracker_expired", "source_port": "58107", "path_info": "/announce.php", "user_agent": "uTorrent/355(111915940)(45988)"
Response Attributes
Field | Description | |
---|---|---|
gradeObject |
Finding grade details. | |
gradeString |
The finding grade. | |
messageArray |
A description of the finding. | |
categoryString |
||
sub_categoryString |
||
source_portInteger |
The source port number. | |
path_infoString |
The file path information. | |
user_agentString |
The user’s form of communication with the malware. |
Server Software
Slug Name: server_software
Example Responses
Apache
"grade": { "grade": "NEUTRAL" }, "typeColumnText": "Apache", "detailsColumnText": "Software version is incomplete", "modalData": { "type": "incomplete-version" }, "modalTags": { "Type": "Apache", "OS family": "Unknown", "Upstream version": "", "HTTP Server header": "Apache" }
NGINX
"grade": { "grade": "NEUTRAL" }, "typeColumnText": "nginx", "versionColumnText": "1.12.1", "detailsColumnText": "OS-specific software version is unknown", "modalData": { "type": "possible-backports" }, "modalTags": { "Type": "nginx", "Version": "1.12.1" }
OpenSSH
"grade": { "grade": "BAD" }, "typeColumnText": "OpenSSH", "versionColumnText": "7.2p2", "detailsColumnText": "OS-specific software version is unsupported", "modalData": { "name": "openssh-server", "osRelease": { "name": "Ubuntu 16.04 LTS", "familyName": "Ubuntu", "version": "16.04 LTS", "url": "https://wiki.ubuntu.com/XenialXerus/ReleaseNotes" }, "obsoletedOn": "2018-01-22", "version": "1:7.2p2-4ubuntu2.2", "latestPackageVersion": "1:7.2p2-4ubuntu2.8", "type": "obsolete-package" }, "modalTags": { "Type": "OpenSSH", "Banner": "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2", "Upstream version": "7.2p2" }
PHP
"grade": { "grade": "NEUTRAL" }, "typeColumnText": "PHP", "versionColumnText": "7.1.18", "detailsColumnText": "Support status is unknown", "modalData": { "type": "unknown" }, "modalTags": { "Type": "PHP", "Upstream version": "7.1.18", "HTTP Server header": "Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.18", "HTTP X-Powered-By header": "PHP/7.1.18" }
Response Attributes
Field | Description | ||
---|---|---|---|
gradeObject |
Finding grade details. | ||
gradeString |
The finding grade. | ||
typeColumnTextString |
The type of server software package. | ||
versionColumnTextString |
The software version. | ||
detailsColumnTextString |
Software support details. | ||
modalDataObject |
Software type details. | ||
nameString |
The name of the server. | ||
osReleaseObject |
Released OS details. | ||
nameString |
The full name of the server type. | ||
familyNameString |
The server type. | ||
versionString |
The latest software version. | ||
urlString |
The release notes URL. | ||
obsoletedOnString [ YYYY-MM-DD ] |
The date when the software became obsolete. | ||
versionString |
The current software version. | ||
latestPackageVersionString |
The latest package version. | ||
typeString |
The software status. | ||
modalTagsObject |
Server software details. | ||
TypeString |
The type of server software package. | ||
BannerString |
The software and package name. | ||
OS familyString |
The operating system family. | ||
Upstream versionString |
The upstream software version. | ||
HTTP Server headerString |
The HTTP server header. | ||
HTTP X-Powered-By headerString |
The HTTP X-Powered-By header. | ||
VersionString |
The software version. |
File Sharing
Slug Name: file_sharing
Example Response
"category": "Movies", "node": "88.88.88.888"
Response Attributes
Field | Description |
---|---|
categoryString |
The Bitsight category for the type of torrent. See File Sharing categories. |
nodeString |
The IP address of the endpoint device. |
Vulnerability
Slug Name: vulnerability
Example Response
"vulnerabilities": [ "CVE-2019-17059" ], "status": "vulnerable", "annotation": [], "high_vulnerabilities": [ "CVE-2019-17059" ]
Response Attributes
Field | Description |
---|---|
vulnerabilitiesArray |
Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). |
statusString |
The status of the vulnerability. |
annotationArray |
|
high_vulnerabilitiesArray |
Confirmed vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). |
low_vulnerabilitiesArray |
Potential vulnerabilities for this finding, identified by its Common Vulnerabilities and Exposures ID (CVE ID). |
- December 16, 2021: Added
low_vulnerabilities
field forvulnerability
risk type. - November 8, 2021: Added
dnsname
to TLS/SSL Certificate observations; Added Server Software example responses based on server (e.g., Apache, PHP, etc.) to show varying response fields; Added Server SoftwaremodalData
details; Added Server SoftwaremodalTags:Banner
&modalTags:Version
. - July 7, 2021: Published.
Feedback
0 comments
Please sign in to leave a comment.