https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=application_security
Get Web Application Header finding details.
Parameters
For details specific to Web Application Headers, use the ?risk_vector=application_security
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=application_security -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":98, "results":[ { "temporary_id":"A9Jq47BBjecd83c4cc889d99f958aa9b1cb337bf9a", "affects_rating":true, "assets":[ { "asset":"www.actorsfilms.us", "identifier":null, "category":"critical", "importance":0.1, "is_ip":false } ], "details":{ "check_pass":" ", "diligence_annotations":{ "record":"HTTP/1.1 200 OK\r\nDate: Tue, 01 Mar 2022 09:37:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5958\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nServer: namecheap-nginx\r\nX-CST: MISS\r\nAllow: GET, HEAD", "title":"actorsfilms.us - Registered at Namecheap.com", "html":[ ], "required":[ { "name":"X-Content-Type-Options", "is_missing":true, "value":" ", "components":[ ], "annotations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "optional":[ { "name":"Expires", "is_missing":false, "value":"-1", "components":[ ], "annotations":[ ] } ] }, "final_location":"http://www.actorsfilms.us/", "geo_ip_location":"US", "country":"United States", "grade":"NEUTRAL", "observed_ips":[ "www.actorsfilms.us[198.54.117.217]:80" ], "remediations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "vulnerabilities":[ ], "dest_port":80, "rollup_end_date":"2022-03-01", "rollup_start_date":"2022-02-23" }, "evidence_key":"www.actorsfilms.us:80", "first_seen":"2022-02-23", "last_seen":"2022-03-01", "risk_category":"Diligence", "risk_vector":"application_security", "risk_vector_label":"Web Application Headers", "rolledup_observation_id":"jcDHImzCcc3xmtZZ-CXAYA==", "severity":1.0, "severity_category":"minor", "tags":[ "saperix inc" ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":null, "comments":null, "remaining_decay":47 } ] }
Response Attributes
Field | Description | |||||||
---|---|---|---|---|---|---|---|---|
linksObject |
Navigation for multiple pages of results. See pagination. | |||||||
nextString |
The URL to navigate to the next page of results. | |||||||
previousString |
The URL to navigate to the previous page of results. | |||||||
countInteger |
The number of findings. | |||||||
resultsArray |
Findings and their details. | |||||||
Object | A finding. | |||||||
temporary_idString |
A temporary identifier for this finding. | |||||||
affects_ratingBoolean |
true = This finding has an impact on the risk vector letter grade. |
|||||||
assetsArray |
Asset details. | |||||||
Object | An asset (IP address or domain). | |||||||
assetString |
The asset associated with this finding. | |||||||
identifierString |
This is not applicable to Web Application Header findings. | |||||||
categoryString |
The Bitsight-calculated asset importance. | |||||||
importanceDecimal |
For internal Bitsight use. | |||||||
is_ipBoolean |
true = This asset is an IP address. |
|||||||
detailsObject |
Details of this finding. | |||||||
check_passString |
For internal Bitsight use. | |||||||
diligence_annotationsObject |
Diligence finding details. | |||||||
recordString |
||||||||
titleString |
The title of the web page. | |||||||
htmlArray |
HTML header details, including:
|
|||||||
requiredArray |
Required header details. | |||||||
Object | A required header. | |||||||
nameString |
The name of this required header. | |||||||
is_missingBoolean |
true = This header is missing. |
|||||||
valueString |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
componentsArray |
||||||||
annotationsArray |
A description of the finding and recommended remediation instructions. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
optionalArray |
Optional header details. | |||||||
Object | An optional header. | |||||||
nameString |
The name of this optional header. | |||||||
is_missingBoolean |
true = This optional header is missing. |
|||||||
valueString |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
componentsArray |
||||||||
annotationsArray |
A description of the finding and recommended remediation instructions. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
final_locationString |
Example:
|
|||||||
geo_ip_locationString |
A 2-letter ISO country code indicating the finding’s country of origin. | |||||||
countryString |
The finding’s country of origin. | |||||||
gradeString |
The finding grade. | |||||||
observed_ipsArray |
Observed IP addresses. | |||||||
remediationsArray |
Information about a finding and instructions to remediate it. | |||||||
Object | A finding. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
vulnerabilitiesArray |
This is not applicable to Web Application Header findings. | |||||||
dest_portInteger |
A compromised device was observed to be sending traffic from this port. | |||||||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | |||||||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. | |||||||
evidence_keyString |
The asset that’s attributed to the finding. | |||||||
first_seenString [ YYYY-MM-DD ]
|
The date when this observation was first seen. | |||||||
last_seenString [ YYYY-MM-DD ]
|
The date when this observation was last seen. | |||||||
risk_categoryString |
The risk category of this finding. | |||||||
risk_vectorString |
The slug name of this risk vector. | |||||||
risk_vector_labelString |
The display name of this risk vector. | |||||||
rolledup_observation_idString |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | |||||||
severityDecimal |
The finding severity, which is the measured risk that this finding introduces. | |||||||
severity_categoryString |
The finding severity slug name. | |||||||
tagsArray |
Infrastructure tags that identify this asset. | |||||||
remediation_historyObject |
The finding’s remediation and refresh history. | |||||||
last_requested_refresh_dateString [ YYYY-MM-DD ] |
The date when a finding refresh that included this finding was last requested. | |||||||
last_refresh_status_dateString [ YYYY-MM-DD ] |
The date when this finding’s remediation status was last refreshed. | |||||||
last_refresh_status_labelString |
The current refresh status of this finding. | |||||||
last_refresh_reason_codeString |
The current remediation status of this finding. | |||||||
asset_overridesArray |
User-assigned asset importance details. | |||||||
durationString |
This is not applicable to Web Application Header findings. | |||||||
commentsString |
Finding comments. | |||||||
remaining_decayInteger |
The remaining finding lifetime. |
- March 15, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.