Publication Date – March 15, 2022
https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=application_security
Get Web Application Header finding details.
Parameters
For details specific to Web Application Headers, use the ?risk_vector=application_security parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=application_security -u api_token:
Example Response
{
"links":{
"next":null,
"previous":null
},
"count":98,
"results":[
{
"temporary_id":"A9Jq47BBjecd83c4cc889d99f958aa9b1cb337bf9a",
"affects_rating":true,
"assets":[
{
"asset":"www.actorsfilms.us",
"identifier":null,
"category":"critical",
"importance":0.1,
"is_ip":false
}
],
"details":{
"check_pass":" ",
"diligence_annotations":{
"record":"HTTP/1.1 200 OK\r\nDate: Tue, 01 Mar 2022 09:37:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5958\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nServer: namecheap-nginx\r\nX-CST: MISS\r\nAllow: GET, HEAD",
"title":"actorsfilms.us - Registered at Namecheap.com",
"html":[ ],
"required":[
{
"name":"X-Content-Type-Options",
"is_missing":true,
"value":" ",
"components":[ ],
"annotations":[
{
"message":"Missing required headers",
"help_text":"One or more required security headers are not set.",
"remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>."
},
[…]
],
"optional":[
{
"name":"Expires",
"is_missing":false,
"value":"-1",
"components":[ ],
"annotations":[ ]
}
]
},
"final_location":"http://www.actorsfilms.us/",
"geo_ip_location":"US",
"country":"United States",
"grade":"NEUTRAL",
"observed_ips":[
"www.actorsfilms.us[198.54.117.217]:80"
],
"remediations":[
{
"message":"Missing required headers",
"help_text":"One or more required security headers are not set.",
"remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>."
},
[…]
],
"vulnerabilities":[ ],
"dest_port":80,
"rollup_end_date":"2022-03-01",
"rollup_start_date":"2022-02-23"
},
"evidence_key":"www.actorsfilms.us:80",
"first_seen":"2022-02-23",
"last_seen":"2022-03-01",
"risk_category":"Diligence",
"risk_vector":"application_security",
"risk_vector_label":"Web Application Headers",
"rolledup_observation_id":"jcDHImzCcc3xmtZZ-CXAYA==",
"severity":1.0,
"severity_category":"minor",
"tags":[
"saperix inc"
],
"remediation_history":{
"last_requested_refresh_date":null,
"last_refresh_status_date":null,
"last_refresh_status_label":null,
"last_refresh_reason_code":null
},
"asset_overrides":[ ],
"duration":null,
"comments":null,
"remaining_decay":47
}
]
}
Response Attributes
| Field | Description | |||||||
|---|---|---|---|---|---|---|---|---|
linksObject |
Navigation for multiple pages of results. See pagination. | |||||||
nextString |
The URL to navigate to the next page of results. | |||||||
previousString |
The URL to navigate to the previous page of results. | |||||||
countInteger |
The number of findings. | |||||||
resultsArray |
Findings and their details. | |||||||
| Object | A finding. | |||||||
temporary_idString |
A temporary identifier for this finding. | |||||||
affects_ratingBoolean |
true = This finding has an impact on the risk vector letter grade. |
|||||||
assetsArray |
Asset details. | |||||||
| Object | An asset (IP address or domain). | |||||||
assetString |
The asset associated with this finding. | |||||||
identifierString |
This is not applicable to Web Application Header findings. | |||||||
categoryString |
The Bitsight-calculated asset importance. | |||||||
importanceDecimal |
For internal Bitsight use. | |||||||
is_ipBoolean |
A true value indicates this asset is an IP address. | |||||||
detailsObject |
Details of this finding. | |||||||
check_passString |
For internal Bitsight use. | |||||||
diligence_annotationsObject |
Diligence finding details. | |||||||
recordString |
||||||||
titleString |
The title of the web page. | |||||||
htmlArray |
HTML header details, including:
|
|||||||
requiredArray |
Required header details. | |||||||
| Object | A required header. | |||||||
nameString |
The name of this required header. | |||||||
is_missingBoolean |
true = This header is missing. |
|||||||
valueString |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
componentsArray |
||||||||
annotationsArray |
A description of the finding and recommended remediation instructions. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
optionalArray |
Optional header details. | |||||||
| Object | An optional header. | |||||||
nameString |
The name of this optional header. | |||||||
is_missingBoolean |
true = This optional header is missing. |
|||||||
valueString |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
componentsArray |
||||||||
annotationsArray |
A description of the finding and recommended remediation instructions. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
final_locationString |
Example:
|
|||||||
geo_ip_locationString |
A 2-letter ISO country code indicating the finding’s country of origin. | |||||||
countryString |
The finding’s country of origin. | |||||||
gradeString |
The finding grade. | |||||||
observed_ipsArray |
Observed IP addresses. | |||||||
remediationsArray |
Information about a finding and instructions to remediate it. | |||||||
| Object | A finding. | |||||||
messageString |
The display name of this finding. | |||||||
help_textString |
Details of this finding. | |||||||
remediation_tipString |
The recommended remediation instructions. | |||||||
vulnerabilitiesArray |
This is not applicable to Web Application Header findings. | |||||||
dest_portInteger |
The destination port number. | |||||||
rollup_end_dateString [ YYYY-MM-DD] |
The date when this finding was last observed. | |||||||
rollup_start_dateString [ YYYY-MM-DD] |
The date when this finding was first observed. | |||||||
evidence_keyString |
The asset that’s attributed to the finding. | |||||||
first_seenString [ YYYY-MM-DD] |
The date when this observation was first seen. | |||||||
last_seenString [ YYYY-MM-DD] |
The date when this observation was last seen. | |||||||
risk_categoryString |
The risk category of this finding. | |||||||
risk_vectorString |
The slug name of this risk vector. | |||||||
risk_vector_labelString |
The display name of this risk vector. | |||||||
rolledup_observation_idString |
The unique identifier for this observation. | |||||||
severityDecimal |
The finding severity, which is the measured risk that this finding introduces. | |||||||
severity_categoryString |
The finding severity slug name. | |||||||
tagsArray |
Infrastructure tags that identify this asset. | |||||||
remediation_historyObject |
The finding’s remediation and refresh history. | |||||||
last_requested_refresh_dateString [ YYYY-MM-DD] |
The date when a finding refresh that included this finding was last requested. | |||||||
last_refresh_status_dateString [ YYYY-MM-DD] |
The date when this finding’s remediation status was last refreshed. | |||||||
last_refresh_status_labelString |
The current refresh status of this finding. | |||||||
last_refresh_reason_codeString |
The current remediation status of this finding. | |||||||
asset_overridesArray |
User-assigned asset importance details. | |||||||
durationString |
This is not applicable to Web Application Header findings. | |||||||
commentsString |
Finding comments. | |||||||
remaining_decayInteger |
The remaining finding lifetime. | |||||||