https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=application_security
Get Web Application Header finding details.
Parameters
For details specific to Web Application Headers, use the ?risk_vector=application_security
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=application_security -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":98, "results":[ { "temporary_id":"A9Jq47BBjecd83c4cc889d99f958aa9b1cb337bf9a", "affects_rating":true, "assets":[ { "asset":"www.actorsfilms.us", "identifier":null, "category":"critical", "importance":0.1, "is_ip":false } ], "details":{ "check_pass":" ", "diligence_annotations":{ "record":"HTTP/1.1 200 OK\r\nDate: Tue, 01 Mar 2022 09:37:45 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 5958\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nExpires: -1\r\nServer: namecheap-nginx\r\nX-CST: MISS\r\nAllow: GET, HEAD", "title":"actorsfilms.us - Registered at Namecheap.com", "html":[ ], "required":[ { "name":"X-Content-Type-Options", "is_missing":true, "value":" ", "components":[ ], "annotations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "optional":[ { "name":"Expires", "is_missing":false, "value":"-1", "components":[ ], "annotations":[ ] } ] }, "final_location":"http://www.actorsfilms.us/", "geo_ip_location":"US", "country":"United States", "grade":"NEUTRAL", "observed_ips":[ "www.actorsfilms.us[198.54.117.217]:80" ], "remediations":[ { "message":"Missing required headers", "help_text":"One or more required security headers are not set.", "remediation_tip":"Ensure your policy correctly implements the required headers. Refer to the <a target=\"new\" href=\"/hc/en-us/articles/360008632054\">list of required headers</a>." }, […] ], "vulnerabilities":[ ], "dest_port":80, "rollup_end_date":"2022-03-01", "rollup_start_date":"2022-02-23" }, "evidence_key":"www.actorsfilms.us:80", "first_seen":"2022-02-23", "last_seen":"2022-03-01", "risk_category":"Diligence", "risk_vector":"application_security", "risk_vector_label":"Web Application Headers", "rolledup_observation_id":"jcDHImzCcc3xmtZZ-CXAYA==", "severity":1.0, "severity_category":"minor", "tags":[ "saperix inc" ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":null, "comments":null, "remaining_decay":47 } ] }
Response Attributes
Field | Description | |||||||
---|---|---|---|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | |||||||
next String |
The URL to navigate to the next page of results. | |||||||
previous String |
The URL to navigate to the previous page of results. | |||||||
count Integer |
The number of findings. | |||||||
results Array |
Findings and their details. | |||||||
Object | A finding. | |||||||
temporary_id String |
A temporary identifier for this finding. | |||||||
affects_rating Boolean |
true = This finding has an impact on the risk vector letter grade. |
|||||||
assets Array |
Asset details. | |||||||
Object | An asset (IP address or domain). | |||||||
asset String |
The asset associated with this finding. | |||||||
identifier String |
This is not applicable to Web Application Header findings. | |||||||
category String |
The Bitsight-calculated asset importance. | |||||||
importance Decimal |
For internal Bitsight use. | |||||||
is_ip Boolean |
true = This asset is an IP address. |
|||||||
details Object |
Details of this finding. | |||||||
check_pass String |
For internal Bitsight use. | |||||||
diligence_annotations Object |
Diligence finding details. | |||||||
record String |
||||||||
title String |
The title of the web page. | |||||||
html Array |
HTML header details, including:
|
|||||||
required Array |
Required header details. | |||||||
Object | A required header. | |||||||
name String |
The name of this required header. | |||||||
is_missing Boolean |
true = This header is missing. |
|||||||
value String |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
components Array |
||||||||
annotations Array |
A description of the finding and recommended remediation instructions. | |||||||
message String |
The display name of this finding. | |||||||
help_text String |
Details of this finding. | |||||||
remediation_tip String |
The recommended remediation instructions. | |||||||
optional Array |
Optional header details. | |||||||
Object | An optional header. | |||||||
name String |
The name of this optional header. | |||||||
is_missing Boolean |
true = This optional header is missing. |
|||||||
value String |
Header settings that are contributing to the finding grade.
Examples: |
|||||||
components Array |
||||||||
annotations Array |
A description of the finding and recommended remediation instructions. | |||||||
message String |
The display name of this finding. | |||||||
help_text String |
Details of this finding. | |||||||
remediation_tip String |
The recommended remediation instructions. | |||||||
final_location String |
Example:
|
|||||||
geo_ip_location String |
A 2-letter ISO country code indicating the finding’s country of origin. | |||||||
country String |
The finding’s country of origin. | |||||||
grade String |
The finding grade. | |||||||
observed_ips Array |
Observed IP addresses. | |||||||
remediations Array |
Information about a finding and instructions to remediate it. | |||||||
Object | A finding. | |||||||
message String |
The display name of this finding. | |||||||
help_text String |
Details of this finding. | |||||||
remediation_tip String |
The recommended remediation instructions. | |||||||
vulnerabilities Array |
This is not applicable to Web Application Header findings. | |||||||
dest_port Integer |
The destination port number. | |||||||
rollup_end_date String [ |
The date when this finding was last observed. | |||||||
rollup_start_date String [ |
The date when this finding was first observed. | |||||||
evidence_key String |
The asset that’s attributed to the finding. | |||||||
first_seen String [ |
The date when this observation was first seen. | |||||||
last_seen String [ |
The date when this observation was last seen. | |||||||
risk_category String |
The risk category of this finding. | |||||||
risk_vector String |
The slug name of this risk vector. | |||||||
risk_vector_label String |
The display name of this risk vector. | |||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | |||||||
severity Decimal |
The finding severity, which is the measured risk that this finding introduces. | |||||||
severity_category String |
The finding severity slug name. | |||||||
tags Array |
Infrastructure tags that identify this asset. | |||||||
remediation_history Object |
If ?expand=remediation_history parameter is set, the remediation history of the finding is included. |
|||||||
last_requested_refresh_date String [ |
The date when a finding rescan that included this finding was last requested. | |||||||
last_refresh_status_date String [ |
The date when a rescan of the remediation status of this finding was last requested. | |||||||
last_refresh_status_label String |
The current rescan status of this finding. | |||||||
last_refresh_status_reason String |
The rescan status. | |||||||
last_refresh_reason_code String |
The reason code for the rescan status. | |||||||
last_refresh_requester String [ |
The unique identifier of the user who requested the rescan. | |||||||
result_finding_date String [ |
The first seen date of the finding that resulted from the rescan, if applicable. | |||||||
asset_overrides Array |
User-assigned asset importance details. | |||||||
duration String |
This is not applicable to Web Application Header findings. | |||||||
comments String |
Finding comments. | |||||||
remaining_decay Integer |
The remaining finding lifetime. |
-
February 28, 2025: Added
last_refresh_status_reason
,last_refresh_reason_code
,last_refresh_requester
, andresult_finding_date
response attributes. - March 15, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.