https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=botnet_infections
Get Botnet Infections finding details.
Parameters
For details specific to Botnet Infections, use the ?risk_vector=botnet_infections parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=botnet_infections -u api_token:
Example Response
{
"links":{
"next":null,
"previous":null
},
"count":9,
"results":[
[…]
{
"temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3",
"pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=",
"affects_rating":true,
"assets":[
{
"asset":"63.208.139.45",
"identifier":null,
"category":"low",
"importance":0.0,
"is_ip":true
}
],
"details":{
"check_pass":" ",
"geo_ip_location":"US",
"country":"United States",
"infection":{
"family":"ZeroAccess",
"description":"This trojan is typically used for bitcoin mining and click fraud.",
"references":[
"https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99",
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef"
],
"data_exfiltration":true,
"unauthorized_access":true,
"implies_other_infections":true,
"resource_abuse":true,
"target_platforms":[
"Win32"
],
"aliases":[
"Sirefef"
]
},
"remediations":[ ],
"sample_timestamp":"2021-09-17T19:29:14Z",
"vulnerabilities":[ ],
"count":76,
"dest_port":16470,
"detection_method":"p2p",
"rollup_end_date":"2021-09-17",
"rollup_start_date":"2021-09-17",
"sinkhole_ip":"52.214.166.221",
"sinkhole_ip_masked":"XXX.214.166.221",
"src_port":53076
},
"evidence_key":"63.208.139.45",
"first_seen":"2021-09-17",
"last_seen":"2021-09-17",
"related_findings":[
{
"temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3",
"pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=",
"affects_rating":true,
"assets":[
{
"asset":"63.208.139.45",
"identifier":null,
"category":"low",
"importance":0.0,
"is_ip":true
}
],
"details":{
"check_pass":" ",
"geo_ip_location":"US",
"country":"United States",
"infection":{
"family":"ZeroAccess",
"description":"This trojan is typically used for bitcoin mining and click fraud.",
"references":[
"https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99",
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef"
],
"data_exfiltration":true,
"unauthorized_access":true,
"implies_other_infections":true,
"resource_abuse":true,
"target_platforms":[
"Win32"
],
"aliases":[
"Sirefef"
]
},
"remediations":[ ],
"sample_timestamp":"2021-09-17T19:29:14Z",
"vulnerabilities":[ ],
"count":76,
"dest_port":16470,
"detection_method":"p2p",
"rollup_end_date":"2021-09-17",
"rollup_start_date":"2021-09-17",
"sinkhole_ip":"52.214.166.221",
"sinkhole_ip_masked":"XXX.214.166.221",
"src_port":53076
},
"evidence_key":"63.208.139.45",
"first_seen":"2021-09-17T15:26:07Z",
"last_seen":"2021-09-17T19:29:14Z",
"risk_category":"Compromised Systems",
"risk_vector":"botnet_infections",
"risk_vector_label":"Botnet Infections",
"rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==",
"severity":10.0,
"severity_category":"severe",
"tags":[
"Corporate Network"
],
"remediation_history":{
"last_requested_refresh_date":"2024-06-19",
"last_refresh_status_date":"2024-06-23",
"last_refresh_status_label":"failed",
"last_refresh_status_reason": "asset_not_found",
"last_refresh_reason_code":"asset unreachable",
"last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98",
"result_finding_date": null
},
"asset_overrides":[ ],
"duration":"1 day",
"comments":null,
"attributed_companies":[ ],
"pinned":null,
"pinned_by_user":null
}
],
"risk_category":"Compromised Systems",
"risk_vector":"botnet_infections",
"risk_vector_label":"Botnet Infections",
"rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==",
"severity":10.0,
"severity_category":"severe",
"tags":[
"Corporate Network"
],
"remediation_history":{
[…]
},
"asset_overrides":[ ],
"duration":"1 day",
"comments":null,
"remaining_decay":2
}
]
}
Response Attributes
<></>
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | ||||||
next String |
The URL to navigate to the next page of results. | ||||||
previous String |
The URL to navigate to the previous page of results. | ||||||
count Integer |
The number of findings. | ||||||
results Array |
Findings and their details. | ||||||
| Object | A finding. | ||||||
temporary_id String |
A temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) ID. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP address or domain) details. | ||||||
| Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references Array |
Information source URLs. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection could lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset (domain or IP address) that’s attributed to this finding. | ||||||
first_seen String [ |
The date when this finding was first observed. | ||||||
last_seen String [ |
The date when this finding was last observed. | ||||||
related_findings Array |
Findings and their details. | ||||||
| Object | A finding. | ||||||
temporary_id String |
The temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) identifier. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP or domain) details. | ||||||
| Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance slug name. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references String |
Infection information sources. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection may lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset attributed to this finding. | ||||||
first_seen String [ |
The date and time when this finding was first observed. | ||||||
last_seen String [ |
The date and time when this finding was last observed. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If ?expand=remediation_history parameter is set, the remediation history of the finding is included. |
||||||
last_requested_refresh_date String [ |
The date when a finding rescan that included this finding was last requested. | ||||||
last_refresh_status_date String [ |
The date when a rescan of the remediation status of this finding was last requested. | ||||||
last_refresh_status_label String |
The current rescan status of this finding. | ||||||
last_refresh_status_reason String |
The rescan status. | ||||||
last_refresh_reason_code String |
The reason code for the resacn status. | ||||||
last_refresh_requester String [user_guid] |
The unique identifier of the user who requested the rescan. | ||||||
result_finding_date String [YYYY-MM-DD] |
The first seen date of the finding that resulted from the rescan, if applicable. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
attributed_companies Array |
Companies in the Ratings Tree that are attributed to this finding. | ||||||
pinned Null |
For internal Bitsight use. | ||||||
pinned_by_user Null |
For internal Bitsight use. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections. |
||||||
last_requested_refresh_date Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_date Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_label Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_reason_code Null |
This is not applicable to Botnet Infections. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
remaining_decay Integer |
This finding’s remaining lifetime. | ||||||
-
February 28, 2025: Added
last_refresh_status_reason,last_refresh_reason_code,last_refresh_requester, andresult_finding_dateresponse attributes. - March 22, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.