GET: Botnet Infections Finding Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=botnet_infections Get Botnet Infections finding details. Parameters For details specific to Botnet Infections, use the ?risk_vector=botnet_infections parameter. Other query parameters are listed in GET: Finding Details. Example Request curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=botnet_infections -u api_token: Example Response { "links":{ "next":null, "previous":null }, "count":9, "results":[ […] { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17", "last_seen":"2021-09-17", "related_findings":[ { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17T15:26:07Z", "last_seen":"2021-09-17T19:29:14Z", "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ […] }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":2 } ] } Response Attributes <></> Field Description links Object Navigation for multiple pages of results. See pagination. next String The URL to navigate to the next page of results. previous String The URL to navigate to the previous page of results. count Integer The number of findings. results Array Findings and their details. Object A finding. temporary_id String A temporary identifier for this finding. pcap_id String The packet capture (PCAP or libpcap) ID. affects_rating Boolean true = This finding impacts the risk vector letter grade. assets Array Asset (IP address or domain) details. Object An asset. asset String The asset associated with this finding. identifier Null For internal Bitsight use. category String The Bitsight-calculated asset importance. importance Decimal The Bitsight-calculated asset importance. is_ip Boolean true = This asset is an IP address. details Object Finding details. check_pass String For internal Bitsight use. geo_ip_location String This finding’s country of origin in a 2-letter ISO country code format. country String This finding’s country of origin. infection Object Infection details. family String This infection’s malware family. description String An overview of this infection. references Array Information source URLs. data_exfiltration Boolean true = This infection allows any unauthorized transfers of sensitive information. unauthorized_access Boolean true = This infection allows attackers to connect and then log in as a legitimate user. implies_other_infections Boolean true = This infection could lead to other infections. resource_abuse Boolean true = This infection is misusing assets. target_platforms Array Platforms targeted by this infection. aliases Array Alternative names for this infection. remediations Array This is not applicable to Botnet Infection findings. sample_timestamp String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was observed. vulnerabilities Array Vulnerability details. count Integer The number of observations for this finding. dest_port Integer A compromised device was observed to be sending traffic from this port. detection_method String The method used to detect the infection. See the data collection methods. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. sinkhole_ip String The full sinkhole IP address. sinkhole_ip_masked String The masked sinkhole IP address. src_port Integer The port where traffic from a compromised device was observed. evidence_key String The asset (domain or IP address) that’s attributed to this finding. first_seen String [YYYY-MM-DD] The date when this finding was first observed. last_seen String [YYYY-MM-DD] The date when this finding was last observed. related_findings Array Findings and their details. Object A finding. temporary_id String The temporary identifier for this finding. pcap_id String The packet capture (PCAP or libpcap) identifier. affects_rating Boolean true = This finding impacts the risk vector letter grade. assets Array Asset (IP or domain) details. Object An asset. asset String The asset associated with this finding. identifier Null For internal Bitsight use. category String The Bitsight-calculated asset importance slug name. importance Decimal The Bitsight-calculated asset importance. is_ip Boolean true = This asset is an IP address. details Object Finding details. check_pass String For internal Bitsight use. geo_ip_location String This finding’s country of origin in a 2-letter ISO country code format. country String This finding’s country of origin. infection Object Infection details. family String This infection’s malware family. description String An overview of this infection. references String Infection information sources. data_exfiltration Boolean true = This infection allows any unauthorized transfers of sensitive information. unauthorized_access Boolean true = This infection allows attackers to connect and then log in as a legitimate user. implies_other_infections Boolean true = This infection may lead to other infections. resource_abuse Boolean true = This infection is misusing assets. target_platforms Array Platforms targeted by this infection. aliases Array Alternative names for this infection. remediations Array This is not applicable to Botnet Infection findings. sample_timestamp String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was observed. vulnerabilities Array Vulnerability details. count Integer The number of observations for this finding. dest_port Integer A compromised device was observed to be sending traffic from this port. detection_method String The method used to detect the infection. See the data collection methods. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. sinkhole_ip String The full sinkhole IP address. sinkhole_ip_masked String The masked sinkhole IP address. src_port Integer The port where traffic from a compromised device was observed. evidence_key String The asset attributed to this finding. first_seen String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was first observed. last_seen String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was last observed. risk_category String The risk category. risk_vector String The risk vector slug name. risk_vector_label String The risk vector display name. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal This finding’s Bitsight severity. severity_category String This finding’s Bitsight severity. tags Array Infrastructure tags identifying the asset. remediation_history Object If ?expand=remediation_history parameter is set, the remediation history of the finding is included. last_requested_refresh_date String [YYYY‑MM‑DD] The date when a finding rescan that included this finding was last requested. last_refresh_status_date String [YYYY‑MM‑DD] The date when a rescan of the remediation status of this finding was last requested. last_refresh_status_label String The current rescan status of this finding. last_refresh_status_reason String The rescan status. last_refresh_reason_code String The reason code for the rescan status. last_refresh_requester String [user_guid] The unique identifier of the user who requested the rescan. result_finding_date String [YYYY-MM-DD] The first seen date of the finding that resulted from the rescan, if applicable. asset_overrides Array User-assigned asset importance. duration String This finding’s duration. comments String This finding’s comments. attributed_companies Array Companies in the Ratings Tree that are attributed to this finding. pinned Null For internal Bitsight use. pinned_by_user Null For internal Bitsight use. risk_category String The risk category. risk_vector String The risk vector slug name. risk_vector_label String The risk vector display name. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal This finding’s Bitsight severity. severity_category String This finding’s Bitsight severity. tags Array Infrastructure tags identifying the asset. remediation_history Object If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections. last_requested_refresh_date Null This is not applicable to Botnet Infections. last_refresh_status_date Null This is not applicable to Botnet Infections. last_refresh_status_label Null This is not applicable to Botnet Infections. last_refresh_reason_code Null This is not applicable to Botnet Infections. asset_overrides Array User-assigned asset importance. duration String This finding’s duration. comments String This finding’s comments. remaining_decay Integer This finding’s remaining lifetime. February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes. March 22, 2022: Published. Related articles GET: Finding Details GET: Spam Propagation Finding Details GET: Compromised Systems Finding Details Botnet Infection Findings GET: Diligence Finding Details Feedback 0 comments Please sign in to leave a comment.