https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=botnet_infections
Get Botnet Infections finding details.
Parameters
For details specific to Botnet Infections, use the ?risk_vector=botnet_infections
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=botnet_infections -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":9, "results":[ […] { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17", "last_seen":"2021-09-17", "related_findings":[ { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17T15:26:07Z", "last_seen":"2021-09-17T19:29:14Z", "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ […] }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":2 } ] }
Response Attributes
<></>
Field | Description | ||||||
---|---|---|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | ||||||
next String |
The URL to navigate to the next page of results. | ||||||
previous String |
The URL to navigate to the previous page of results. | ||||||
count Integer |
The number of findings. | ||||||
results Array |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_id String |
A temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) ID. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP address or domain) details. | ||||||
Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references Array |
Information source URLs. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection could lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset (domain or IP address) that’s attributed to this finding. | ||||||
first_seen String [ |
The date when this finding was first observed. | ||||||
last_seen String [ |
The date when this finding was last observed. | ||||||
related_findings Array |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_id String |
The temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) identifier. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP or domain) details. | ||||||
Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance slug name. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references String |
Infection information sources. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection may lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset attributed to this finding. | ||||||
first_seen String [ |
The date and time when this finding was first observed. | ||||||
last_seen String [ |
The date and time when this finding was last observed. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If ?expand=remediation_history parameter is set, the remediation history of the finding is included. |
||||||
last_requested_refresh_date String [ |
The date when a finding rescan that included this finding was last requested. | ||||||
last_refresh_status_date String [ |
The date when a rescan of the remediation status of this finding was last requested. | ||||||
last_refresh_status_label String |
The current rescan status of this finding. | ||||||
last_refresh_status_reason String |
The rescan status. | ||||||
last_refresh_reason_code String |
The reason code for the resacn status. | ||||||
last_refresh_requester String [user_guid] |
The unique identifier of the user who requested the rescan. | ||||||
result_finding_date String [YYYY-MM-DD] |
The first seen date of the finding that resulted from the rescan, if applicable. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
attributed_companies Array |
Companies in the Ratings Tree that are attributed to this finding. | ||||||
pinned Null |
For internal Bitsight use. | ||||||
pinned_by_user Null |
For internal Bitsight use. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections. |
||||||
last_requested_refresh_date Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_date Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_label Null |
This is not applicable to Botnet Infections. | ||||||
last_refresh_reason_code Null |
This is not applicable to Botnet Infections. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
remaining_decay Integer |
This finding’s remaining lifetime. |
-
February 28, 2025: Added
last_refresh_status_reason
,last_refresh_reason_code
,last_refresh_requester
, andresult_finding_date
response attributes. - March 22, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.