Publication Date – March 22, 2022
https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=botnet_infections
Get Botnet Infections finding details.
Parameters
For details specific to Botnet Infections, use the ?risk_vector=botnet_infections
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=botnet_infections -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":9, "results":[ […] { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17", "last_seen":"2021-09-17", "related_findings":[ { "temporary_id":"A9Jq47BBje708c931240720bb8b3e4927d1bc2ccd3", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcCuU7mueVsYx_RyqvwRgg_aiyeZWLbjKZFAxxo9W8rLNAgEr3gGkCs_iMiv2a-hnkeADHVZSemL79biBzUAJREQ=", "affects_rating":true, "assets":[ { "asset":"63.208.139.45", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"US", "country":"United States", "infection":{ "family":"ZeroAccess", "description":"This trojan is typically used for bitcoin mining and click fraud.", "references":[ "https://web.archive.org/web/20170826074506/https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99", "https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FSirefef" ], "data_exfiltration":true, "unauthorized_access":true, "implies_other_infections":true, "resource_abuse":true, "target_platforms":[ "Win32" ], "aliases":[ "Sirefef" ] }, "remediations":[ ], "sample_timestamp":"2021-09-17T19:29:14Z", "vulnerabilities":[ ], "count":76, "dest_port":16470, "detection_method":"p2p", "rollup_end_date":"2021-09-17", "rollup_start_date":"2021-09-17", "sinkhole_ip":"52.214.166.221", "sinkhole_ip_masked":"XXX.214.166.221", "src_port":53076 }, "evidence_key":"63.208.139.45", "first_seen":"2021-09-17T15:26:07Z", "last_seen":"2021-09-17T19:29:14Z", "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"botnet_infections", "risk_vector_label":"Botnet Infections", "rolledup_observation_id":"9xrS_LRulk0UOwb3RTs62w==", "severity":10.0, "severity_category":"severe", "tags":[ "Corporate Network" ], "remediation_history":{ […] }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":2 } ] }
Response Attributes
Field | Description | ||||||
---|---|---|---|---|---|---|---|
linksObject |
Navigation for multiple pages of results. See pagination. | ||||||
nextString |
The URL to navigate to the next page of results. | ||||||
previousString |
The URL to navigate to the previous page of results. | ||||||
countInteger |
The number of findings. | ||||||
resultsArray |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_idString |
A temporary identifier for this finding. | ||||||
pcap_idString |
The packet capture (PCAP or libpcap) ID. | ||||||
affects_ratingBoolean |
true = This finding impacts the risk vector letter grade. |
||||||
assetsArray |
Asset (IP address or domain) details. | ||||||
Object | An asset. | ||||||
assetString |
The asset associated with this finding. | ||||||
identifierNull |
For internal Bitsight use. | ||||||
categoryString |
The Bitsight-calculated asset importance. | ||||||
importanceDecimal |
The Bitsight-calculated asset importance. | ||||||
is_ipBoolean |
true = This asset is an IP address. |
||||||
detailsObject |
Finding details. | ||||||
check_passString |
For internal Bitsight use. | ||||||
geo_ip_locationString |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
countryString |
This finding’s country of origin. | ||||||
infectionObject |
Infection details. | ||||||
familyString |
This infection’s malware family. | ||||||
descriptionString |
An overview of this infection. | ||||||
referencesArray |
Information source URLs. | ||||||
data_exfiltrationBoolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_accessBoolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infectionsBoolean |
true = This infection could lead to other infections. |
||||||
resource_abuseBoolean |
true = This infection is misusing assets. |
||||||
target_platformsArray |
Platforms targeted by this infection. | ||||||
aliasesArray |
Alternative names for this infection. | ||||||
remediationsArray |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestampString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was observed. | ||||||
vulnerabilitiesArray |
Vulnerability details. | ||||||
countInteger |
The number of observations for this finding. | ||||||
dest_portInteger |
The destination port. | ||||||
detection_methodString |
The detection method for this finding. | ||||||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
sinkhole_ipString |
The full sinkhole IP address. | ||||||
sinkhole_ip_maskedString |
The masked sinkhole IP address. | ||||||
src_portInteger |
The source port. | ||||||
evidence_keyString |
The asset (domain or IP address) that’s attributed to this finding. | ||||||
first_seenString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
last_seenString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
related_findingsArray |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_idString |
The temporary identifier for this finding. | ||||||
pcap_idString |
The packet capture (PCAP or libpcap) identifier. | ||||||
affects_ratingBoolean |
true = This finding impacts the risk vector letter grade. |
||||||
assetsArray |
Asset (IP or domain) details. | ||||||
Object | An asset. | ||||||
assetString |
The asset associated with this finding. | ||||||
identifierNull |
For internal Bitsight use. | ||||||
categoryString |
The Bitsight-calculated asset importance slug name. | ||||||
importanceDecimal |
The Bitsight-calculated asset importance. | ||||||
is_ipBoolean |
true = This asset is an IP address. |
||||||
detailsObject |
Finding details. | ||||||
check_passString |
For internal Bitsight use. | ||||||
geo_ip_locationString |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
countryString |
This finding’s country of origin. | ||||||
infectionObject |
Infection details. | ||||||
familyString |
This infection’s malware family. | ||||||
descriptionString |
An overview of this infection. | ||||||
referencesString |
Infection information sources. | ||||||
data_exfiltrationBoolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_accessBoolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infectionsBoolean |
true = This infection may lead to other infections. |
||||||
resource_abuseBoolean |
true = This infection is misusing assets. |
||||||
target_platformsArray |
Platforms targeted by this infection. | ||||||
aliasesArray |
Alternative names for this infection. | ||||||
remediationsArray |
This is not applicable to Botnet Infection findings. | ||||||
sample_timestampString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was observed. | ||||||
vulnerabilitiesArray |
Vulnerability details. | ||||||
countInteger |
The number of observations for this finding. | ||||||
dest_portInteger |
The destination port. | ||||||
detection_methodString |
The detection method for this finding. | ||||||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
sinkhole_ipString |
The full sinkhole IP address. | ||||||
sinkhole_ip_maskedString |
The masked sinkhole IP address. | ||||||
src_portInteger |
The source port. | ||||||
evidence_keyString |
The asset attributed to this finding. | ||||||
first_seenString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was first observed. | ||||||
last_seenString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was last observed. | ||||||
risk_categoryString |
The risk category. | ||||||
risk_vectorString |
The risk vector slug name. | ||||||
risk_vector_labelString |
The risk vector display name. | ||||||
rolledup_observation_idString |
The observation’s identifier. | ||||||
severityDecimal |
This finding’s Bitsight severity. | ||||||
severity_categoryString |
This finding’s Bitsight severity. | ||||||
tagsArray |
Infrastructure tags identifying the asset. | ||||||
remediation_historyObject |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections. |
||||||
last_requested_refresh_dateNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_dateNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_labelNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_reason_codeNull |
This is not applicable to Botnet Infections. | ||||||
asset_overridesArray |
User-assigned asset importance. | ||||||
durationString |
This finding’s duration. | ||||||
commentsString |
This finding’s comments. | ||||||
attributed_companiesArray |
Companies in the Ratings Tree that are attributed to this finding. | ||||||
pinnedNull |
For internal Bitsight use. | ||||||
pinned_by_userNull |
For internal Bitsight use. | ||||||
risk_categoryString |
The risk category. | ||||||
risk_vectorString |
The risk vector slug name. | ||||||
risk_vector_labelString |
The risk vector display name. | ||||||
rolledup_observation_idString |
The observation’s identifier. | ||||||
severityDecimal |
This finding’s Bitsight severity. | ||||||
severity_categoryString |
This finding’s Bitsight severity. | ||||||
tagsArray |
Infrastructure tags identifying the asset. | ||||||
remediation_historyObject |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Botnet Infections. |
||||||
last_requested_refresh_dateNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_dateNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_status_labelNull |
This is not applicable to Botnet Infections. | ||||||
last_refresh_reason_codeNull |
This is not applicable to Botnet Infections. | ||||||
asset_overridesArray |
User-assigned asset importance. | ||||||
durationString |
This finding’s duration. | ||||||
commentsString |
This finding’s comments. | ||||||
remaining_decayInteger |
This finding’s remaining lifetime. |