Publication Date – April 20, 2022
https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=potentially_exploited
Get an organization’s Potentially Exploited finding details.
Parameters
For details specific to Potentially Exploited, use the ?risk_vector=potentially_exploited
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=potentially_exploited -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":10, "results":[ […] { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ], }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03", "last_seen":"2021-05-03", "related_findings":[ { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ] }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03T08:06:59Z", "last_seen":"2021-05-03T12:57:40Z", "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":null } ] }
Response Attributes
Field | Description | ||||||
---|---|---|---|---|---|---|---|
linksObject |
Navigation for multiple pages of results. See pagination. | ||||||
nextString |
The URL to navigate to the next page of results. | ||||||
previousString |
The URL to navigate to the previous page of results. | ||||||
countInteger |
The number of findings. | ||||||
resultsArray |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_idString |
A temporary identifier for this finding. | ||||||
pcap_idString |
The packet capture (PCAP or libpcap) ID. | ||||||
affects_ratingBoolean |
true = This finding impacts the risk vector letter grade. |
||||||
assetsArray |
Asset (IP address or domain) details. | ||||||
Object | An asset. | ||||||
assetString |
The asset associated with this finding. | ||||||
identifierNull |
For internal Bitsight use. | ||||||
categoryString |
The Bitsight-calculated asset importance. | ||||||
importanceDecimal |
The Bitsight-calculated asset importance. | ||||||
is_ipBoolean |
true = This asset is an IP address. |
||||||
detailsObject |
Finding details. | ||||||
check_passString |
For internal Bitsight use. | ||||||
geo_ip_locationString |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
countryString |
This finding’s country of origin. | ||||||
infectionObject |
Infection details. | ||||||
familyString |
This infection’s malware family. | ||||||
descriptionString |
An overview of this infection. | ||||||
referencesArray |
Information source URLs. | ||||||
data_exfiltrationBoolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_accessBoolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infectionsBoolean |
true = This infection could lead to other infections. |
||||||
resource_abuseBoolean |
true = This infection is misusing assets. |
||||||
target_platformsArray |
Platforms targeted by this infection. | ||||||
aliasesArray |
Alternative names for this infection. | ||||||
remediationsArray |
This is not applicable to Potentially Exploited findings. | ||||||
sample_timestampString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was observed. | ||||||
server_nameString |
The affected server's domain name. | ||||||
user_agentString |
Browser details. | ||||||
vulnerabilitiesArray |
Vulnerability details. | ||||||
countInteger |
The number of observations for this finding. | ||||||
dest_portInteger |
The destination port. | ||||||
detection_methodString |
The detection method for this finding. | ||||||
request_methodString |
The request method used to communicate with the malware. | ||||||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
sinkhole_ipString |
The full sinkhole IP address. | ||||||
sinkhole_ip_maskedString |
The masked sinkhole IP address. | ||||||
src_portInteger |
The source port. | ||||||
evidence_keyString |
The asset (domain or IP address) that’s attributed to this finding. | ||||||
first_seenString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
last_seenString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
related_findingsArray |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_idString |
The temporary identifier for this finding. | ||||||
pcap_idString |
The packet capture (PCAP or libpcap) identifier. | ||||||
affects_ratingBoolean |
true = This finding impacts the risk vector letter grade. |
||||||
assetsArray |
Asset (IP or domain) details. | ||||||
Object | An asset. | ||||||
assetString |
The asset associated with this finding. | ||||||
identifierNull |
For internal Bitsight use. | ||||||
categoryString |
The Bitsight-calculated asset importance slug name. | ||||||
importanceDecimal |
The Bitsight-calculated asset importance. | ||||||
is_ipBoolean |
true = This asset is an IP address. |
||||||
detailsObject |
Finding details. | ||||||
check_passString |
For internal Bitsight use. | ||||||
geo_ip_locationString |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
countryString |
This finding’s country of origin. | ||||||
infectionObject |
Infection details. | ||||||
familyString |
This infection’s malware family. | ||||||
descriptionString |
An overview of this infection. | ||||||
referencesArray |
Infection information sources. | ||||||
data_exfiltrationBoolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_accessBoolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infectionsBoolean |
true = This infection may lead to other infections. |
||||||
resource_abuseBoolean |
true = This infection is misusing assets. |
||||||
target_platformsArray |
Platforms targeted by this infection. | ||||||
aliasesArray |
Alternative names for this infection. | ||||||
remediationsArray |
This is not applicable to Potentially Exploited findings. | ||||||
sample_timestampString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was observed. | ||||||
server_nameString |
The affected server's domain name. | ||||||
user_agentString |
Browser details. | ||||||
vulnerabilitiesArray |
Vulnerability details. | ||||||
countInteger |
The number of observations for this finding. | ||||||
dest_portInteger |
The destination port. | ||||||
detection_methodString |
The detection method for this finding. | ||||||
request_methodString |
The request method used to communicate with the malware. | ||||||
rollup_end_dateString [ YYYY-MM-DD ] |
The date when this finding was last observed. | ||||||
rollup_start_dateString [ YYYY-MM-DD ] |
The date when this finding was first observed. | ||||||
sinkhole_ipString |
The full sinkhole IP address. | ||||||
sinkhole_ip_maskedString |
The masked sinkhole IP address. | ||||||
src_portInteger |
The source port. | ||||||
evidence_keyString |
The asset attributed to this finding. | ||||||
first_seenString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was first observed. | ||||||
last_seenString [ YYYY-MM-DDTHH:MM:SSZ ] |
The date and time when this finding was last observed. | ||||||
risk_categoryString |
The risk category. | ||||||
risk_vectorString |
The risk vector slug name. | ||||||
risk_vector_labelString |
The risk vector display name. | ||||||
rolledup_observation_idString |
The observation’s identifier. | ||||||
severityDecimal |
This finding’s Bitsight severity. | ||||||
severity_categoryString |
This finding’s Bitsight severity. | ||||||
tagsArray |
Infrastructure tags identifying the asset. | ||||||
remediation_historyObject |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Potentially Exploited findings. |
||||||
last_requested_refresh_dateNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_dateNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_labelNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_reason_codeNull |
This is not applicable to Potentially Exploited findings. | ||||||
asset_overridesArray |
User-assigned asset importance. | ||||||
durationString |
This finding’s duration. | ||||||
commentsString |
This finding’s comments. | ||||||
attributed_companiesArray |
Companies in the Ratings Tree that are attributed to this finding. | ||||||
pinnedNull |
For internal Bitsight use. | ||||||
pinned_by_userNull |
For internal Bitsight use. | ||||||
risk_categoryString |
The risk category. | ||||||
risk_vectorString |
The risk vector slug name. | ||||||
risk_vector_labelString |
The risk vector display name. | ||||||
rolledup_observation_idString |
The observation’s identifier. | ||||||
severityDecimal |
This finding’s Bitsight severity. | ||||||
severity_categoryString |
This finding’s Bitsight severity. | ||||||
tagsArray |
Infrastructure tags identifying the asset. | ||||||
remediation_historyObject |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Potentially Exploited findings. |
||||||
last_requested_refresh_dateNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_dateNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_labelNull |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_reason_codeNull |
This is not applicable to Potentially Exploited findings. | ||||||
asset_overridesArray |
User-assigned asset importance. | ||||||
durationString |
This finding’s duration. | ||||||
commentsString |
This finding’s comments. | ||||||
remaining_decayInteger |
This finding’s remaining lifetime. |