GET: Potentially Exploited Finding Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=potentially_exploited Get an organization’s Potentially Exploited finding details. Parameters For details specific to Potentially Exploited, use the ?risk_vector=potentially_exploited parameter. Other query parameters are listed in GET: Finding Details. Example Request curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=potentially_exploited -u api_token: Example Response { "links":{ "next":null, "previous":null }, "count":10, "results":[ […] { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ], }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03", "last_seen":"2021-05-03", "related_findings":[ { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ] }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03T08:06:59Z", "last_seen":"2021-05-03T12:57:40Z", "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":null } ] } Response Attributes Field Description links Object Navigation for multiple pages of results. See pagination. next String The URL to navigate to the next page of results. previous String The URL to navigate to the previous page of results. count Integer The number of findings. results Array Findings and their details. Object A finding. temporary_id String A temporary identifier for this finding. pcap_id String The packet capture (PCAP or libpcap) ID. affects_rating Boolean true = This finding impacts the risk vector letter grade. assets Array Asset (IP address or domain) details. Object An asset. asset String The asset associated with this finding. identifier Null For internal Bitsight use. category String The Bitsight-calculated asset importance. importance Decimal The Bitsight-calculated asset importance. is_ip Boolean true = This asset is an IP address. details Object Finding details. check_pass String For internal Bitsight use. geo_ip_location String This finding’s country of origin in a 2-letter ISO country code format. country String This finding’s country of origin. infection Object Infection details. family String This infection’s malware family. description String An overview of this infection. references Array Information source URLs. data_exfiltration Boolean true = This infection allows any unauthorized transfers of sensitive information. unauthorized_access Boolean true = This infection allows attackers to connect and then log in as a legitimate user. implies_other_infections Boolean true = This infection could lead to other infections. resource_abuse Boolean true = This infection is misusing assets. target_platforms Array Platforms targeted by this infection. aliases Array Alternative names for this infection. remediations Array This is not applicable to Potentially Exploited findings. sample_timestamp String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was observed. server_name String The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. user_agent String The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. vulnerabilities Array Vulnerability details. count Integer The number of observations for this finding. dest_port Integer A compromised device was observed to be sending traffic from this port. detection_method String The method used to detect the infection. See the data collection methods. request_method String The request method used to communicate with the malware. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. sinkhole_ip String The full sinkhole IP address. sinkhole_ip_masked String The masked sinkhole IP address. src_port Integer The port where traffic from a compromised device was observed. evidence_key String The asset (domain or IP address) that’s attributed to this finding. first_seen String [YYYY-MM-DD] The date when this finding was first observed. last_seen String [YYYY-MM-DD] The date when this finding was last observed. related_findings Array Findings and their details. Object A finding. temporary_id String The temporary identifier for this finding. pcap_id String The packet capture (PCAP or libpcap) identifier. affects_rating Boolean true = This finding impacts the risk vector letter grade. assets Array Asset (IP or domain) details. Object An asset. asset String The asset associated with this finding. identifier Null For internal Bitsight use. category String The Bitsight-calculated asset importance slug name. importance Decimal The Bitsight-calculated asset importance. is_ip Boolean true = This asset is an IP address. details Object Finding details. check_pass String For internal Bitsight use. geo_ip_location String This finding’s country of origin in a 2-letter ISO country code format. country String This finding’s country of origin. infection Object Infection details. family String This infection’s malware family. description String An overview of this infection. references Array Infection information sources. data_exfiltration Boolean true = This infection allows any unauthorized transfers of sensitive information. unauthorized_access Boolean true = This infection allows attackers to connect and then log in as a legitimate user. implies_other_infections Boolean true = This infection may lead to other infections. resource_abuse Boolean true = This infection is misusing assets. target_platforms Array Platforms targeted by this infection. aliases Array Alternative names for this infection. remediations Array This is not applicable to Potentially Exploited findings. sample_timestamp String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was observed. server_name String The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. user_agent String The user-agent string in the header, which identifies end-user interactions with web content. The details include the application, operating system, browser, and software version. vulnerabilities Array Vulnerability details. count Integer The number of observations for this finding. dest_port Integer A compromised device was observed to be sending traffic from this port. detection_method String The method used to detect the infection. See the data collection methods. request_method String The request method used to communicate with the malware. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. sinkhole_ip String The full sinkhole IP address. sinkhole_ip_masked String The masked sinkhole IP address. src_port Integer The port where traffic from a compromised device was observed. evidence_key String The asset attributed to this finding. first_seen String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was first observed. last_seen String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was last observed. risk_category String The risk category. risk_vector String The risk vector slug name. risk_vector_label String The risk vector display name. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal This finding’s Bitsight severity. severity_category String This finding’s Bitsight severity. tags Array Infrastructure tags identifying the asset. remediation_history Object If ?expand=remediation_history parameter is set, the remediation history of the finding is included. last_requested_refresh_date String [YYYY‑MM‑DD] The date when a finding rescan that included this finding was last requested. last_refresh_status_date String [YYYY‑MM‑DD] The date when a rescan of the remediation status of this finding was last requested. last_refresh_status_label String The current rescan status of this finding. last_refresh_status_reason String The rescan status. last_refresh_reason_code String The reason code for the rescan status. last_refresh_requester String [user_guid] The unique identifier of the user who requested the rescan. result_finding_date String [YYYY-MM-DD] The first seen date of the finding that resulted from the rescan, if applicable. asset_overrides Array User-assigned asset importance. duration String This finding’s duration. comments String This finding’s comments. attributed_companies Array Companies in the Ratings Tree that are attributed to this finding. pinned Null For internal Bitsight use. pinned_by_user Null For internal Bitsight use. risk_category String The risk category. risk_vector String The risk vector slug name. risk_vector_label String The risk vector display name. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal This finding’s Bitsight severity. severity_category String This finding’s Bitsight severity. tags Array Infrastructure tags identifying the asset. remediation_history Object If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Potentially Exploited findings. last_requested_refresh_date Null This is not applicable to Potentially Exploited findings. last_refresh_status_date Null This is not applicable to Potentially Exploited findings. last_refresh_status_label Null This is not applicable to Potentially Exploited findings. last_refresh_reason_code Null This is not applicable to Potentially Exploited findings. asset_overrides Array User-assigned asset importance. duration String This finding’s duration. comments String This finding’s comments. remaining_decay Integer This finding’s remaining lifetime. February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes. April 20, 2022: Published. Related articles GET: Finding Details GET: Diligence Finding Details GET: Botnet Infections Finding Details GET: Unsolicited Communications Finding Details GET: SPF Domains Finding Details Feedback 0 comments Please sign in to leave a comment.