https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=potentially_exploited
Get an organization’s Potentially Exploited finding details.
Parameters
For details specific to Potentially Exploited, use the ?risk_vector=potentially_exploited
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=potentially_exploited -u api_token:
Example Response
{ "links":{ "next":null, "previous":null }, "count":10, "results":[ […] { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ], }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03", "last_seen":"2021-05-03", "related_findings":[ { "temporary_id":"A9Jq47BBjedd32b22a968d7e535252a5a931d8a8c7", "pcap_id":"UENBUHBjYXBQQ0FQcGNhcI5SJvT_85YqKfT6aSGksbyTPbrc5jsEaJ3_hAoFJiFZ_Jp6pbTnD1yR6BgY5WKhr_RorfG106x46uWToiD1icQ=", "affects_rating":false, "assets":[ { "asset":"213.215.200.98", "identifier":null, "category":"low", "importance":0.0, "is_ip":true } ], "details":{ "check_pass":" ", "geo_ip_location":"IT", "country":"Italy", "infection":{ "family":"AMCleaner", "description":"This potentially unwanted application (PUA) shows adds and provides misleading information about issues on the computer.", "references":[ "https://www.threatonmac.com/application-mac-osx-amcleaner-pua-removal/" ], "data_exfiltration":false, "unauthorized_access":false, "implies_other_infections":false, "resource_abuse":true, "target_platforms":[ "MacOSX" ], "aliases":[ "Maftask" ] }, "remediations":[ ], "sample_timestamp":"2021-05-03T12:57:40Z", "server_name":"bgtc.mac-autofixer.com", "user_agent":"maftask/1.0 CFNetwork/978.0.7 Darwin/18.6.0 (x86_64)", "vulnerabilities":[ ], "count":6, "dest_port":80, "detection_method":"Sinkhole", "request_method":"GET", "rollup_end_date":"2021-05-03", "rollup_start_date":"2021-05-03", "sinkhole_ip":"72.26.218.86", "sinkhole_ip_masked":"XXX.26.218.86", "src_port":54333 }, "evidence_key":"213.215.200.98", "first_seen":"2021-05-03T08:06:59Z", "last_seen":"2021-05-03T12:57:40Z", "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "attributed_companies":[ ], "pinned":null, "pinned_by_user":null } ], "risk_category":"Compromised Systems", "risk_vector":"potentially_exploited", "risk_vector_label":"Potentially Exploited", "rolledup_observation_id":"ESY_FRtviE-lZl43RWuyTw==", "severity":8.0, "severity_category":"material", "tags":[ ], "remediation_history":{ "last_requested_refresh_date":null, "last_refresh_status_date":null, "last_refresh_status_label":null, "last_refresh_reason_code":null }, "asset_overrides":[ ], "duration":"1 day", "comments":null, "remaining_decay":null } ] }
Response Attributes
Field | Description | ||||||
---|---|---|---|---|---|---|---|
links Object |
Navigation for multiple pages of results. See pagination. | ||||||
next String |
The URL to navigate to the next page of results. | ||||||
previous String |
The URL to navigate to the previous page of results. | ||||||
count Integer |
The number of findings. | ||||||
results Array |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_id String |
A temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) ID. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP address or domain) details. | ||||||
Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references Array |
Information source URLs. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection could lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Potentially Exploited findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
server_name String |
The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. | ||||||
user_agent String |
Browser details. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
request_method String |
The request method used to communicate with the malware. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset (domain or IP address) that’s attributed to this finding. | ||||||
first_seen String [ |
The date when this finding was first observed. | ||||||
last_seen String [ |
The date when this finding was last observed. | ||||||
related_findings Array |
Findings and their details. | ||||||
Object | A finding. | ||||||
temporary_id String |
The temporary identifier for this finding. | ||||||
pcap_id String |
The packet capture (PCAP or libpcap) identifier. | ||||||
affects_rating Boolean |
true = This finding impacts the risk vector letter grade. |
||||||
assets Array |
Asset (IP or domain) details. | ||||||
Object | An asset. | ||||||
asset String |
The asset associated with this finding. | ||||||
identifier Null |
For internal Bitsight use. | ||||||
category String |
The Bitsight-calculated asset importance slug name. | ||||||
importance Decimal |
The Bitsight-calculated asset importance. | ||||||
is_ip Boolean |
true = This asset is an IP address. |
||||||
details Object |
Finding details. | ||||||
check_pass String |
For internal Bitsight use. | ||||||
geo_ip_location String |
This finding’s country of origin in a 2-letter ISO country code format. | ||||||
country String |
This finding’s country of origin. | ||||||
infection Object |
Infection details. | ||||||
family String |
This infection’s malware family. | ||||||
description String |
An overview of this infection. | ||||||
references Array |
Infection information sources. | ||||||
data_exfiltration Boolean |
true = This infection allows any unauthorized transfers of sensitive information. |
||||||
unauthorized_access Boolean |
true = This infection allows attackers to connect and then log in as a legitimate user. |
||||||
implies_other_infections Boolean |
true = This infection may lead to other infections. |
||||||
resource_abuse Boolean |
true = This infection is misusing assets. |
||||||
target_platforms Array |
Platforms targeted by this infection. | ||||||
aliases Array |
Alternative names for this infection. | ||||||
remediations Array |
This is not applicable to Potentially Exploited findings. | ||||||
sample_timestamp String [ |
The date and time when this finding was observed. | ||||||
server_name String |
The domain name of the affected server. It is known to be a command and control server, sinkhole, or is hosting adware. | ||||||
user_agent String |
Browser details. | ||||||
vulnerabilities Array |
Vulnerability details. | ||||||
count Integer |
The number of observations for this finding. | ||||||
dest_port Integer |
A compromised device was observed to be sending traffic from this port. | ||||||
detection_method String |
The method used to detect the infection. See the data collection methods. | ||||||
request_method String |
The request method used to communicate with the malware. | ||||||
rollup_end_date String [ |
The date when this finding was last observed. | ||||||
rollup_start_date String [ |
The date when this finding was first observed. | ||||||
sinkhole_ip String |
The full sinkhole IP address. | ||||||
sinkhole_ip_masked String |
The masked sinkhole IP address. | ||||||
src_port Integer |
The port where traffic from a compromised device was observed. | ||||||
evidence_key String |
The asset attributed to this finding. | ||||||
first_seen String [ |
The date and time when this finding was first observed. | ||||||
last_seen String [ |
The date and time when this finding was last observed. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Potentially Exploited findings. |
||||||
last_requested_refresh_date Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_date Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_label Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_reason_code Null |
This is not applicable to Potentially Exploited findings. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
attributed_companies Array |
Companies in the Ratings Tree that are attributed to this finding. | ||||||
pinned Null |
For internal Bitsight use. | ||||||
pinned_by_user Null |
For internal Bitsight use. | ||||||
risk_category String |
The risk category. | ||||||
risk_vector String |
The risk vector slug name. | ||||||
risk_vector_label String |
The risk vector display name. | ||||||
rolledup_observation_id String |
A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. | ||||||
severity Decimal |
This finding’s Bitsight severity. | ||||||
severity_category String |
This finding’s Bitsight severity. | ||||||
tags Array |
Infrastructure tags identifying the asset. | ||||||
remediation_history Object |
If the expand=remediation_history parameter is set, this remediation history is included. This is not applicable to Potentially Exploited findings. |
||||||
last_requested_refresh_date Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_date Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_status_label Null |
This is not applicable to Potentially Exploited findings. | ||||||
last_refresh_reason_code Null |
This is not applicable to Potentially Exploited findings. | ||||||
asset_overrides Array |
User-assigned asset importance. | ||||||
duration String |
This finding’s duration. | ||||||
comments String |
This finding’s comments. | ||||||
remaining_decay Integer |
This finding’s remaining lifetime. |
- April 20, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.