Finding codes: 10001, 10002, 10003, 10004, 10005, 10013, 10018, 10021, 10023, 10025, 10080, 10082:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"record": "string", # example: '7elevenstores.ca. IN TXT \"v=spf1 mx a ptr ip4:206.152.34.203 a:prodweb.7elevenstores.ca ~all\"'
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 10006, 10007, 10008, 10009:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"dkimSelector": "string",
"domain": "string",
"encryptionType": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"record": "string", # example: '7elevenstores.ca. IN TXT \"v=spf1 mx a ptr ip4:206.152.34.203 a:prodweb.7elevenstores.ca ~all\"'
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 10012, 10024:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 10083:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"dkimSelector": "string",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"record": "string", # example: '7elevenstores.ca. IN TXT \"v=spf1 mx a ptr ip4:206.152.34.203 a:prodweb.7elevenstores.ca ~all\"'
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 1010017:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"ip": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"port": integer,
"serviceNames": "json", # example: '["bgp"]'
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 20011, 20023, 20024, 20025, 20026, 20027, 20028, 20029, 20030, 20031, 20032, 20033, 20034, 20035, 20036, 20037, 20038, 20039, 20040, 20041, 20043, 20044, 20045, 20046, 20047, 20048, 20050, 20052, 20053, 20056, 20057, 20058, 20059, 20060, 20061, 20062, 20063, 20064, 20065, 20066, 20067, 20068, 20069, 20070, 20071, 20072, 20073, 20074, 20075, 20096, 20097, 20098, 20102, 20103, 20104, 20113, 20114, 20115, 20116, 20118, 20119, 20120, 20122, 20123:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"ip": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"port": integer,
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 20099, 20101:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"lastObservedInternalIp": "string",
"lastObservedPublicIp": "string",
"observationOpenStatus": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qname": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 20100:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"cname": "string",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qname": "string",
"serviceProvider": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer,
"wildcard": "boolean"
}
Finding codes: 30009, 30010:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"details": "json", # Can vary by finding code
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"scannedHost": "string",
"scannedPort": integer,
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 30016, 30017, 30018, 30047, 30048, 30049, 30050, 30051, 30053, 30055, 30056, 30057, 30058, 30059, 30060, 30061, 30062, 30063, 30064, 30065, 30066, 30067, 30068, 30069, 30071, 30072, 30073, 30074, 30075, 30076, 30077, 30078:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"details": "json", # Can vary by finding code
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"ip": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"port": integer,
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}
Finding codes: 40002, 40007, 40012, 40017, 40022, 40032, 40037, 40042, 40047, 40052, 40058:
{
"answerIp": "string",
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"nameserverIp": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qnames": "json", # example: '["ns1.dulieuaz.vn", "ns2.dulieuaz.vn"]'
"requestingIp": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 40004, 40009, 40014, 40019, 40024, 40034, 40039, 40044, 40049:
{
"answerIp": "string",
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"nameserverIp": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qnames": "json", # example: '["ns1.dulieuaz.vn", "ns2.dulieuaz.vn"]'
"requestingIp": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50001, 50003, 50010, 50012, 50015, 50017, 50020, 50022, 50025, 50027, 50030, 50032, 50035, 50037, 50040, 50042, 50045, 50050, 50052, 50078:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"blacklistedIp": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"nameserverIp": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qnames": "json", # example: '["ns1.dulieuaz.vn", "ns2.dulieuaz.vn"]'
"requestingIp": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50002, 50004, 50011, 50013, 50016, 50018, 50021, 50023, 50026, 50028, 50031, 50033, 50036, 50038, 50041, 50043, 50046, 50048, 50051, 50054:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"nameserverIp": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qnames": "json", # example: '["ns1.dulieuaz.vn", "ns2.dulieuaz.vn"]'
"requestingIp": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50005:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50006:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"ip": "string",
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50047:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"blacklistedIp": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"qnames": "json", # example: '["ns1.dulieuaz.vn", "ns2.dulieuaz.vn"]'
"requestingIp": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"threatType": "string", # examples: [ 'botnet', 'phishing']
"variant": integer
}
Finding codes: 50071:
{
"assessmentDateBegin": "string($date-time)",
"assessmentDateEnd": "string($date-time)",
"domain": "string",
"bvid": "string($uuid)",
"findingCode": integer,
"findingHash": integer,
"observationTimesSeen": integer,
"observationTimestampFirst": "string($date-time)",
"observationTimestampLast": "string($date-time)",
"ransomwareCompanyName": "string",
"ransomwareCompanyUrl": "string",
"ransomwareSiteName": "string",
"status": "string", # enum: [ 'open', 'closed']
"statusText": "string", # enum: [ 'No Longer Observed', 'Closed by Analyst', 'False Positive', 'Closed', '']
"variant": integer
}