Skip to main content

API overview

SixMap's API can help your organization programmatically integrate data from our continuous threat exposure management solution into your workflows, reports, and other applications, such as ticket systems.

We link your organization's legal entities to DNS registration information, then regularly scan your external attack surface and associate each network asset we identify to an organization within your hierarchy. We then provide the data from the scans in the SixMap app and through our API endpoints.

To effectively use the SixMap API and retrieve detailed information across various aspects of your security posture, you will often start by interacting with the following foundational endpoints:

  • Accounts: This endpoint enables you to retrieve a list of your SixMap accounts and their basic details. You can use the unique identifiers (IDs) obtained from this endpoint to specify the target account when querying other endpoints, such as those related to scans, assets, and vulnerabilities.

  • Scans: This endpoint enables you to retrieve a list of external scans performed for a specific account. Similar to the Accounts endpoint, use the scan IDs obtained here to fetch detailed results for individual scans, including information about identified ports, services, and vulnerabilities.

For each scan and account, you can retrieve:

  • Organizations: Summary scan results for each organization within your hierarchy.
  • Domains: Domains we identified for your organization.
  • Networks: Networks we identified for your organization.
  • Ports: Details about open ports we found across your IPv4 and IPv6 deployments.
  • Services: The products, version numbers, IP addresses, and ports for the services running in your organization’s networks.
  • Vulnerabilities: The cybersecurity flaws associated with Common Vulnerabilities and Exposure (CVE) numbers we found in your networks.
  • IP addresses: Details about the IPv4 and IPv6 addresses we found for your organization, such as the corresponding domain names from reverse DNS lookups, how many services and ports are active, and how many instances of vulnerabilities we found.