Censys
Connector Category: Enrichment Tool
CTIX integrates with Censys to enable security analysts to scan IP addresses and domains on the Censys database and retrieve valuable insights for threat investigation. This integration allows analysts to defend against attacks and investigate threats with added context.
Use Cases
Identify the origin of a cyberattack by geo-locating IP addresses and domains.
Identify the root cause of a cyberattack by correlating the locations of IP addresses, domains, and threat actors.
Benefits
Enrich IP addresses and domains in real time.
Identify the location details of IP addresses and domains.
Retrieve the Autonomous System Number (ASN) details of IP addresses and domains.
Configure Censys App in CTIX
Configure Censys to enrich IP addresses, domains, and SHA256 hashes.
Before you Start
Ensure that you have the API credentials of your Censys account.
Ensure that you have the view, create, and update permissions for Enrichment Management in CTIX.
Steps
To configure Censys as an enrichment tool in CTIX, do the following:
Sign in to CTIX and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the Censys Enrichment tool.
Click Add Account.
Enter a unique account name to identify the instance. For example, Prod_censys.
Enter the base URL to directly connect to the application's server. For example, https://<domain>/directoryname/.
Enter the API ID and secret key to authenticate API calls between the CTIX and Censys servers.
Click Save.
After successfully adding an account, you can view and enable the Censys feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests a Censys account makes for a certain duration. After the quota expires, you can not make enrichment requests until the quota is reset for the next duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the Censys enrichment tool, refer to the following table.
Enrichment Tool | Feed Enrichment Type | Number of API Calls | Quota Consumed |
|---|---|---|---|
Censys | IP | 1 | 1 |
Domain | 1 | 1 |
You can configure an enrichment policy to automatically enrich the threat intel data using the Censys enrichment tool. For more information, see Configure Enrichment Policy.