Censys

Cyware Orchestrate

Censys

App Vendor: Censys

App Category: Data Enrichment & Threat Intelligence

Connector version: V1.0.0

API Version: 1.0.0

About App

The Censys app helps you discover, monitor, and analyze devices that are accessible from the Internet. The app regularly probes every public IP address and popular domain name, curates and enriches the resulting data, and makes it intelligible through an interactive search engine and API.

Organizations use the Censys app to understand their network attack surfaces. CERTs and security researchers use it to discover new threats and assess their global impact.

The Censys app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Get Series Feed	This action retrieves a list of all scan series performed by Censys.
Get Account Information	This action retrieves account information.
Search Query	This action allows you to perform searches against the current data in the IPv4, top million websites, and certificates indexes.
Retrieve Report	This action allows you to run aggregate reports on the breakdown of a field.
Search Censys	This action searches for and retrieves details about the entered parameter and index.
Search IP Address	This action searches for and retrieves the most recent information available for the entered IP address.

Configuration Parameters

Parameter	Description	Field Type	Required/Optional	Comments
User ID	Enter your Censys user id. Example: censys_user_01	Text	Required
Secret key	Enter your Censys secret key. Example: 9e87c30ec8465e036865144a1409305c	Password	Required

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter your Censys user id.

Example:

censys_user_01

Text

Required

Secret key

Enter your Censys secret key.

Example:

9e87c30ec8465e036865144a1409305c

Password

Required

Action: Get Series Feed

This action retrieves data on the type of scan performed.

Action Input Parameters

This action does not require any input parameters.

Action: Get Account Information

This action retrieves account information.

Action Input Parameters

This action does not require any input parameters.

Action: Search Query

This action allows you to perform searches against the current data in the IPv4, top million websites, and certificates indexes.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Value	Enter the IP address, domain, or certificate for which you want to retrieve information. Example: 173.205.31.126	Text	Required
Type	Enter the index you want to search. Example: ipv4	Text	Required	Allowed values: ipv4 websites certificates

Parameter

Description

Field Type

Required/Optional

Comments

Value

Enter the IP address, domain, or certificate for which you want to retrieve information.

Example:

173.205.31.126

Text

Required

Type

Enter the index you want to search.

Example:

ipv4

Text

Required

Allowed values:

ipv4
websites
certificates

Example Request

[
  {
    "input_value": "173.205.31.126",
    "input_type": "ipv4"
  }
]

Action: Retrieve Report

This action allows you to run aggregate reports on the breakdown of a field.

Allowed format for post data: JSON.

Example: Determine the breakdown of cipher suites selected by Top Million Websites.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Query	Enter the query to be executed. Example: 80.http.get.headers.server: nginx.	Text	Required
Field name	Enter the field you want to break down in the dot notation. Example: location.country_code	Text	Required
Index	Enter the index in which. the document is present. Example: ipv4	Text	Optional	Allowed values: ipv4 websites certificates

Parameter

Description

Field Type

Required/Optional

Comments

Query

Enter the query to be executed.

Example:

80.http.get.headers.server: nginx.

Text

Required

Field name

Enter the field you want to break down in the dot notation.

Example:

location.country_code

Text

Required

Index

Enter the index in which. the document is present.

Example:

ipv4

Text

Optional

Allowed values:

ipv4
websites
certificates

Example Request

[
  {
    "query": "80.http.get.headers.server: nginx",
    "field": "location.country_code",
    "index": "ipv4"
  }
]

Action: Search Censys

This action searches for and retrieves details about the entered parameter and index.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Parameter	Enter the parameter for which you want to retrieve information. Example: google.com	Text	Required
Index	Enter the index you want to search. Example: ipv4	Text	Optional	Allowed values: ipv4 websites certificates Default value: websites

Parameter

Description

Field Type

Required/Optional

Comments

Parameter

Enter the parameter for which you want to retrieve information.

Example:

google.com

Text

Required

Index

Enter the index you want to search.

Example:

ipv4

Text

Optional

Allowed values:

ipv4
websites
certificates

Default value: websites

Example Request

[
  {
    "search_param": "google.com",
    "index": "ipv4"
  }
]

Action: Search IP Address

This action searches for and retrieves the most recent information available for the entered IPv4 address.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
IP Address	Enter the IPv4 address for which you want to retrieve information. Example: 173.205.31.126	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

IP Address

Enter the IPv4 address for which you want to retrieve information.

Example:

173.205.31.126

Text

Required

Example Request

[
  {
    "ip_input": "173.205.31.126"
  }
]

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

Censys

About App

Configuration Parameters

Action: Get Series Feed

Action: Get Account Information

Action: Search Query

Action: Retrieve Report

Action: Search Censys

Action: Search IP Address

Search results