Skip to main content

Censys

Censys is an external attack surface management tool that scans your assets for potential risks. You can bring certificate, domain, host, storage, and risk information from Censys into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Censys and how to obtain that information from Censys. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Censys from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Censys with Brinqa:

  • API URL: The Censys API URL. The default URL is https://app.censys.io.

  • API key: The API key associated with the Censys account, which must have permissions to log in to the API server and return data.

  • Workspace ID: The Censys workspace ID. You can use commas to separate multiple workspace IDs. For additional information on workspaces, see Censys documentation.

Generate a Censys API key

For the Censys connector to use the Censys API, you must provide an API key. To generate an API key, follow these steps:

  1. Log in to your organization's Censys account.

  2. Click the API tab.

Your API ID and Secret display. Copy the Secret value. Although you can return to this page to view the token, you should handle it with care by ensuring that it is stored in a secure location.

note

If you do not have permissions to generate an API key, contact your Censys administrator. For additional information, see Censys documentation about workspaces and API keys.

Additional settings

The Censys connector contains an additional option for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

Types of data to retrieve

The Censys connector can retrieve the following types of data from the Censys API:

Table 1: Data retrieved from Censys

Connector ObjectRequiredMaps to Data Model
CertificateYesCertificate
DomainYesSite
HostYesHost
Risk EventNoNot mapped
Risk InstanceYesVulnerability
Risk TypeYesVulnerability Definition
Storage BucketYesCloud Resource
info

The Censys connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Censys in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Certificate

Table 2: Certificate attribute mappings

Source Field NameMaps to Attribute
ASSOCIATION_DATEsourceCreatedDate
BROWSER_TRUSTLocal variable
EXPIRATION_DATEterminationDate
IN_USELocal variable
IS_VALIDLocal variable
ISSUERowner
KEY_TYPELocal variable
NAMES_ON_CERTdnsNames
OWNERSHIP_STATUSLocal variable
SELF_SIGNEDLocal variable
SHA_256Local variable
SYS_IDuid
TAGStags
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Domain

Table 3: Domain attribute mappings

Source Field NameMaps to Attribute
ASSOCIATION_DATEsourceCreatedDate
DOMAINname
EXPIRATION_DATEterminatedDate
MAIL_SERVERSLocal variable
NAME_SERVERSLocal variable
REGISTRARregistry, Local variable
SYS_IDuid
TAGStags
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Host

Table 4: Host attribute mappings

Source Field NameMaps to Attribute
ASNLocal variable
ASSOCIATION_DATEsourceCreatedDate
CLOUDcloudProvider
COUNTRY_CODELocal variable
IP_ADDRESSipAddresses
LATITUDELocal variable
LONGITUDELocal variable
NAMESdnsNames
PORTSLocal variable
PROVINCELocal variable
SYS_IDuid
TAGStags
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Risk Instance

Table 5: Risk Instance attribute mappings

Source Field NameMaps to Attribute
categoriescategories
context.ipipAddresses, publicIpAddresses, privateIpAddresses
context.nameLocal variable
context.portport
context.serviceservice
context.transportprotocol
context.typetype
displayNamename
events.idtargets, Local variable
firstComputedAtfirstFound
iduid
lastComputedAtlastSeen
lastUpdatedAtsourceLastModified
metadataLocal variable
severityseverity, sourceSeverity, severityScore
statusstatus, sourceStatus
typeIDtargets
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Risk Type

Table 6: Risk Type attribute mappings

Source Field NameMaps to Attribute
activeRiskCountLocal variable
addedAtsourceCreatedDate
categoriescategories
configLocal variable
contextTypeLocal variable
descriptiondescription
enabledLocal variable
events.idtargets, Local variable
iduid
lastUpdatedAtsourceLastModified
namename
recommendedSeverityLocal variable
referencesreferences
remediationsrecommendation
riskCountLocal variable
severityseverity, sourceSeverity, severityScore
subjectTypeLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Storage Bucket

Table 7: Storage Bucket attribute mappings

Source Field NameMaps to Attribute
_detailsLocal variable
association_datefirstSeen
sourceLocal variable
storage_bucket.account_idcloudAccountId
storage_bucket.editable_settingsLocal variable
storage_bucket.namename
storage_bucket.providercloudProvider
storage_bucket.readable_objectsLocal variable
storage_bucket.scanned_atlastScanned
storage_bucket.uriurl
storage_bucket.writable_objectsLocal variable
tagstags
typetype
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

APIs

The Censys connector uses the Censys REST API v1 and v2. Specifically, it uses the following endpoints:

Table 8: Censys API Endpoints

Connector ObjectAPI Endpoints
CertificateGET /api/inventory/v1
DomainGET /api/inventory/v1
HostGET /api/inventory/v1
Risk EventGET /api/v2/risk-events
Risk InstanceGET /api/v2/risk-instances
Risk TypeGET /api/v2/risk-types
Storage BucketGET /api/inventory/v1

Changelog

The Censys connector has undergone the following changes:

3.0.1

  • Fixed an issue where tags for hosts were not populating.

3.0.0