Web Entities
What is a web entity?
Web entities are the services that make up the world wide web: they are the services using the HTTP protocol that most people conceptualize when they think of the Internet.
Web entities include but are not limited to websites, APIs served over HTTP, control panels, and web applications like Elasticsearch, Kubernetes, and Prometheus.
In the Censys ASM platform:
-
Web entities are identified by a name and a port.
-
They are a collection of instances observed by Censys during name-based scans of the Internet.
-
Instances have service names that use the HTTP protocol:
-
HTTP
-
Elasticsearch
-
Kubernetes
-
Prometheus
-
CWMP
-
How Do I use the Web Entities tab on the Inventory page?
The web entity tab lists all the web entities attributed to your organization via their name. Use the search bar to investigate and explore your web entities.
Click any web entity to see more details about it.
What information is on the Web Entity Details page?
The web entity details page contains all of the information relevant to a web entity:
-
An overview
-
Summaries of each instance of the web entity as it was observed by Censys on individual hosts
-
Risks
-
The discovery path (the trail of assets that led to the discovery of the web entity’s name)
-
All parsed data obtained from instance scans
-
A de-duplicated list of certificates presented by the web entity instances during scan
-
A list of related web entities
Overview
The overview at the top of the page provides summary information at a glance. Important dates, such as the association date of the web entity to your organization and the last updated timestamp are at the top, underneath the web entity ID. If risks are present, counts are shown categorized by severity. Below that, summary information is listed from the collection of instances scanned by Censys, including the URI that was used in scan, the HTML title of the page returned during scan, if applicable, the Censys-categorized service names of the instances observed, the datacenter providers of the hosts serving the instances, a true/false value indicating whether any of those hosts are in a Content Delivery Network, and a list of the software parsed from scan results.
Instance Summary Cards
Below the overview, the instance summary cards provide summary information about each instance of the web entity observed in scan.
The IP address serving the instance is listed in the card header, with the service_name and the transport (L4) protocol.
Summary information is on the left, including the full name (path included) that was used in scan, the HTML title of the page returned during scan, if present, any software packages detected during scan, the geolocation of the host serving the instance, the Autonomous system location of the host serving the instance, whether that host is part of a Content Delivery Network, and a timestamp indicating when the instance was last observed.
On the right side, expandable sections contain information about any risks detected, TLS information, if applicable, and DNS information, if found.
Risks
A list of (de-duplicated) risks detected on any of the web entity’s instances is shown when the Risks menu item is selected.
Each risk card provides a description, the time length that the risk has been detected on the web entity, and details such as when it was first and most recently seen and remediation recommendations.
Discovery Path
The discovery path of a web entity is predicated on its name, since ownership of names is salient to web entities while port is not.
Scan Data
The complete parsed scan data from each instance of the web entity is available for browsing and searching by clicking on the Scan Data menu item.
Popular fields:
-
web_entity.instances.http.response.status_code -
web_entity.instances.extended_service_name -
web_entity.instances.http.response.body -
web_entity.instances.software.uniform_resource_identifier -
web_entity.instances.tls.certificates.leaf_data.subject_dn
Visit the Asset Schemas for a list of all web entity fields and their value types.
Certificates
A list of (de-duplicated) certificates presented by any of the web entity’s instances is shown when the Certificates menu item is selected.
The certificate’s common name (CN) is listed in the card header, with summary info below:
-
SHA-256 Fingerprint - The SHA-256 digest of the certificate’s contents: its unique identifer.
-
Issuer - The certificate authority that issued the certificate.
-
Validity Period - The dates before and after which the certificate cannot be trusted if it is presented during a TLS handshake.
-
Self-Signed - Whether or not the certificate is self-signed (i.e., whether the certificate has been signed with its own key).
Self-signed certificates can be an indication of an internal or development service not intended to be exposed to the public Internet.
-
Public Key - The encryption algorithm of the public key.
-
Browser Trust - A list of major root certificates stores that the certificate has a path to via its signing chain.
-
Revoked - Whether the certificate has been revoked by its issuer before its expiration date.
Some certificates may not be associated to your organization. In this case, you can still view the certificate record in the Censys Search repository.
Related Web Entities
Related web entities are those with the same name as the web entity of the details page you’re on with different port numbers.
Comments
Any comments made by team members in your workspace are viewable by clicking on the Comments menu item.
Comments
0 comments
Please sign in to leave a comment.