Web Entities in Exposure Management
Web entities are the services that make up the world wide web. They are the services using the HTTP protocol that most people think of when they think of the Internet.
Web entities include but are not limited to: websites, APIs served over HTTP, control panels, and web applications like Elasticsearch, Kubernetes, and Prometheus.
In the Censys Exposure Management platform:
Web entities are identified by a name and a port.
They are a collection of instances observed by Censys during name-based scans of the Internet.
Instances have service names that use the HTTP protocol:
How do I use the Web Entities tab on the Inventory page?
The Web Entity tab lists all the web entities attributed to your organization by their name. Use the search bar to investigate and explore your web entities.
Click any web entity to see more details about it.
What information is on the Web Entity Details page?
The Web Entity Details page contains all of the information relevant to a web entity:
Summaries of each instance of the web entity as it was observed by Censys on individual hosts
The discovery path (the trail of assets that led to the discovery of the web entity’s name)
All parsed data obtained from instance scans
A de-duplicated list of certificates presented by the web entity instances during scan
A list of related web entities
The overview area at the top of the page provides summary information at a glance. Important dates, such as the association date of the web entity to your organization and the last updated timestamp are at the top, underneath the web entity ID. If risks are present, counts are listed categorized by severity.
Summary information is listed from the collection of instances scanned by Censys, including:
- the URI that was used in scan.
- the HTML title of the page returned during scan, if applicable.
- the Censys-categorized service names of the instances observed.
- the datacenter providers of the hosts serving the instances.
- a true/false value indicating whether any of those hosts are in a Content Delivery Network.
- a list of the software parsed from scan results.
Instance Summary area
Below the overview, the instance summary area provides summary information about each instance of the web entity observed in scan. The IP address serving the instance is listed in the header, with the
service_name and the transport (L4) protocol.
Summary information on the left includes:
- the full name (path included) that was used in scan.
- the HTML title of the page returned during scan, if present.
- any software packages detected during scan.
- the geolocation of the host serving the instance.
- the Autonomous system location of the host serving the instance.
- whether that host is part of a Content Delivery Network.
- a timestamp indicating when the instance was last observed.
On the right side, expandable sections contain information about any risks detected, TLS information, if applicable, and DNS information, if found.
Click Risks to see a de-duplicated list of risks detected on any of the web entity’s instances.
Each risk includes a description, the time length that the risk has been detected on the web entity, and details such as when it was first and most recently seen, and remediation recommendations.
The discovery path of a web entity is predicated on its name, because ownership of names is salient to web entities, while port is not.
Click Scan Data to see the complete parsed scan data from each instance of the web entity.
Visit the Asset Schemas for a list of all web entity fields and their value types.
Click Certificates to see a de-duplicated list of certificates presented by any of the web entity’s instances.
The certificate’s common name (CN) is listed in the card header, with summary info below:
SHA-256 Fingerprint: The SHA-256 digest of the certificate’s contents: its unique identifer.
Issuer: The certificate authority that issued the certificate.
Validity Period: The dates before and after which the certificate cannot be trusted if it is presented during a TLS handshake.
Self-Signed: Whether or not the certificate is self-signed (i.e., whether the certificate is signed with its own key).
Self-signed certificates can be an indication of an internal or development service not intended to be exposed to the public Internet.
Public Key: The encryption algorithm of the public key.
Browser Trust: A list of major root certificates stores that the certificate has a path to via its signing chain.
Revoked: Whether the certificate is revoked by its issuer before its expiration date.
Some certificates may not be associated to your organization. In this case, you can still view the certificate record in the Censys Search repository.
Related Web Entities
Related web entities are those with the same name as the web entity of the details page you’re on with different port numbers.
You can view any comments made by team members in your workspace by clicking the Comments menu item.