Web Entity ASM Assets
Overview
Web entities are the services that make up the World Wide Web. They are the services using the HTTP protocol that most people think of when they think of the Internet.
Web entities include but are not limited to: websites, APIs served over HTTP, control panels, and web applications like ElasticSearch, Kubernetes, and Prometheus.
In the Censys Attack Surface Management (ASM) platform:
-
Web entities are identified by a name and a port.
-
Web entities are a collection of instances observed by Censys ASM during name-based scans of the Internet.
-
Instances have service names that use the HTTP protocol:
-
HTTP
-
Elasticsearch
-
Kubernetes
-
Prometheus
-
CWMP
-
How to use the Web Entities tab on the Inventory page
Viewing the Web Entities list
To view your Web Entities list, Log in to your Censys ASM and click Inventory > Web Entities at the top of the page.
The Web Entities tab lists all the web entities attributed to your organization by their name. Use the Search bar to investigate and explore your web entities. Use the search shortcuts on the left side of the page to narrow down the list.
The following columns are included in this table view:
- Asset ID: The natural identifier of an asset.
- Risks: Risk count by severity.
- Software: The names of any hardware, operating system, or application software packages identified in a scan.
- HTML Title: The title(s) of any web page(s) returned during a scan.
- HTTP Status Code: The status code(s) returned during a scan.
-
Instance Count: The number of instances of the web entity observed in Censys scans.
- Only the first 100 are searchable. All instances are available via the API.
- TLS Version: The TLS version(s) selected by web entity instances during a scan.
-
Web Entity Labels: Censys-applied tags highlighting the web entity's host and service characteristics.
- For example: login-page, jquery
- Tags: The names of tags in use by your team.
- Added: The date that the asset was added to the attack surface.
- Cloud: The name of the cloud provider.
- Account ID: The Cloud Connector account ID that the web entity is associated with.
See example web entity searches.
Click any web entity's Asset ID to see more details about it.
Downloading assets
To download the full list of web entities into a CSV file, click Actions > Download CSV in the upper right side of the list.
To download select web entities, check the boxes next to the entities in the list, then click Actions > Download Selection.
Bulk editing tags
You can add or delete tags in bulk from the list. To edit the tags on multiple entities:
- Check the boxes next to the entities in the list.
- Click Actions > Manage Tags.
- A dialog will appear where you can add or remove tags.
- To add a tag, type the tag name into the Add Tags field.
- To remove an existing tag, click the X on the right side of the tag.
Viewing a Web Entity's Details page
When you click a web entity's Asset ID from the Web Entities list, you are redirected to that web entity's details page, which contains the following information:
-
An overview.
-
Summaries of each instance of the web entity as it was observed by Censys Attack Surface Management on individual hosts.
-
Risks.
-
The discovery path (the trail of assets that led to the discovery of the web entity’s name).
-
All parsed data obtained from instance scans.
-
A de-duplicated list of certificates presented by the web entity instances during scan.
-
A list of related web entities.
Web entity overviews
The area at the top of the Details page provides overview information, the association date of the web entity to your organization, and the last updated timestamp. If risks are present, counts are listed and categorized by severity.
Summary information is listed from the collection of instances scanned by Censys Attack Surface Management, including:
-
the URI that was used in the scan.
-
the HTML title of the page returned during the scan, if applicable.
-
the Censys-categorized service names of the instances observed.
-
the datacenter providers of the hosts serving the instances.
-
a true/false value indicating whether any of those hosts are in a Content Delivery Network.
-
a list of the software parsed from scan results.
Instance Summary area
Below the overview, the Instance Summary area provides summary information about each instance of the web entity observed in the scan. The IP address serving the instance is listed in the header, with the service_name
and the transport (L4) protocol.
Summary information on the left includes:
-
the full name (path included) that was used in the scan.
-
the HTML title of the page returned during the scan, if present.
-
any software packages detected during the scan.
-
the geolocation of the host serving the instance.
-
the Autonomous system location of the host serving the instance.
-
whether that host is part of a Content Delivery Network.
-
a timestamp indicating when the instance was last observed.
On the right side, expandable sections contain information about any risks detected, TLS information, if applicable, and DNS information, if found.
Risks
Click Risks to see a de-duplicated list of risks detected on any of the web entity’s instances.
Each risk includes a description, the length of time that the risk has been detected on the web entity, and details such as when it was first and most recently seen, and remediation recommendations.
Discovery Path
The Discovery path of a web entity is predicated on its name because ownership of names is salient to web entities, while port is not.
Scan Data
Click Scan Data to see the complete parsed scan data from each instance of the web entity.
Popular fields:
-
web_entity.instances.http.response.status_code
-
web_entity.instances.extended_service_name
-
web_entity.instances.http.response.body
-
web_entity.instances.software.uniform_resource_identifier
-
web_entity.instances.tls.certificates.leaf_data.subject_dn
Visit the Asset Schemas for a list of all web entity fields and their value types.
Certificates
Click Certificates to see a de-duplicated list of certificates presented by any of the web entity’s instances.
The certificate’s common name (CN) is listed in the card header, with summary info below:
-
SHA-256 Fingerprint: The SHA-256 digest of the certificate’s contents: its unique identifer.
-
Issuer: The certificate authority that issued the certificate.
-
Validity Period: The dates before and after which the certificate cannot be trusted if it is presented during a TLS handshake.
-
Self-Signed: Whether or not the certificate is self-signed (in other words, whether the certificate is signed with its own key).
Self-signed certificates can be an indication of an internal or development service not intended to be exposed to the public Internet.
-
Public Key: The encryption algorithm of the public key.
-
Browser Trust: A list of major root certificates stores that the certificate has a path to via its signing chain.
-
Revoked: Whether the certificate is revoked by its issuer before its expiration date.
Some certificates may not be associated to your organization. In this case, you can still view the certificate record in the Censys Search repository.
Related Web Entities
Related web entities are those with the same name as the web entity of the details page you’re on with different port numbers.
Comments
You can view any comments made by team members in your workspace by clicking Comments.