Exclude Assets to Curate your Inventory in Attack Surface Management
The Censys Attack Surface Management attribution algorithm maximizes the number of discovered assets by connecting assets to each other using a multiple methods.
Sometimes, discovered assets are brought into your inventory incorrectly. Other times, you may want to curate the items in your inventory to reflect a subset of your attack surface.
For example, if you see an IP address, TLS certificate, or domain name that you do not want in your inventory, you can exclude it.
Caution
Excluding an asset has a ripple effect. Other assets whose path includes the one you excluded are also removed. Those assets can reappear later if Attack Surface Management finds them through other paths.
To effectively remove false positives, follow the discovery path back to the highest parent node you do not want and remove that one.
Two exclusion options are available:
-
Exact Match Exclusion: These assets are excluded from your inventory and are not used to discover other assets.
-
Subdomain Match Exclusions list: These names are used for pattern matching to prevent any subdomains from entering your inventory.
You can add name to 1 or both lists to meet your organization’s needs.
-
From an asset's Details page, click Remove in the upper right.
-
If the asset that you are removing is a name, you are prompted about subdomains of that name.
-
If you choose to prevent subdomains, the excluded name is also added to a Subdomain Match Exclusion list that prevents any subdomain from ever being added to the inventory, regardless of discovery path.
You can view assets that you excluded from your attack surface by selecting Excluded Assets.
There are 2 tabs on the Excluded Assets page:
-
Exact Match Exclusion list: Items on this list are excluded from your inventory and are not used to discover other assets. A name can be added to 1 or both lists to meet your organization’s needs.
-
Subdomain Match Exclusions list: Names on this list are used for pattern matching to prevent any of its subdomains from entering your inventory.