How to Exclude Assets to Curate Your Inventory
When Excluding is the Right Choice
Censys' attribution algorithm is designed to maximize the number of discovered assets by connecting assets to each other via a number of reasons.
Sometimes, discovered assets are brought into your inventory incorrectly. Other times, you may want to curate the items in your inventory to reflect a subsection of your attack surface.
If you see an IP address, TLS certificate, or domain name that you do not want in your inventory, you can opt to exclude it.
Caution
|
Choosing to exclude an asset has a ripple effect. Other assets whose path includes the one you excluded will also be removed; however, those assets may reappear later if Censys finds them via other paths. |
To most effectively remove false positives, follow the discovery path back to the highest parent node you do not want and remove that one.
Exclusion Options
There are two exclusion options:
-
Exact Match Exclusion - These assets are excluded from your inventory and are not used to discover other assets.
-
Subdomain Match Exclusions list - These names are used for pattern matching to prevent any subdomains from entering your inventory.
A name can be added to one or both lists to meet your organization’s needs.
How to Exclude a Single Asset
There are a few ways to exclude an asset from your organization. If you are viewing its Details page, you can click the red Remove button in the top right-hand corner and confirm your choice in the modal that pops up.

If the asset that you are removing is a name, you will be given a choice about subdomains of that name.

If you choose to prevent subdomains, the excluded name will also be added to a Subdomain Match Exclusion list that will prevent any subdomain from ever being added to the inventory, regardless of discovery path.
How to Exclude Multiple Assets
If there are multiple assets you want to exclude from your organization, you can do so at one time with the multi-select feature on the Inventory page.

Click one or more of the checkboxes on the left side of the table rows. Open the Actions dropdown menu and select the Remove Selection item. Confirm your action in the modal that pops up.
View Excluded Assets
You can access the lists of assets that you’ve excluded from your attack surface by selecting the Excluded Assets menu item from the user menu.

There are two tabs on the Excluded Assets page:
-
Exact Match Exclusion list - Items on this list are excluded from your inventory and are not used to discover other assets. A name can be added to one or both lists to meet your organization’s needs.
-
Subdomain Match Exclusions list - Names on this list are used for pattern matching to prevent any of its subdomains from entering your inventory.

Restore an Asset on an Exclusion List
If you decide to restore an asset to your collection, or keep it on one list and not the other, click the "Restore" link on the right-hand side of the table in the asset row and confirm your choice in the modal that pops up.

Exclusion List Management Q&A
Q: How do I decide which list is the right one to add a name to?
A: Ask yourself whether it is only this exact name that you don’t want in the attack surface, or if any subdomain of this name would also be undesirable.
If the former, choose to "allow subdomains" when prompted in the Remove modal. If the latter, choose to "prevent subdomains."
Q: What if I want the name in my attack surface, but I don’t want its subdomains?
A: Follow the remove process and choose to "prevent subdomains" when prompted. Afterward, go to the Excluded Assets page, and on the list in the Exact Match Exclusion tab, restore the name. Leave the name on the Subdomain Match Exclusions list.
Wait ~24 hours and make sure the name is back without any subdomains.
Q: I put a name on the Subdomain Match Exclusion list, but now I want them back. What should I do?
A: Restore the name from the subdomain exclusion list.
Go to the Subdomain Match Exclusions tab on the Excluded Assets page. In the table on that page, click the Restore button on the right side of the row of the name whose subdomains you want to allow.
The Censys ASM discovery algorithm will now allow subdomains to be found and added.
Q: I removed a domain and chose not to exclude its subdomains, but now I want those subdomains gone too. What should I do?
A:Restore the name from the Exact Match Exclusions list, wait ~24 hrs and then go through the removal process again. This time, choose to "prevent subdomains."
Q: Why is an asset that was removed when I excluded its parent present in my attack surface again?
A: Excluding an asset and choosing to prevent subdomains does not prevent other assets from being re-added to the inventory through new paths. Check the asset’s new Discovery Path to see how it was found.
Comments
0 comments
Please sign in to leave a comment.