How to Exclude Assets to Curate your Inventory in Exposure Management
The Censys attribution algorithm maximizes the number of discovered assets by connecting assets to each other using a number of methods.
Sometimes, discovered assets are brought into your inventory incorrectly. Other times, you may want to curate the items in your inventory to reflect a subset of your attack surface.
For example, if you see an IP address, TLS certificate, or domain name that you do not want in your inventory, you can exclude it.
|Excluding an asset has a ripple effect. Other assets whose path includes the one you excluded are also removed. Those assets can reappear later if Censys finds them through other paths.
To most effectively remove false positives, follow the discovery path back to the highest parent node you do not want and remove that one.
Two exclusion options are available:
Exact Match Exclusion: These assets are excluded from your inventory and are not used to discover other assets.
Subdomain Match Exclusions list: These names are used for pattern matching to prevent any subdomains from entering your inventory.
You can add name to one or both lists to meet your organization’s needs.
How to Exclude a Single Asset
- From an asset's Details page, click Remove in the upper right.
- If the asset that you are removing is a name, you are prompted about subdomains of that name.
- If you choose to prevent subdomains, the excluded name is also added to a Subdomain Match Exclusion list that prevents any subdomain from ever being added to the inventory, regardless of discovery path.
How to Exclude Multiple Assets
- To exclude multiple assets from your organization, select each one on the Inventory page.
- From the Actions list, click Remove Selection.
View Excluded Assets
You can view assets that you excluded from your attack surface by selecting Excluded Assets.
There are 2 tabs on the Excluded Assets page:
Exact Match Exclusion list: Items on this list are excluded from your inventory and are not used to discover other assets. A name can be added to one or both lists to meet your organization’s needs.
Subdomain Match Exclusions list: Names on this list are used for pattern matching to prevent any of its subdomains from entering your inventory.
Restore an Asset on an Exclusion List
If you decide to restore an asset to your collection, or keep it on one list and not the other, click the Restore link on the right side of the table in the asset row.
Exclusion List Management Q&A
Q: How do I decide which list is the right one to add a name to?
A: Ask yourself whether it is only this exact name that you don’t want in the attack surface, or if any subdomain of this name is also undesirable.
If the first case, select allow subdomains when prompted in the Remove modal. If the second case, select prevent subdomains.
Q: What if I want the name in my attack surface, but I don’t want its subdomains?
A: Follow the remove process and select prevent subdomains when prompted. Afterward, go to the Excluded Assets page, and on the list in the Exact Match Exclusion tab, restore the name. Leave the name on the Subdomain Match Exclusions list.
Wait 24 hours and make sure the name is back without any subdomains.
Q: I put a name on the Subdomain Match Exclusion list, but now I want them back. What should I do?
A: Restore the name from the subdomain exclusion list.
Go to the Subdomain Match Exclusions tab on the Excluded Assets page. In the table on that page, click Restore on the right side of the row of the name whose subdomains you want to allow.
The subdomains are found and added.
Q: I removed a domain and chose not to exclude its subdomains, but now I want those subdomains gone too. What should I do?
A: Restore the name from the Exact Match Exclusions list, wait 24 hrs and then go through the removal process again. This time, select prevent subdomains.
Q: Why does an asset that was removed when I excluded its parent appear in my attack surface again?
A: Excluding an asset and selecting to prevent subdomains does not prevent other assets from being re-added to the inventory through new paths. Check the asset’s new Discovery Path to see how it was found.