Rapid Response Email Integration Guide
Overview
In Attack Surface Management (ASM), you can set up a rapid response email to notify you of new Rapid Response risks in your workspace so you can quickly remediate the issue.
Rapid Response is a monitoring and research service run by the Censys Research team, dedicated to hunting for vulnerable devices and writing risk fingerprints that will flag those devices in our platform. The service notifies you about new critical vulnerabilities that meet the Rapid Response initiation criteria, configuration exposures, and threats relevant to Censys-observed assets. Within about 24 hours of the release of a new issue, Censys fingerprints specific, affected asset versions for a timely grasp of the issue's scope.
When a new Rapid Response risk is identified, an email is sent as often as once per hour. If multiple Rapid Response risks are found in your workspace, all the risks are listed in the email. All emails contain information about all current identified Rapid Response risks.
For information on the queries used in Rapid Response risk detection, see Policy for sharing Censys Rapid Response queries.
If you are looking for email notifications about any new risks, please see the Email integration guide.
Risk identifiers
The messages include the following identifiers for new risks:
- A new Risk label is created in my workspace: When a Rapid Response label is added, you can be notified of it. This occurs when Censys can only link the risk to a vendor and product, but not to a specific version.
- A new Rapid Response Risk is deployed by Censys: Censys deployed a new Rapid Response risk to your workspace. This means that all your assets are being checked for an indicator of this risk. This process usually completes within a few hours.
-
A new Rapid Response Risk is found in my workspace: Censys deployed a Rapid Response risk and 1 or more of your assets within your ASM workspace contain indicators for this risk.
- You will receive an alert on a risk within 30 days of the risk being deployed. If the risk was released more than 30 days ago, an alert will not be triggered through this integration.
How to configure Rapid Response email notifications
Prerequisites
- You will need the email address where you want Rapid Response emails to be sent. You may want to create a separate email for these messages. You can add multiple email addresses.
Configuring the integration in Censys ASM
- Log in to Censys ASM, then click Integrations at the top of the page.
- Locate Rapid Response Email and click Set Up.
- On the Authentication page, configure the following:
- Destination Email Addresses: Enter the email address(es) where you want Rapid Response messages to be sent.
- Send an email when: Select the alerts you want to be notified of. See Risk identifiers above for more information about the risks.
-
Show Assets: Select whether to show assets, such as IP addresses and domains, in the email.
- Click Connect.
- Click Submit, then click Close.
Modifying the integration
If you need to make changes to your integration settings or if you need to disconnect the integration:
- Log in to Censys ASM, then click Integrations at the top of the page.
- Locate Rapid Response Email and click Manage.
- On the Authentication page, click Edit Setup.
- At the bottom of the Authentication page, click Disconnect.
- You must disconnect the integration in order to make configuration changes.
- Go through the setup wizard, as described in the section above, and make any necessary changes.
Comments
0 comments
Article is closed for comments.