Introduction to Hosts
The Censys Host dataset provides accurate, up-to-date records that reflect the reality of public IPv4 and IPv6 hosts and virtual hosts (for example, host services reached by name).
Host Records
Hosts are identified by an IP address.
The Censys model of Internet hosts contains more than just service data observed in scanning. Censys also enriches hosts with quality data from third-parties to provide information such as geographical location, network routing information, DNS names, and so on.
Virtual hosts are identified by a name, IP address tuple. Learn more about virtual hosts here.
Host Fields
The data definitions for hosts lists every field that can appear in a host or virtual host record.
Top-Level Host Fields
Top-level host fields include information that applies to the host as a whole, such as its geographic location, network routing information, DNS names, operating system, and labels, and a repeated record of services observed in scan.
Quick links to the top-level fields in a host record:
Service Fields
Service records contain identification and metadata fields, labels for easy searching, and a protocol-specific sub record with information parsed from the scan, TLS fields, and software fields.
Identification and Observation Fields
Identifying service information includes fields like:
-
Service name: The name of the service. Correlates loosely to OSI Layer 7 protocol names. Censys can detect more than 108 services.
-
Port: The port number of the port.
-
Extended service name: The name of the service, including the TLS indicator, if the service negotiated a TLS connection.
-
Transport protocol: The name of the transport protocol. Correlates to OSI Layer 4 protocols (for example, TCP, UDP, QUIC).
-
Truncated: Whether the service data was truncated because it is a suspected low-value pseudo-service on a superhost.
Observation information are fields that provide data about the Censys discovery and observation of the service:
-
Perspective ID: The name of the ISP that Censys peered with when it observed the service as represented.
-
Source IP: The IP address of the Censys scanner when it observed the service represented.
-
Discovery method: The name of the method that led to the discovery of the service by a Censys scanner.
Service-Name-Specific Fields
The data Censys observes about an HTTP service is very different from that of an SSH service, so the parsed data from each scan is searchable within a record that matches the service name.
The fields found in each service-name-specific field reflect the details of that protocol.
Browse all Service-Name-Specific Fields.
TLS Fields
TLS is a service-agnostic cryptographic protocol, so the Censys schema reflects that. TLS data for any service that is using it is located at the root of the service record.
See all TLS Fields.
Note
Service names do not reflect the use of TLS (for example, HTTPS
). Search the extended service name (services.extended_service_name
) to distinguish between services using or not using TLS.
Software Fields
Within each service object, a software array shows software information in the Common Platform Enumeration (CPE) version 2.3 format. Learn more about CPE here.
See all Service-level Software Fields.
Example Host Record (JSON)
{ "ip": "198.108.0.1", "last_updated_at": "2022-01-24T16:29:00.614Z", "location": { "city": "Ann Arbor", ... }, "location_updated_at": "2022-01-24T16:29:00.605583Z", "autonomous_system": { "asn": 237, "name": "MERIT-AS-14", ... }, "autonomous_system_updated_at": "2022-01-22T07:29:48.507740Z", "dns": { "names": [ "irbx4.sfdata-qfx1.mich.net" ], "records": { "irbx4.sfdata-qfx1.mich.net": { "record_type": "A", "resolved_at": "2021-12-29T15:37:59.169926191Z" } } }, "services": [ { "service_name": "BGP", "extended_service_name": "BGP", "transport_protocol": "TCP", "port": 179, "observed_at": "2022-01-24T16:28:59.485091355Z", ... } ] }
CVE fields
Manage vulnerabilities and monitor your threat landscape with searchable Common Vulnerabilities and Exposures (CVEs) in your host dataset using Censys Search. Censys CVE data enriches host data with known CVE information for operating systems, software, and hardware.
CVE fields include:
- CVE ID
- Whether a CVE is present in CISA's Known Exploited Vulnerability (KEV) catalog and when it was added to the KEV catalog
- CVE CVSS score
- CVE Attack Complexity rating
For more information about using CVE fields in Censys Search, refer to this article. See a complete list of CVE fields in the hosts data definitions page.
CVE data in Censys Search is available as an add-on to Search Pro and above customers. To learn more about this feature, please contact your Censys team representative.
Start Searching
Now that you understand how Censys models Internet hosts, you’re ready to start searching them.
To get started with Censys Search, go to search.censys.io. Or, learn how to write queries to search hosts using the Censys Query Language Syntax.
Comments
0 comments
Article is closed for comments.