1. Censys
  2. Censys Attack Surface Management
  3. Security Integrations
  4. Splunk
  5. Legacy ASM Splunk Docs

Other Articles In This Section

In this article:

Censys ASM for Splunk

  • Updated

The Censys ASM App for Splunk allows Censys ASM platform users to import Logbook data into Splunk®, where changes in their global Internet presence can be easily directed to downstream security and analytics applications.

Data from the logbook is visualized with a pre-built dashboard that can be customized with additional views. Censys also provides several reports based on ASM data. These reports can be used for alerting and creating dashboards.

This guide will show you how to:

  • Install the Censys Add-on for Splunk

  • Install the Censys ASM App for Splunk

  • Use the App

Prerequisites

Ready to start? Here’s what you need:

  1. A Splunk account and installation.

  2. Your Censys ASM platform API key.

    Find your key on the Censys ASM integrations page.

    Censys integrations page with API key

Install the Censys Add-on for Splunk

Install from Splunkbase (Recommended)

  1. From the Splunk main page, click the + Find More Apps button in the sidebar.

find more apps

  1. Type “Censys” in the search bar.

  2. On the results page, find the “Censys Add-on for Splunk” app card and click the green Install button.

install addon

  1. Reenter login credentials to confirm your choice.

Install from File

  1. Go to the Add-on’s page on Splunkbase and click the Download button.

download addon

  1. From the Splunk Web main page, click the gear icon next to Apps, then click Install app from file.

install from file

Configure the Add-on

Global Settings

If you will be using the same Censys workspace for all Splunk work, you can enter your Censys API key in one place, rather than for each input.

  1. Click on the Configuration tab at the top of the page.

  2. Under the Censys Settings tab, paste your API key.

  3. Click Save.

configure global settings

Create an Input for the ASM Logbook

From the Inputs page, select Create New Input. Fill out the following fields:

  • Name: A name for the logbook input.

  • Interval: How frequently data will be fetched from Censys ASM.

  • Censys ASM API key: Your Censys ASM API key is optional here. A key provided here will override the value provided in Global Settings if it were different.

logbook config

Install the Censys ASM App for Splunk

Install from Splunkbase (Recommended)

  1. From the Splunk Web main page, click the + Find More Apps button in the sidebar.

find more apps

  1. Type “Censys” in the search bar.

  2. On the results page, find the “Censys ASM App for Splunk” app card and click the green Install button.

install asm app

Reenter login credentials to confirm your choice.

Install from File

  1. Go to the Add-on page on Splunkbase and click the Download button.

    download app

  2. From the Splunk Web main page, click the gear icon next to Apps, then click Install app from file.

    install from file

Use the App

Interact with Dashboards

To view the pre-configured dashboard, click the Dashboards tab at the top of the page.

The cards on the Censys Dashboard use the logbook API events to provide an easy-to-digest visualization of significant changes to your organization’s Internet presence over time.

Set Home Dashboard

Make the Censys ASM dashboard display first by setting it as your home dashboard.

At the top right of dashboard, click the three-dot icon. Select the "Set as Home Dashboard" item from the menu.

Set home dashboard

View Searches and Matching Events in Detail

To view the Splunk Search query and events that are summarized in each Dashboard card, simply click on the panel.

Dashboard with count link highlighted

On the Search page that opens, you’ll see the query used to obtain the card results in the search bar, and a list of events bucketed by the time chart span specified in the search bar.

Workflow Actions

Workflow actions provide a seamless transition between Splunk Search and Censys ASM.

To view the asset that a certain event is in regards to, open the Actions menu on the line of the asset ID in the event, then click [Domain | Host| Storage Asset | Certificate] in Censys ASM.

Example workflow action for a host

This will take you to the asset page inside the Censys ASM platform for you to investigate further.

View Reports

Censys provides several reports based on ASM data for users to start with. These reports can be used for alerting and creating dashboards.

To view pre-configured reports, click the Reports tab at the top of the page.

Create Alerts from Reports

To create an alert based on a report, click Open in Search next to the report you want to use.

Reports list with "Open in Search" link highlighted

Modify the query to your liking or leave as is, then click Save As Alert.

Search page with Save As menu open and "Alert" highlighted

Give the alert a title, set the alert to be scheduled or real-time, and configure the alert’s trigger settings and trigger actions.

More Information

Full documentation for Censys Splunk apps can be found here.

Additional information can be found in Splunk documentation:

Related articles

Comments

0 comments

Article is closed for comments.