Host ASM Assets
A host is a foundational concept in Internet security, and in the Censys Attack Surface Management platform.
Formal definition: A network host is a computer or other device connected to a computer network. A host may work as a server offering information resources, services, and applications to users or other hosts on the network. Hosts are assigned at least one network address.
Informal Censys definition : A computer or device that’s connected to the Internet, located at and identified by an IP address.
The Hosts list page shows all of your organization’s hosts. You can use 2 views of hosts to explore your online presence:
-
IP address
-
name
For some investigations, searching for assets you don’t recognize and identifying vulnerabilities in your network is easier to do when hosts are indexed by one or the other property, so you can toggle between these views as it suits your workflow.
When you select the IP address view, you see all your hosts indexed by their IP address.
Other columns in this view include:
-
Name(s): Domain and subdomain names obtained via DNS lookups.
-
Ports: The numerical identifiers of the open ports on the host.
-
Protocols: The application-layer protocols that the host is using.
-
Software: Application names and versions running on the host as reported by services on the host.
When you select the Name view, you see a table of all your hosts indexed by name.
Other columns in the view of this table include:
-
IP Addresses: The number of IP addresses a name is associated with. Parent domain rows show the total IP addresses of all subdomains.
-
Ports: The numerical identifiers of the open ports on the hosts associated with a name.
-
Protocols: The application-layer protocols that the hosts are using.
-
Software: Application names and versions running on the hosts as reported by services on the host.
-
Tags: Any tags applied to this asset.
Filters allow for very high granularity in selecting hosts to include or exclude from view.
Saved filters appear in a list on top of the table.
-
You can save new filters by clicking Save Filter located in the Filters builder or above selected filters.
-
Provide a name for the filter combination and click Save Filter. The applied name appears around the group of filters at the top of the list.
-
You can use the saved filter by selecting it from the Saved Filter list.
Export the host list as a comma separated value (CSV) sheet for use in other products and workflows. Click Download CSV in the right corner of the IP view of the host list.
The default filename is {timestamp}_{customerName}_HostByIpExport.csv
. The columns in the CSV file reflect the columns shown in the table when exported.
Click the linked IP address to see a host detail page with additional information.
The title of the page is the host’s IP address. Any tags applied to the host are shown underneath, with an X option to remove them.
Add a new tag by clicking Add Tag. In the dialog box that appears, type the name of a new tag and select the color, or select from existing tags that appear in the list.
If there are risks on the host, a red warning icon next to the Risks tab near the top of the page identifies them. Click the tab to see the list of identified risks, details, and remediation recommendations.
Default ordering of the list is by detection date, with the newest on top. Sort by severity instead by using the menu above the list on the right.
The first card on the page shows recent activity related to this host, taken from the logbook. Activity includes events such as new open ports, certificates the host has presented during any TLS handshakes with Censys, and software and vulnerabilities events.
Click View All at the bottom to expand the card so you can see all events related to this host since Censys added it to your organization.
If you want to filter the events further, excluding or including only certain types, click Go to Logbook that appears in the top right corner of the card, and go to the Logbook page, where those refinement options are available.
The Logbook page shows the IP address filter already set for the selected host.
For more information on the events that can appear in the recent activity card, see the logbook article.
The Trail card shows a list of assets whose connections to this host were used to determine with confidence that this host belongs to your organization.
If you decide after investigating that you do not want Censys to track this host for you, click Remove on the top right of the page.
This removes the asset and puts in on an excluded asset list so it does not reappear in subsequent Censys attributions.
The General Info area on the far right of the page enriches the host information gained from scan with other contextual data.
-
Location: The country, and state or province shown on a map at the top.
-
Fully Qualified Domain Names: Name obtained by reverse and forward DNS.
-
Network WHOIS Org Name: The organization name associated with the net block.
-
Autonomous System: The ASN that the host is a member of.
-
Cloud: The cloud provider where the IP is hosted.
This area shows every protocol the host is using on its open ports and additional detail to help you identify and secure the services there.
The default view of the table is listed by protocol, but you can view the chart by port by clicking the Ports tab at the top of the card.
All ports and protocols are shown by default. Clicking a port or protocol hides others in the table. To return to an all ports/protocol view, select the Show All checkbox.
The columns in the table provide detailed information about the service that Censys detected running on a particular port, and include:
-
Protocol: The application-layer protocol that the service uses to communicate with clients.
-
Port: The port number used to receive and send application-related communications.
-
Software: The name and version of the software running on the port, if known.
-
Scan Data: Structured data for the port, protocol pair obtained during scan.
Click the button on the right side of the row to view structured data in a table or as JSON.
The next section of the area shows TLS certificates presented by this host when scanned.
The default view of the table is listed by certificate fingerprint with the common name listed above. Other columns in the table provide high-level certificate information such as:
-
Port/Protocol: The port or protocol that the host presented the certificate on. This column changes with the selection above.
-
Ownership: A category indicating whether the certificate is considered by Censys to be yours or a third party’s.
-
Expiration Date: The date on which the certificate expires and can no longer be trusted by browsers if it is live on a site.
-
Valid: A Censys indicator of trustworthiness, based on the certificate’s features, including trust anchors, formatting, signatures, validity dates, and more.
-
Self-Signed: Whether or not the certificate is self-signed. Self-signed certificates can be an indication of an internal or development certificate not intended to be exposed to the public Internet.
-
Tags: Any tags assigned to this cert.
Tip
Not seeing a certificate you expected? Check for redirects to domains serving as authentication systems, which prevent Censys Attack Surface Management from seeing the cert.
To see more about a certificate, click the arrow button on the right of the table row, which opens the Certificate details page.