1. Censys
  2. Censys Attack Surface Management
  3. Security Integrations

Other Articles In This Section

In this article:

Censys ASM XSOAR Integration

  • Updated

Introduction

The Censys ASM Cortex XSOAR integration is designed to generate incidents from Censys ASM logbook events. This integration fetches Censys ASM logbook events, allows users to evaluate them for risk level, converts them to incidents, and uploads them to the Cortex XSOAR platform.

Requirements

Please reach out to support@censys.io for access to the integration repository.

This setup guide assumes that Docker and Docker Compose have been installed and are running on your server.

Configuration

Before running the Censys XSOAR integration, configure settings in a config file.

  1. Using the provided example-config.yml as a starting point, create a config.yml file in this project’s root directory.

    Run a shell command like this:

    cp -p example-config.yml config.yml

  2. Copy your API key from the Integrations page on the Censys ASM app and paste it as the value for api_key.

    asm api key

    Set your desired log level and run interval and fill in the filters section with the logbook event types. Consult the Appendix for valid values.

  3. Using the hostname and port of your XSOAR server, go to https://your_xsoar_host:your_xsoar_port/#/settings/apikeys to generate an XSOAR API key.

    api key 3

    Copy the secret into the api_key field and the URL of your XSOAR hostname into the host field.

Running Censys XSOAR

With your config.yml file saved, you are ready to run the integration.

Navigate to the root of the project and execute the following command:

docker-compose up --build -d

Validate that the integration is running properly by checking your docker compose logs:

docker-compose logs -f

You should see output similar to the snippet below if incidents have been created. You can also check your XSOAR server for newly created incidents.

censys-xsoar    | INFO:asm: Beginning event upload.
censys-xsoar    | INFO:xsoar: Created incident: 'Port 53 Opened on Host 127.0.0.1'
censys-xsoar    | INFO:xsoar: Created incident: 'Port 1433 Opened on Host 127.0.0.1'
censys-xsoar    | INFO:main: Finished uploading events. Sleeping for 300 seconds.

Appendix

List of Valid Log Levels

[CRITICAL, ERROR, WARNING, INFO, DEBUG]

Valid Interval Values

  • -1: Run the integration once and then exit the program.

  • 300: Run the integration every interval seconds (min., 300).

List of Valid Censys ASM logbook Filters

CERT,
CERT_RISK,
DOMAIN,
DOMAIN_EXPIRATION_DATE,
DOMAIN_MAIL_EXCHANGE_SERVER,
DOMAIN_NAME_SERVER,
DOMAIN_REGISTRAR,
DOMAIN_RISK,
DOMAIN_SUBDOMAIN,
HOST,
HOST_CDN,
HOST_CERT,
HOST_PORT,
HOST_PROTOCOL,
HOST_RISK,
HOST_SOFTWARE,
HOST_VULNERABILITY,
OBJECT_STORAGE,
RISK_USER_CONFIG

Related articles

Comments

0 comments

Article is closed for comments.