Censys ASM XSOAR Integration
The Censys ASM Cortex XSOAR integration is designed to generate incidents from Censys ASM logbook events. This integration fetches Censys ASM logbook events, allows users to evaluate them for risk level, converts them to incidents, and uploads them to the Cortex XSOAR platform.
Before running the Censys XSOAR integration, configure settings in a config file.
Using the provided
example-config.ymlas a starting point, create a
config.ymlfile in this project’s root directory.
Run a shell command like this:
cp -p example-config.yml config.yml
Copy your API key from the Integrations page on the Censys ASM app and paste it as the value for
Set your desired log level and run interval and fill in the
filterssection with the logbook event types. Consult the Appendix for valid values.
Using the hostname and port of your XSOAR server, go to
https://your_xsoar_host:your_xsoar_port/#/settings/apikeysto generate an XSOAR API key.
Copy the secret into the
api_keyfield and the URL of your XSOAR hostname into the
Running Censys XSOAR
With your config.yml file saved, you are ready to run the integration.
Navigate to the root of the project and execute the following command:
docker-compose up --build -d
Validate that the integration is running properly by checking your docker compose logs:
docker-compose logs -f
You should see output similar to the snippet below if incidents have been created. You can also check your XSOAR server for newly created incidents.
censys-xsoar | INFO:asm: Beginning event upload. censys-xsoar | INFO:xsoar: Created incident: 'Port 53 Opened on Host 127.0.0.1' censys-xsoar | INFO:xsoar: Created incident: 'Port 1433 Opened on Host 127.0.0.1' censys-xsoar | INFO:main: Finished uploading events. Sleeping for 300 seconds.
List of Valid Log Levels
[CRITICAL, ERROR, WARNING, INFO, DEBUG]
Valid Interval Values
-1: Run the integration once and then exit the program.
300: Run the integration every
intervalseconds (min., 300).
List of Valid Censys ASM logbook Filters
CERT, CERT_RISK, DOMAIN, DOMAIN_EXPIRATION_DATE, DOMAIN_MAIL_EXCHANGE_SERVER, DOMAIN_NAME_SERVER, DOMAIN_REGISTRAR, DOMAIN_RISK, DOMAIN_SUBDOMAIN, HOST, HOST_CDN, HOST_CERT, HOST_PORT, HOST_PROTOCOL, HOST_RISK, HOST_SOFTWARE, HOST_VULNERABILITY, OBJECT_STORAGE, RISK_USER_CONFIG