Prioritize & Triage Risks with Censys
The Censys ASM platform can detect over 400 types of risk that lead to security compromise.
Risks page
The Risk page lists all instances of risks detected in your attack surface that should be remediated.
The default view shows all active risk instances across your entire attack surface.
Risks are ordered by severity, with the most severe at the top.
The tabs above the table also allow you to view risks that have been accepted by a member of your team or are closed (no longer detected). View new risks with any status (active, accepted, or closed) by opening the leftmost tab. Adjust the definition of new using the "New since" dropdown above the table on the right.
Quick Filters
Quick Filters provide both insight and filtering options to begin your investigative efforts. Most filters listed in the panel are sorted based on prevalence in your attack surface to help you set priorities.
Quick Filters include:
-
Severity - Tackle risks based on the potential impact to your organization.
-
Category - Triage based on category to target remediation of certain externally facing weaknesses.
-
Type - Triage based on specific risk types to group those with similar remediation recommendation.
-
Asset Type - Review based on the type of affected asset.
-
Environment Type - Triage based on infrastructure provisioning: cloud, shared, and other environments.
Click on the linked asset in the Affected Asset column to go to the Asset Details page and see more information about the risk.
Risk Instances on Details Pages
Risk instances are shown on Host and Storage Bucket Details pages in a tab called Risks. Click the tab to see the details and remediation recommendations for any risks detected on the asset.
Default sorting order is by detection date, with most recently detected risks on top. You can also chose to order by severity, with most severe on top.
Click the View Scan Data button to see the scan data related to the detected risk.
Edit Risk Instances
If an individual instance of a risk requires a severity level other than the default because of its environment, importance to the business, or other contextual factors, you can override the default using the edit option on each risk card.
If an individual instance of a risk is not considered a risk by your organization and you wish to suppress its presence from risk lists, counts, report metrics, and the logbook, you can click the Accept this risk instance option in the top right corner of the risk card.
After accepting a risk, an option to view or hide accepted risks is shown at the top of the list. You can toggle this option to "View" to keep the stub of the accepted risk instance in the list, or choose "Hide" to suppress it entirely.
At any time, you can undo your acceptance of an instance by unchecking the Acceptance check box on the card.
Edit Risk Instances in Bulk
To change the severity of a set of risk instances, use the checkboxes on the Risk table to select
In the menu that appears at the bottom of the page when one or more risk instances are selected. Click the Edit Severity button.
In the modal that appears, select the desired severity and optionally provide a reason for the change.
Download Risks List as CSV
Use the Download All button at the top of the table to download a CSV of the entire list of risks in each tab.
You can also download a subset of relevant risks. Select the risks you wish to download and in the menu that appears at the bottom of the screen, click Download Selection.
Further Reading on Risks
See this reference article for a description of risk categories that the Censys ASM platform identifies.
Comments
0 comments
Please sign in to leave a comment.