Prioritize and Triage Risks in Exposure Management
The Censys Exposure Management platform can detect over 400 types of risk that can lead to security compromise.
The Risk page lists all instances of risks detected in your attack surface that should be remediated.
The default view shows all active risk instances across your entire attack surface.
Risks are ordered by severity, with the most severe at the top.
The tabs help you to view risks that are accepted by a member of your team or are closed (no longer detected). View new risks with any status (active, accepted, or closed) by opening the left tab. Adjust the definition of new using the New since list above the table on the right.
Quick Filters provide both insight and filtering options to begin your investigative efforts. Most filters listed in the panel are sorted based on prevalence in your attack surface to help you set priorities.
Quick Filters include:
Severity: Tackle risks based on the potential impact to your organization.
Category: Triage based on category to target remediation of certain externally facing weaknesses.
Type: Triage based on specific risk types to group those with similar remediation recommendation.
Asset Type: Review based on the type of affected asset.
Environment Type: Triage based on infrastructure provisioning - cloud, shared, and other environments.
Click the linked asset in the Affected Asset column to go to the Asset Details page and see more information about the risk.
Risk Instances on Details Pages
Risk instances are shown on Host and Storage Bucket Details pages in a tab called Risks. Click the tab to see the details and remediation recommendations for any risks detected on the asset.
Default sorting order is by detection date, with most recently detected risks on top. You can also sort by severity, with most severe on top.
Click View Scan Data to see the scan data related to the detected risk.
Edit Risk Instances
You can override the default risk setting using the edit option on each risk card. This is helpful if an individual instance of a risk requires a severity level other than the default. Perhaps a risk in your environment is more or less important because of its context, importance to the business, or other contextual factors.
If an individual instance of a risk is not considered a risk by your organization and you want to suppress its presence from risk lists, counts, report metrics, and the logbook, click the Accept this risk instance in the upper right of the risk card.
After accepting a risk, an option to view or hide accepted risks is shown at the top of the list. You can toggle this option to View to keep the stub of the accepted risk instance in the list, or select Hide to suppress it entirely.
You can undo your acceptance of an instance by clearing the Acceptance checkbox on the card.
Edit Risk Instances in Bulk
- To change the severity of a set of risk instances, use the checkboxes on the Risk table to select the ones you want to work with.
- In the area at the bottom of the page, click Edit Severity.
- Select the desired severity and optionally provide a reason for the change.
You can download a CSV of the entire list of risks in a tab. Click Download All.
You can also download a subset of relevant risks. Select the risks to download and click Download Selection.
Further Reading on Risks
See this reference article for a description of risk categories that the Censys Exposure Management platform identifies.