ASM: Asset Inventory List
An attack surface can consist of hosts, web entities, certificates, domains, and storage buckets. You can see the assets in your attack surface on the Inventory page.
-
Hosts are computers, virtual machines or devices connected to the Internet with an IP address.
-
Web entities are named entities running on a specific port that provide services or content using the HTTP protocol.
-
Certificates are documents used during TLS handshakes to validate identities.
-
Domains (following the eTLD+1 format) are names that represent DNS zones.
-
Storage buckets are object storage solutions available from Cloud Service Providers.
The Inventory list page shows all your organization’s assets.
You can explore, browse, and investigate these assets with basic and advanced searching, clickable shortcuts, and aggregations.
Navigate to the page by clicking the Inventory menu and clicking All Inventory.
When you first open this page, you see all asset types listed by their ID, which is dependent on type.
You can reorder the columns by clicking the column heading dots and then selecting Move column left or Move column right. You can also grab the right edge of a column name and resize it.
Columns in the view include:
-
Risks: A count of any risks detected on an asset, listed by their severity.
-
Source: An enumeration indicating how an asset was added to your attack surface: as a seed, from a cloud connector, or via Censys discovery scans. Sources include:
-
Seed you Provided: Your organization manually provided the seed.
-
Censys Found Seed: Censys found the seed during Censys Seed Discovery.
-
Censys Scan: Asset was found from Censys Attribution.
-
AWS Connector: Asset was added through the AWS Connector.
-
GCP Connector: Asset was added through the GCP Connector.
-
Azure Connector: Asset was added through the Azure Connector.
-
-
Tags: Any tags your team applied to an asset.
-
Added: The date an asset was associated to your organization.
-
Cloud: The name of the hosting provider or the name of the cloud or data center in which the IP address is hosted.
-
Expiration Date: The date on which a certificate or domain expires/expired.
Additional columns depend on asset type. Select the columns you want to see by clicking the plus (+) at the right of the header row.
Additional column options include:
-
Fingerprint: The identifier of the certificate: a SHA-256 digest of its contents.
-
Issuer: The certificate authority that issued the certificate.
-
Key Type: The encryption algorithm used to generate the certificate’s public key.
-
Pre-certificate: A boolean indicating whether the poison extension is marked critical, which makes the document an artifact of Certificate Transparency regulations and not able to be used.
-
Self-Signed: Whether or not the certificate is self-signed.
-
Subject Organization: The name of the organization to which the certificate was issued, if available.
-
Valid: A Censys indicator of trustworthiness, based on the certificate’s trust anchor status among root stores.
-
Cloud: The name of the Cloud Service Provider whose name servers are authoritative for this domain, if applicable.
-
Registrar: The registrar or reseller with which the domain name was registered.
-
Name Servers: The names of the servers responsible for answering DNS lookups, as obtained from the DNS record for the domain name. Usually there are 2 or more for redundancy.
-
Mail Servers: The names of any servers which receives mail for mailboxes in the domain, if applicable, as obtained from MX records for the domain name.
-
ASN: The numerical identifier of the autonomous system that a host’s IP address is part of.
-
AS Name: The human readable name of the autonomous system that a host’s IP address is part of.
-
Continent: The continent where the IP address is located.
-
Country: The country where the IP address is located.
-
Host Labels: Censys-applied informational labels.
-
IP: 1 of 2 potential identifiers of a host: its IPv4 address.
-
Name: The identifier of the virtual host, if applicable. The name used in scan.
-
Names on Host: Names from the Domain Name System that resolve to the host.
-
Ports/Protocols: The numerical identifiers of the open ports on the host, annotated with the application-layer protocols that the host services are using.
-
-
Software: The names of software packages detected on the host in scan.
-
Shared Host: Whether the host is used by a web hosting provider to serve a variety of websites.
-
HTML Title: The title(s) of any web page(s) returned by a web entity’s instances during a scan.
-
HTTP Status Code: The status code(s) returned by a web entity’s instances during a scan.
-
Instance Count: The total number of instances of the web entity observed during all Censys scans.
NOTE: Only the first 100 instances are searchable.
-
Software: The names of hardware, operating system or application software packages detected on a web entity’s instances in scan.
-
TLS Version Selected: The TLS version(s) selected by a web entity’s instances during a scan.
To view top values for less common fields than are shown in the Search Shortcuts panel, click View Aggregations.
Use the autocomplete to select the field you want to see top values for.
A term aggregation can be performed for any field in the schema, and takes place for any assets returned by the query in the search bar.
If no query is present in the search bar when you click View Aggregations, aggregations take place for all applicable assets.
You can download an asset list as a comma-separated value (CSV) for use in other products and workflows.
Click Actions and click Download CSV.
The filename is {timestamp}_{customerName}_InventoryExport.csv
. The columns in the CSV file are the columns shown in the table when you export the file.
Comments
0 comments
Please sign in to leave a comment.