1. Censys
  2. Censys Attack Surface Management
  3. Foundations of ASM: Inventory Introduction

Other Articles In This Section

See more

In this article:

Asset Inventory Exploration Page

  • Updated

What assets compose my inventory?

An attack surface can be composed of hosts, web entities, certificates, domains, and storage buckets.

  • Hosts are computers, virtual machines or devices connected to the Internet with an IP address.

  • Web entities are named entities running on a specific port that provide services or content using the HTTP protocol.

  • Domains (following the eTLD+1 format) are names that represent DNS zones.

  • Certificates are documents used during TLS handshakes to validate identities.

  • Storage buckets are object storage solutions available from Cloud Service Providers.

How do I use the Inventory list page?

The Inventory list page displays all of your organization’s assets.

You can explore, browse, and investigate these assets with basic and advanced searching.

Navigate to the page by opening the Inventory nav item and clicking the All Inventory option from the dropdown menu.

Inventory navigation menu
Figure 1. Inventory page shown in Inventory navigation menu

The default view of the table shows all asset types indexed by their ID, which is dependent on type. Columns in the default view apply to all assets of different types and include:

  • Risks - A count of any risks found on the asset by their severity.

  • Source - An enumeration indicating how the asset was added to your attack surface: as a seed, from a cloud connector, or via Censys discovery scans.

  • Tags - Any tags your team has applied to this asset.

  • Added - The date this asset was attributed to your organization.

Using the Search Bar

Provide search criteria using the Censys Search Language to search the fields listed in the ASM Asset schema docs.

Save queries by clicking the bookmark icon on the right side of the search bar and providing a name.

Inventory table with save query modal open

Open the Saved Queries menu to access and manage your team’s saved queries.

Inventory table with save query modal open

From this menu, you can run searches, edit the name, copy a query, or remove it from your list.

Column Selection

Additional columns are dependent on asset type and can be displayed in the table by clicking the plus (+) button at the far right of the header row.

Inventory table with column selection modal open
Figure 2. Column selection modal open

Select or deselect the columns to create your desired view. Additional column options include:

Hosts

  • IP - One of two potential identifiers of a host: its IPv4 address.

  • Name - The identifier of the virtual host, if applicable. The name used in scan.

  • Names on Host - Names from the Domain Name System that resolve to the host.

  • Cloud - The name of the hosting provider or the name of the cloud or data center in which the IP address is hosted.

    • Ports/Protocols - The numerical identifiers of the open ports on the host, annotated with the application-layer protocols that the host services are utilizing.

  • Software - The names of software packages detected on the host in scan.

  • Shared Host - Whether the host is used by a web hosting provider to serve a variety of websites.

  • Continent - The continent where the IP address is located.

  • Country - The country where the IP address is located.

  • ASN - The identifier of the autonomous system that the IP address is part of.

Web Entities

  • Software - The names of hardware, operating system or application software packages detected on a web entity’s instances in scan.

  • HTML Title - The title(s) of any web page(s) returned by a web entity’s instances during a scan.

  • HTTP Status Code - The status code(s) returned by a web entity’s instances during a scan.

  • Instance Count - The total number of instances of the web entity observed during all Censys scans.

    Note
    		 Only the first 100 instances are searchable.

  • TLS Version Selected - The TLS version(s) selected by a web entity’s instances during a scan.

Certificates

  • Fingerprint - The identifier of the certificate: a SHA-256 digest of its contents.

  • Expiration Date - The date on which the certificate expires and should no longer be trusted by clients if it is live on a site. As of 2020, the maximum validity duration is 13 months.

  • Issuer - The certificate authority that issued the certificate.

  • Subject Organization - The name of the organization to which the certificate was issued, if available.

  • Valid - A Censys indicator of trustworthiness, based on the certificate’s trust anchor status among root stores.

  • Self-Signed - Whether or not the certificate is self-signed (i.e., whether the issuer is the same as the subject).

    Self-signed certificates can be an indication of an internal or development service not intended to be exposed to the public Internet.

  • Key Type - The encryption algorithm used to generate the certificate’s public key.

  • Pre-certificate - A boolean indicating whether the poison extension is marked critical, which makes the document an artifact of Certificate Transparency regulations and not able to be used.

Domains

  • Cloud - The name of the Cloud Service Provider whose name servers are authoritative for this domain, if applicable.

  • Registrar - The registrar or reseller with which the domain name was registered.

  • Name Servers - The names of the servers responsible for answering DNS lookups, as obtained from the DNS record for the domain name. Usually there are two or more for redundancy.

  • Mail Servers - The names of any servers which receives mail for mailboxes in the domain, if applicable, as obtained from MX records for the domain name.

  • Expiration Date - The date when the domain name registration will expire and be released into the available domain pool.

Storage Buckets

  • Account ID (AWS specific) - The AWS account associated with this bucket.

  • Cloud - The cloud storage provider hosting this bucket.

  • Access - The access configuration for this bucket. Access levels include Readable, Writeable, and Editable Settings.

Download Data

Export up to 1000 rows of the asset list as a comma separated value (CSV) sheet for use in other products and workflows.

Click the Download CSV button in the right-hand corner of the list.

Download asset list as a CSV
Figure 3. Download the asset list as a CSV

The default filename is {timestamp}_{customerName}_InventoryExport.csv, and the columns in the CSV file reflect the columns displayed in the table when exported.

Details Pages

Click on the linked asset in the table to see a detail page with additional information.

Click an asset in the table for more info
Figure 4. Click an asset in the table to see details

Related articles

Comments

0 comments

Please sign in to leave a comment.