Enricher - Censys Enricher#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

Censys Enricher

Supported observable types

  • ipv4

  • ipv6

Output

Indicator entity with associated observables.

API endpoint

https://api.platform.censys.io/v3/global/asset

Description

This enricher looks up for IPV4 and IPV6, the enriched observable using the Censys endpoint.

Requirements#

  • API URL Censys.

  • Censys Auth Token.

Set up the enricher#

Before using the enricher, configure it to add your Censys credentials:

  1. Go to Data configuration Data configuration icon > Enrichers.

  2. Select the enricher from the displayed list.

  3. Edit the enricher by selecting from the top right More More > Edit.

  4. In the Edit enricher task view, fill out these fields:

    Note

    Required fields are marked with an asterisk (*).

    Field

    Description

    Auth Token*

    Set this to your Censys Auth Token.

    API URL*

    Set this to the API Url

    Max age in days*

    Set the number of days to go back in time for retrieving reports.

  5. Click Save to store your changes.

Default configuration#

These are the default configuration parameters for the Censys enricher:

Note

Required fields are marked with an asterisk (*).

Field

Description

Name

Leave this as “Censys Enricher”. Set by default.

Override TLP

Forces all entities and observables produced by this extension to inherit this TLP value.

Description*

Enter a description for this enricher.

Cache validity (sec)*

Set to 2592000 seconds (30 days) by default.

Rate limit (per sec)*

Set to 1000 seconds by default.

Monthly execution cap (runs)*

Set to 1000000 runs by default.

Source reliability*

Assign a reliability level to entities and observables produced by this extension. The values here are based on the Admiralty System.

Observable types*

Observable types to enrich. By default, this is set to the observables supported by the Censys enricher: ipv4 and ipv6

Enabled

Select to enable this enricher.

API URL*

Set to https://api.platform.censys.io/v3/global/asset by default.

Auth Token*

Set this to your Censys Auth Token.

Max age in days*

Set to 30 by default.

SSL verification

Selected by default. Select to enable SSL verification.

Path to SSL certificate file

Used when connecting to a feed source that uses a custom CA. Set this as the path to the SSL certificate to use when authenticating the feed source.

Enrichment result#

When the Censys enricher is applied to an observable, it attaches a Indicator entity to the enriched observable.

Attached to the Indicator entity are associated observables.