Censys Search

the censys search connector allows for advanced search capabilities and asset management within the censys database, directly from the swimlane platform censys search is a robust cybersecurity platform that provides in depth visibility into the assets and risks present on the internet this connector enables swimlane turbine users to integrate with censys search, allowing them to add comments to hosts, create and manage tags, retrieve metadata, and conduct detailed searches for hosts and services by leveraging this integration, security teams can enhance asset management, streamline threat intelligence, and improve incident response through enriched data and automated workflows censys search empowers users with the most comprehensive, accurate, and up to date map of the internet for proactive and reactive security analysis at scale prerequisites to effectively utilize the censys search connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the censys api api id your unique identifier for accessing the censys api api secret the secret key associated with your api id for secure authentication capabilities the censys search connector provides the following capabilities add comments about a given host create a new tag get metadata from host retrieve tags for a host returns comments about a given host search host search host by ip update a tag limitations only search and metadata actions are available for free users to access tags and comments actions, a commercial account is required api documentation for more information on censys search https //search censys io/api#/ configurations censys platform http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api id string required password api secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add comments about a given host adds a user defined comment to a host in censys using the ip address and specified content endpoint url /api/v2/hosts/{{ip}}/comments method post input argument name type required description path parameters ip string required the ip address of the requested host contents string optional response content input example {"json body" {"contents" " this is a comment "},"path parameters" {"ip" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result ip string result of the operation result author id string unique identifier result contents string response content result created at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si create a new tag creates a new tag in censys with the specified name to improve team's asset management endpoint url /api/v2/tags method post input argument name type required description name string optional name of the resource metadata object optional response data metadata color string optional response data input example {"json body" {"name" "tag name","metadata" {"color" "ff6113"}}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result name string name of the resource result metadata object response data result metadata color string response data result created at string result of the operation result updated at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si get metadata from host retrieve a list of services scanned by censys, usable as 'services service name' values in search queries endpoint url /api/v2/metadata/hosts method get output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result services array result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si retrieve tags for host retrieves a list of tags for a specified host in censys using the unique host identifier provided endpoint url /api/v2/tags/{{id}}/hosts method get input argument name type required description path parameters id string required the unique id of the tag input example {"path parameters" {"id" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result hosts array result of the operation result hosts ip string result of the operation result hosts tagged at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si returns comments about a given host retrieves user generated comments for a specified host ip address in censys search endpoint url /api/v2/hosts/{{ip}}/comments method get input argument name type required description path parameters ip string required the ip address of the requested host input example {"path parameters" {"ip" ""}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result ip string result of the operation result comments array result of the operation result comments id string unique identifier result comments ip string result of the operation result comments author id string unique identifier result comments contents string response content result comments created at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si search host executes a search in censys for specific host or service attributes, returning a summary list of matching hosts endpoint url /api/v2/hosts/search method get input argument name type required description parameters q string optional query used to search for hosts with matching attributes uses the censys search language parameters per page number optional the maximum number of hits to return in each response (minimum of 1, maximum of 100) parameters virtual hosts string optional determine how to query virtual hosts the default is exclude which will ignore any virtual hosts entries when set to include or only virtual hosts will be present in the returned list of hits, with the later returning only virtual hosts parameters sort string optional sort the results parameters cursor string optional cursor token from the api response, which fetches the next or previous page of hits when added to the endpoint url parameters fields string optional comma separated list of up to 25 fields to be returned for each result (this parameter is only available to paid users) input example {"parameters" {"q" "services service name http","per page" 50,"virtual hosts" "exclude","sort" "relevance","cursor" "nextcursortoken","fields" "ip,services"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result query string result of the operation result total number result of the operation result duration number result of the operation result hits array result of the operation result hits ip string result of the operation result hits location object result of the operation result hits location city string result of the operation result hits location province string result of the operation result hits location timezone string result of the operation result hits location country string result of the operation result hits location continent string result of the operation result hits location postal code string result of the operation result hits location country code string result of the operation result hits location coordinates object result of the operation result hits location coordinates latitude number result of the operation result hits location coordinates longitude number result of the operation result hits last updated at string result of the operation result hits autonomous system object result of the operation result hits autonomous system description string result of the operation result hits autonomous system bgp prefix string result of the operation output example {"code" 123,"status" "active","result" {"query" "string","total" 123,"duration" 123,"hits" \[{}],"links" {"next" "string","prev" "string"}}} search host by ip retrieves a detailed view of a host's services from censys using the specified ip address endpoint url api/v2/hosts/{{ip}} method get input argument name type required description path parameters ip string required the ip address of the requested host parameters at time string optional fetches the censys view of a host and its services at the specified point in time requires historical api access nanosecond precision is allowed uses rfc3339 timestamp input example {"parameters" {"at time" "2023 10 01t00 00 00z"},"path parameters" {"ip" "1 1 1 1"}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result ip string result of the operation result services array result of the operation result services port number result of the operation result services service name string name of the resource result services transport protocol string result of the operation result services extended service name string name of the resource result services dns object result of the operation result services dns server type string type of the resource result services http object result of the operation result services http request object result of the operation result services http request method string http method to use result services http request uri string result of the operation result services http request headers object http headers for the request result services http response object result of the operation result services http response body string request body data result services http response protocol string result of the operation result services http response body size number request body data result services http response status code number status value result services http response status reason string status value result services http response headers object http headers for the request output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si update a tag updates a specific tag for a team in censys using the tag's unique identifier and a new name requires 'id' as path parameter and 'name' in json body endpoint url /api/v2/tags/{{id}} method put input argument name type required description path parameters id string required the unique id of the tag name string optional name of the resource metadata object optional response data metadata color string optional response data input example {"json body" {"name" "tag name","metadata" {"color" "ff6113"}},"path parameters" {"id" ""}} output parameter type description status code number http status code of the response reason string response reason phrase code number output field code status string status value result object result of the operation result id string unique identifier result name string name of the resource result metadata object response data result metadata color string response data result created at string result of the operation result updated at string result of the operation output example {"status code" 200,"response headers" {"date" "thu, 22 aug 2024 05 23 22 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","access control allow origin" " ","x content type options" "nosniff","strict transport security" "max age=31536000; includesubdomains; preload","access control allow credentials" "true","access control allow methods" "put, get, post, options","access control allow headers" "dnt,keep alive,user agent,x requested with,if modified si response headers header description example access control allow credentials http response header access control allow credentials true access control allow headers http response header access control allow headers dnt,keep alive,user agent,x requested with,if modified since,cache control,content type,range,authorization access control allow methods http response header access control allow methods put, get, post, options access control allow origin http response header access control allow origin access control max age http response header access control max age 1728000 cf cache status http response header cf cache status dynamic cf ray http response header cf ray 8b706e2cee0579e0 hyd connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt server information about the software used by the origin server cloudflare set cookie http response header set cookie cf bm=iddyryf khbztvrjd5j8a772b8 tu6zrsdl5hqobgow 1724304202 1 0 1 1 a bu4qr6lcoisbxy3lfpa njlwarde rqry9rgbfkg ifabxlqfgs9dctpeccvsikgskrhdg f20prvdrtjtrq; path=/; expires=thu, 22 aug 24 05 53 22 gmt; domain= censys io; httponly; secure; samesite=none strict transport security http response header strict transport security max age=31536000; includesubdomains; preload transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff