Current ThreatQ Version Filter
Censys Action
The web format of this guide reflects the most current release. Guides for older iterations are available in PDF format.
Integration Details
ThreatQuotient provides the following details for this integration:
| Current Integration Version | 1.0.0 |
| Compatible with ThreatQ Versions | >= 6.5.0 |
| ThreatQ TQO License Required | Yes |
| Support Tier | ThreatQ Supported |
Introduction
The Censys Action integration enriches ThreatQ indicators with context obtained from the Censys API that can be used to proactively protect an organization against advanced threat actors.
The integration provides the following action:
- Censys Enrichment - ingests data about indicators of compromise related to network activity.
The action is compatible with and returns the enriched Indicator objects.
This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.
Prerequisites
- An active ThreatQ TDR Orchestrator (TQO) license.
- A data collection containing indicator objects.
- A Censys Platform API Personal Access Token.
- A Censys
API Access Rolerole assigned to the Personal Access Token. - A Censys Organization ID.
Installation
Perform the following steps to install the integration:
The same steps can be used to upgrade the integration to a new version.
- Log into https://marketplace.threatq.com/.
- Locate and download the action zip file.
- Navigate to the integrations management page on your ThreatQ instance.
- Click on the Add New Integration button.
- Upload the action zip file using one of the following methods:
- Drag and drop the zip file into the dialog box
- Select Click to Browse to locate the zip file on your local machine
ThreatQ will inform you if the action already exists on the platform and will require user confirmation before proceeding. ThreatQ will also inform you if the new version of the action contains changes to the user configuration. The new user configurations will overwrite the existing ones for the action and will require user confirmation before proceeding.
You will still need to configure the action.
Configuration
ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.
To configure the integration:
- Navigate to your integrations management page in ThreatQ.
- Select the Actions option from the Category dropdown (optional).
- Click on the action entry to open its details page.
- Enter the following parameters under the Configuration tab:
The configurations set on this page will be used as the default settings when inserting this action into a new workflow. Updating the configurations on this page will not update any instances of this action that have already been deployed to a workflow. In that scenario, you must update the action’s configurations within the workflow itself.
Parameter Description Censys Personal Access Token Your Censys API ID. Censys Organization ID Your Census API Secret. Enable SSL Certificate Verification Enable this parameter if the action should validate the host-provided SSL certificate. Disable Proxies Enable this parameter if the action should not honor proxies set in the ThreatQ UI. IP Address/IPv6 Address Description Context Select the pieces of enrichment context to ingest into the description of IP Addresses. Options include: - WHOIS Information
- Services Information
Ingest Censys Labels As Tags Enable this parameter to add Censys Labels as tags to indicators. IP Address/IPv6 Address Context Filter Select the pieces of enrichment context to ingest into ThreatQ for IP Address or IPv6 Address type indicators. Options include: - Total Services
- Postal Code
- Timezone
- Province
- Country Code (default)
- Continent
- City (default)
- Country
- Network Country Code
- AS Name (default)
- BGP Prefix
- ASN (default)
- Vendor
- Product
- CPE
- Source
Certificates Context Filter Select the pieces of enrichment context to ingest into ThreatQ for SHA-256 type indicators. Options include: - Issuer Distinguished Name (default)
- Subject DN
- Serial Number (default)
- Self Signed
- Valid Signature
- Signature Algorithm Name
- Signature Algorithm OID
- Signature
- DNS Name (default)
- Browser Trust Apple
- Browser Trust Microsoft
- Browser Trust Mozilla NSS
- Browser Trust Chrome
- Common Name
- Key Type (default)
- Key Length
- Modulus
- Key Encipherment
- Digital Signature
- Server Auth
- Client Auth
- Is Certificate Authority
- AIA Paths OCSP
- AIA Paths Issuer
- Valid Until
- Valid From
FQDN Context Filter Select the pieces of enrichment context to ingest into ThreatQ for indicators of type FQDN. Options include: - Port
- CPE
- Issuer Distinguished Name
- Subject DN
IP Address/IPv6 Address Relationship Filter Select the relationships to include in the context enrichment for each IP Address. Options include: - DNS Names
- CVEs
- Certificate SHA256 Fingerprint
- Certificate SHA1 Fingerprint
- Certificate MD5 Fingerprint
Ingest CVEs As Select the entity type to ingest CVE IDs as in ThreatQ. Options include: indicator and vulnerability. This parameter is only accessible if you have selected the
CVEsoption for the IP Address/IPv6 Address Relationship Filter parameter.Certificates Relationship Filter Select which relationship context to ingest into ThreatQ for SHA-256 type indicators. Options include: - Fingerprint SHA-1 (default)
- Fingerprint MD5 (default)
- TBS Fingerprint SHA-256
- TBS No CT Fingerprint SHA-256
- SPKI Fingerprint SHA-256
- Parent SPKI Fingerprint SHA-256
- DNS Names
FQDN Relationship Filter Select which relationship context to ingest into ThreatQ for indicators of type FQDN. Options include: - Fingerprint SHA-256
- Fingerprint SHA-1
- Fingerprint MD5
- IP Address
Objects per run Maximum number of objects to process per-run.
- Review any additional settings, make any changes if needed, and click on Save.
Actions
The following action is available:
| Action | Description | Object Type | Object Subtype |
|---|---|---|---|
| Censys Enrichment | Enriches indicators with Censys data | Indicator | FQDN, IP Address, IPv6 Address, SHA-256 |
Censys Enrichment
The Censys Enrichment action queries indicators contained in a threat-library collection against Censys Search API.
The API Mapping depends on the indicator type.
IP Address, IPv6 Address
GET https://api.platform.censys.io/v3/global/asset/host/141.11.179.22
Sample Response:
{
"result": {
"resource": {
"ip": "141.11.179.22",
"location": {
"continent": "Europe",
"country": "Czech Republic",
"country_code": "CZ",
"city": "Prague",
"postal_code": "110 00",
"timezone": "Europe/Prague",
"province": "Prague",
"coordinates": {
"latitude": 50.08804,
"longitude": 14.42076
}
},
"autonomous_system": {
"asn": 29208,
"description": "QUANTCOM-AS Quantcom a.s.",
"bgp_prefix": "141.11.179.0/24",
"name": "QUANTCOM-AS Quantcom a.s.",
"country_code": "CZ"
},
"whois": {
"network": {
"handle": "NET-141-11-179-0-24",
"name": "Private Customer",
"cidrs": [
"141.11.179.0/24"
],
"created": "2023-09-27T00:00:00Z",
"updated": "2025-02-12T00:00:00Z",
"allocation_type": "ALLOCATION"
},
"organization": {
"handle": "ORG-PC276-RIPE",
"name": "Private Customer",
"address": "Private Residence",
"street": "1600 Amphitheatre Parkway",
"city": "Mountain View",
"state": "CA",
"postal_code": "94043",
"country": "US",
"abuse_contacts": [
{
"handle": "PC18660-RIPE",
"name": "Private Customer",
"email": "report@abuseradar.com"
}
],
"admin_contacts": [
{
"handle": "ZG39-ARIN",
"name": "Google LLC",
"email": "arin-contact@google.com"
}
],
"tech_contacts": [
{
"handle": "ZG39-ARIN",
"name": "Google LLC",
"email": "arin-contact@google.com"
}
]
}
},
"services": [
{
"protocol": "HTTP",
"transport_protocol": "tcp",
"vulns": [
{
"source": "third_party",
"confidence": 0.25,
"evidence": [
{
"found_value": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*",
"semver_expression": ">=1.11.0 && <1.34.2"
}
],
"id": "CVE-2025-1695",
"year": 2025,
"risk_source": "cve",
"severity": "medium",
"metrics": {
"epss": {
"percentile": 0.068,
"score": 0.03
},
"cvss_v31": {
"score": 5.3,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"components": {
"attack_vector": "network",
"attack_complexity": "low",
"privileges_required": "none",
"user_interaction": "none",
"scope": "unchanged",
"confidentiality": "none",
"integrity": "none",
"availability": "low"
}
},
"cvss_v40": {
"score": 6.9,
"vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"components": {
"attack_vector": "network",
"attack_complexity": "low",
"privileges_required": "none",
"user_interaction": "none",
"attack_requirements": "none"
}
}
},
"name": "CVE-2025-1695"
}
],
"software": [
{
"source": "recog",
"confidence": 0.25,
"evidence": [
{
"data_path": "http.headers.server"
}
],
"part": "a",
"vendor": "f5",
"product": "nginx",
"version": "1.18.0",
"cpe": "cpe:2.3:a:f5:nginx:1.18.0:*:*:*:*:*:*:*",
"life_cycle": {
"release_date": "2020-04-21T00:00:00Z"
}
}
],
"ip": "141.11.179.22",
"scan_time": "2025-08-13T07:35:05Z",
"representative_info": {
"reason": "protocol_port_count",
"sampled_port": 2
},
"banner": "HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 154\r\nConnection: close\r\nLocation: 444\r\n",
"banner_hash_sha256": "abe1d19c252a092e785e668b43447fd43c5875cb4a5d8ffe09c996ec67be3547",
"endpoints": [
{
"hostname": "141.11.179.22",
"port": 2,
"path": "/",
"endpoint_type": "HTTP",
"transport_protocol": "tcp",
"scan_time": "2025-08-13T07:35:05Z",
"banner": "HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: <REDACTED>\r\nContent-Type: text/html\r\nContent-Length: 154\r\nConnection: close\r\nLocation: 444\r\n",
"banner_hash_sha256": "abe1d19c252a092e785e668b43447fd43c5875cb4a5d8ffe09c996ec67be3547",
"http": {
"uri": "http://141.11.179.22:2/",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_reason": "Moved Temporarily",
"headers": {
"Connection": {
"headers": [
"close"
]
}
},
"html_tags": [
"<title>302 Found</title>"
],
"body_size": 154,
"body": "<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n",
"html_title": "302 Found",
"body_hash_sha256": "70c5f715dfb4f07671c29b36e542db2d27e9b17c24520eb00bcef73d2343370b",
"body_hash_sha1": "fc62410b186e210cb3e56b68dc79dbede8541aca",
"supported_versions": [
"HTTP/1.1"
]
},
"ip": "141.11.179.22"
}
],
"cert": {
"fingerprint_sha256": "649981865a3effb5ff7be7c842e336ea61f14f5696cc1bde9b068dd03cd6c29d",
"fingerprint_sha1": "731bceed54fa81fc066acd8324f47dd16be28757",
"fingerprint_md5": "93889cd7ede2507bd7621b13597c9722",
"tbs_fingerprint_sha256": "e8a9b9fed69a2f38099a629b258d2e00ef527c49f67585f3585158a1628c0406",
"tbs_no_ct_fingerprint_sha256": "f97bd4e2b2b18147fc5e3d2e2663aec33a7f09d18db5e86894fe4b3816b26911",
"spki_fingerprint_sha256": "0b3275c802ace0531a6e27793b9c605d96fc5289690c2fb82e6bc634a4e57eac",
"parent_spki_fingerprint_sha256": "95b148afc4c249d314067527813d43973574f8e11a905040c881510026ae74f9",
"parsed": {
"version": 3,
"serial_number": "328139396916805465544730781911864163898",
"issuer_dn": "C=US, O=Google Trust Services, CN=WR2",
"issuer": {
"common_name": [
"WR2"
],
"country": [
"US"
],
"organization": [
"Google Trust Services"
]
},
"subject_dn": "CN=dns.google",
"subject": {
"common_name": [
"dns.google"
]
},
"subject_key_info": {
"key_algorithm": {
"name": "RSA",
"oid": "1.2.840.113549.1.1.1"
},
"rsa": {
"exponent": 65537,
"modulus": "8f753a1d9a715147b659c6e1402d17ed774311933f0fd881688538b30e42fe09865a80870291d71eabdf51597e7917437bdbe6488ee3dab12433c8b5d09116eeb818154c35e88cb6d1544beab627410163338c3d9dddfeadfeae579e10d057d49527570a04a2259a0ff1a26c26b32a177bc65abf6e6d85f71e9a3d85117a178e1327d12ac25bbcdca6d3af7f0f2a3d7df6bb6ece2038c0aa38de86c1b238ccdf4cd10edee0e91f166a003646a732acceee596cda5b8b23d7bffd28a4d6ab29cee31c0c835d73e312508af09c03ff7657f343b8ec1e33b9fe3d9656fc99739003cf8af3ededfaeab9e99616b248831fa5778a49e3d5673ea97ebfc5a4a70de665",
"length": 2048
},
"fingerprint_sha256": "3bd98c803f00e4579529931b920f073a8ff3047cb3de0f65492a99fd32725c1c"
},
"validity_period": {
"not_before": "2025-07-07T08:35:58Z",
"not_after": "2025-09-29T08:35:57Z",
"length_seconds": 7257600
},
"signature": {
"signature_algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"value": "720fe29310663113889e890cb53bfc1e8d002c0113f7c863fbbf4120605dc7e5306b87e3a2af100211dd95d20121cf9400724e9b56879e25451e7751b969aae70d9a835d3264467577f78ac82d9af866220367f948ffe17a0a9fa4c6cc4df3bf567b23db400de87fcd5bb9e6db972479133d2a44057a9ea35e32b0b7a7dad816fae6854badded183b599c33280877b1b9b57e737d7360328656ee0ae73a3e8e66fcaa640f62e9cb89aa32780a2ddab062846d4002094029cada88c93883c67d6f4a2d59676812caa7af534863d8d5a6af0d2195da2096d1c8a27e612e5eacf488338222048deaa2b677db5a03ec2cf9364d5ed4f1e4643890b66425dbf43804b",
"valid": true
},
"extensions": {
"key_usage": {
"digital_signature": true,
"key_encipherment": true,
"value": 5
},
"basic_constraints": {},
"subject_alt_name": {
"dns_names": [
"dns.google",
"dns.google.com",
"*.dns.google.com",
"8888.google",
"dns64.dns.google"
],
"ip_addresses": [
"8.8.8.8",
"8.8.4.4",
"2001:4860:4860::8888",
"2001:4860:4860::8844",
"2001:4860:4860::6464",
"2001:4860:4860::64"
]
},
"crl_distribution_points": [
"http://c.pki.goog/wr2/oQ6nyr8F0m0.crl"
],
"authority_key_id": "de1b1eed7915d43e3724c321bbec34396d42b230",
"subject_key_id": "b8797f819971523812ef946505cb1cf95373c511",
"extended_key_usage": {
"server_auth": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
}
],
"authority_info_access": {
"ocsp_urls": [
"http://o.pki.goog/wr2"
],
"issuer_urls": [
"http://i.pki.goog/wr2.crt"
]
},
"signed_certificate_timestamps": [
{
"log_id": "ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db0",
"timestamp": "2025-07-07T09:36:02Z",
"signature": {
"hash_algorithm": "SHA256",
"signature_algorithm": "ECDSA",
"signature": "3045022062bc305a66494cbb3f335c93968d874854ba737187f098c5d303abfbe58000d9022100f5b691af7fcf21587c2039a534f89ac8fa6ccc36b9389e702d6c7154cb2b04b3"
}
},
{
"log_id": "dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a",
"timestamp": "2025-07-07T09:36:00Z",
"signature": {
"hash_algorithm": "SHA256",
"signature_algorithm": "ECDSA",
"signature": "304402200d4cd812a6975b0bc60bb5a14e68fbe8e1e24d3a7af3e9b29c79615eb747899a022057a2b46fcf53857b4a75155fe24c9395e8a0e702357549263231298632ce7b08"
}
}
]
},
"serial_number_hex": "f6dd595b0c2839cd0912a6e66311be3a"
},
"names": [
"*.dns.google.com",
"8.8.4.4",
"8.8.8.8",
"8888.google",
"dns.google",
"dns.google.com",
"dns64.dns.google"
],
"validation_level": "dv",
"validation": {
"chrome": {
"is_valid": true,
"ever_valid": true,
"has_trusted_path": true,
"had_trusted_path": true,
"chains": [
{
"sha256fp": [
"e6fe22bf45e4f0d3b85c59e02c0f495418e1eb8d3210f788d48cd5e1cb547cd4",
"d947432abde7b7fa90fc2e6b59101b1280e0e1c7e4e40fa3c6887fff57a7f4cf"
]
}
],
"parents": [
"e6fe22bf45e4f0d3b85c59e02c0f495418e1eb8d3210f788d48cd5e1cb547cd4"
],
"type": "leaf"
}
},
"revocation": {
"ocsp": {
"reason": "unspecified"
},
"crl": {
"reason": "unspecified"
}
},
"ct": {
"entries": {
"cloudflare_nimbus_2025": {
"index": 2447587047,
"added_to_ct_at": "2025-08-12T08:41:46Z",
"ct_to_censys_at": "2025-08-12T09:56:44Z"
}
}
},
"ever_seen_in_scan": true,
"added_at": "2025-07-20T19:37:19Z",
"modified_at": "2025-08-13T03:44:25Z",
"validated_at": "2025-08-13T03:44:25Z",
"parse_status": "success",
"zlint": {
"version": 3,
"timestamp": "2025-07-20T19:37:19Z",
"notices_present": true,
"failed_lints": [
"n_subject_common_name_included"
]
},
"spki_subject_fingerprint_sha256": "0b3275c802ace0531a6e27793b9c605d96fc5289690c2fb82e6bc634a4e57eac",
"parent_spki_subject_fingerprint_sha256": "95b148afc4c249d314067527813d43973574f8e11a905040c881510026ae74f9"
}
},
{
"protocol": "UNKNOWN",
"transport_protocol": "tcp",
"ip": "141.11.179.22",
"scan_time": "2025-08-12T06:50:24Z",
"representative_info": {
"reason": "protocol_port_count",
"sampled_port": 45347
},
"banner": "HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Tue, 12 Aug 2025 06:50:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 154\r\nConnection: close\r\nLocation: 444\r\n\r\n<html>\r\n<head><title>302 Found</title></head>\r\n<body>\r\n<center><h1>302 Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ubuntu)</center>\r\n</body>\r\n</html>\r\n",
"banner_hex": "485454502f312e3120333032204d6f7665642054656d706f726172696c790d0a5365727665723a206e67696e782f312e31382e3020285562756e7475290d0a446174653a205475652c2031322041756720323032352030363a35303a303720474d540d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203135340d0a436f6e6e656374696f6e3a20636c6f73650d0a4c6f636174696f6e3a203434340d0a0d0a3c68746d6c3e0d0a3c686561643e3c7469746c653e33303220466f756e643c2f7469746c653e3c2f686561643e0d0a3c626f64793e0d0a3c63656e7465723e3c68313e33303220466f756e643c2f68313e3c2f63656e7465723e0d0a3c68723e3c63656e7465723e6e67696e782f312e31382e3020285562756e7475293c2f63656e7465723e0d0a3c2f626f64793e0d0a3c2f68746d6c3e0d0a"
}
],
"service_count": 2,
"dns": {
"names": [
"11451426.xyz"
],
"forward_dns": {
"11451426.xyz": {
"resolve_time": "2025-08-12T23:38:32Z",
"name": "11451426.xyz",
"record_type": "a"
}
}
},
"labels": [
{
"confidence": 1,
"source": "censys",
"value": "IPV4",
"evidence": [
{
"data_path": "http.headers.key",
"found_value": "cf-ray",
"literal_match": "cf-ray",
"semver_expression": ">=0.6.18 && <1.20.1"
}
]
}
],
"operating_system": {
"vendor": "Red Hat",
"component_uniform_resource_identifiers": [],
"source": "OSI_TRANSPORT_LAYER",
"other": [],
"part": "o",
"product": "Enterprise Linux",
"cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*"
}
},
"extensions": {}
}
}ThreatQuotient provides the following default mapping for this action based on the information from .result.resource:
WHOIS Information
The following fields are added to the description for IP Address/IPv6 Address indicators if the WHOIS Information option is selected for the IP Address/IPv6 Address Description Contextparameter:
|
|
Services Information
The following fields are added to the description for IP Address/IPv6 Address indicators if the Services Information option is selected for the IP Address/IPv6 Address Description Contextparameter:
.services.port.services.protocol.services.transport_protocol.services.scan_time
| Feed Data Path | ThreatQ Entity | ThreatQ Object Type or Attribute Key | Published Date | Examples | Notes |
|---|---|---|---|---|---|
.dns.names[] |
Related Indicator.Value | FQDN | N/A | 11451426.xyz | If DNS Names enabled in IP Address/IPv6 Address Relationship Filter |
.services[].vulns[].id |
Related Indicator/Vulnerability.Value | CVE/Vulnerability | N/A | CVE-2025-1695 | If CVEs enabled in IP Address/IPv6 Address Relationship Filter. Ingested according to Ingest CVEs As |
.services[].services[].cert.fingerprint_sha256 |
Related Indicator.Value | SHA-256 | N/A | 649981865a3effb 5ff7be7c842e336 ea61f14f569... |
If Certificate SHA256 Fingerprint enabled in IP Address/IPv6 Address Relationship Filter. |
.services[].services[].cert.fingerprint_sha1 |
Related Indicator.Value | SHA-1 | N/A | 731bceed54fa81f c066acd8324f47d d16be28757 |
If Certificate SHA1 Fingerprint enabled in IP Address/IPv6 Address Relationship Filter. |
.services[].services[].cert.fingerprint_md5 |
Related Indicator.Value | MD5 | N/A | 93889cd7ede2507b d7621b13597c9722 |
If Certificate MD5 Fingerprint enabled in IP Address/IPv6 Address Relationship Filter. |
.services[].vulns[].severity |
Related Indicator/Vulnerability.Attribute | Severity | N/A | Medium | Title cased. Updatable |
.services[].vulns[].confidence |
Related Indicator/Vulnerability.Attribute | Confidence | N/A | 0.25 | Updatable |
.services[].vulns[].evidence[].found_value |
Related Indicator/Vulnerability.Attribute | CPE | N/A | cpe:2.3:a:f5:nginx:1.1 8.0:::::::* |
N/A |
.services[].vulns[].metrics[].epss.score |
Related Indicator/Vulnerability.Attribute | EPSS Score | N/A | 0.03 | Updatable |
.services[].vulns[].metrics[].epss.percentile |
Related Indicator/Vulnerability.Attribute | EPSS Percentile | N/A | 0.68 | Updatable |
.services[].vulns[].metrics[].cvss_v31.score |
Related Indicator/Vulnerability.Attribute | CVSSv31 Base Score | N/A | 5.3 | Updatable |
.services[].vulns[].metrics[].cvss_v31.vector |
Related Indicator/Vulnerability.Attribute | CVSSv31 Vector String | N/A | CVSS:3.1/AV:N/AC:L/PR: N/UI:N/S:U/C:N/I:N/A:L |
Updatable |
.services[].vulns[].metrics[].cvss_v31.components.attack_vector |
Related Indicator/Vulnerability.Attribute | CVSSv31 Attack Vector | N/A | network | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.attack_complexity |
Related Indicator/Vulnerability.Attribute | CVSSv31 Attack Complexity | N/A | low | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.privileges_required |
Related Indicator/Vulnerability.Attribute | CVSSv31 Privileges Required | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.user_interaction |
Related Indicator/Vulnerability.Attribute | CVSSv31 User Interaction | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.scope |
Related Indicator/Vulnerability.Attribute | CVSSv31 Scope | N/A | unchanged | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.confidentiality |
Related Indicator/Vulnerability.Attribute | CVSSv31 Confidentiality Impact | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.integrity |
Related Indicator/Vulnerability.Attribute | CVSSv31 Integrity Impact | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v31.components.availability |
Related Indicator/Vulnerability.Attribute | CVSSv31 Availability Impact | N/A | low | Updatable |
.services[].vulns[].metrics[].cvss_v40.score |
Related Indicator/Vulnerability.Attribute | CVSSv40 Base Score | N/A | 6.9 | Updatable |
.services[].vulns[].metrics[].cvss_v40.vector |
Related Indicator/Vulnerability.Attribute | CVSSv40 Vector String | N/A | CVSS:4.0/AV:N/AC:L/AT: N/PR:N/UI:N/VC:N/VI... |
Updatable |
.services[].vulns[].metrics[].cvss_v40.components.attack_vector |
Related Indicator/Vulnerability.Attribute | CVSSv40 Attack Vector | N/A | network | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.attack_complexity |
Related Indicator/Vulnerability.Attribute | CVSSv40 Attack Complexity | N/A | low | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.privileges_required |
Related Indicator/Vulnerability.Attribute | CVSSv40 Privileges Required | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.user_interaction |
Related Indicator/Vulnerability.Attribute | CVSSv40 User Interaction | N/A | none | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.confidentiality |
Related Indicator/Vulnerability.Attribute | CVSSv40 Confidentiality Impact | N/A | N/A | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.integrity |
Related Indicator/Vulnerability.Attribute | CVSSv40 Integrity Impact | N/A | N/A | Updatable |
.services[].vulns[].metrics[].cvss_v40.components.availability |
Related Indicator/Vulnerability.Attribute | CVSSv40 Availability Impact | N/A | N/A | Updatable |
.service_count |
Indicator.Attribute | Total Services | N/A | 2 | User-configurable |
.autonomous_system.country_code |
Indicator.Attribute | Network Country Code | N/A | CZ | User-configurable |
.autonomous_system.name |
Indicator.Attribute | AS Name | N/A | QUANTCOM-AS Quantcom a.s. | User-configurable |
.autonomous_system.bgp_prefix |
Indicator.Attribute | BGP Prefix | N/A | 141.11.179.0/24 | User-configurable |
.autonomous_system.asn |
Indicator.Attribute | ASN | N/A | 29208 | User-configurable |
.location.postal_code |
Indicator.Attribute | Postal Code | N/A | 110 00 | User-configurable |
.location.timezone |
Indicator.Attribute | Timezone | N/A | Europe/Prague | User-configurable |
.location.province |
Indicator.Attribute | Province | N/A | Prague | User-configurable |
.location.country_code |
Indicator.Attribute | Country Code | N/A | CZ | User-configurable |
.location.continent |
Indicator.Attribute | Continent | N/A | Europe | User-configurable |
.location.city |
Indicator.Attribute | City | N/A | Prague | User-configurable |
.location.country |
Indicator.Attribute | Country | N/A | Czech Republic | User-configurable |
.operating_system.vendor |
Indicator.Attribute | Vendor | N/A | Red Hat | User-configurable |
.operating_system.product |
Indicator.Attribute | Product | N/A | Enterprise Linux | User-configurable |
.operating_system.cpe |
Indicator.Attribute | CPE | N/A | cpe:2.3:o:redhat:enter prise_linux:7:::::::* |
User-configurable |
.operating_system.source |
Indicator.Attribute | Source | N/A | OSI_TRANSPORT_LAYER | User-configurable |
.labels[].value |
Indicator.Tag | N/A | N/A | IPV4 | If Ingest Censys Labels As Tags is enabled. |
FQDN
POST https://api.platform.censys.io/v3/search/query
Sample Body:
{
"query": "web.hostname=google.com"
}Sample Response:
{
"result": {
"hits": [
{
"webproperty_v1": {
"extensions": {},
"resource": {
"cert": {
"added_at": "2025-07-22T08:56:26Z",
"ct": {
"entries": {
"cloudflare_nimbus_2025": {
"added_to_ct_at": "2025-07-22T15:37:57Z",
"ct_to_censys_at": "2025-07-22T17:03:08Z",
"index": 2263845713
},
"comodo_sabre_2025_h2": {
"added_to_ct_at": "2025-07-22T15:39:02Z",
"ct_to_censys_at": "2025-07-22T17:24:45Z",
"index": 694719335
},
"google_argon_2025_h2": {
"added_to_ct_at": "2025-07-22T15:37:42Z",
"ct_to_censys_at": "2025-07-22T15:46:23Z",
"index": 1537466901
},
"google_xenon_2025_h2": {
"added_to_ct_at": "2025-07-22T15:37:43Z",
"ct_to_censys_at": "2025-07-22T15:47:05Z",
"index": 1576055525
},
"letsencrypt_ct_oak_2025_h2": {
"added_to_ct_at": "2025-07-22T15:37:48Z",
"ct_to_censys_at": "2025-07-22T15:43:18Z",
"index": 1188586774
},
"sectigo_elephant_2025_h2": {
"added_to_ct_at": "2025-07-22T15:37:46Z",
"ct_to_censys_at": "2025-07-22T15:43:24Z",
"index": 548246330
},
"sectigo_tiger_2025_h2": {
"added_to_ct_at": "2025-07-22T15:37:47Z",
"ct_to_censys_at": "2025-07-22T15:42:37Z",
"index": 604502824
},
"trustasia_log_2025_a": {
"added_to_ct_at": "2025-07-22T22:42:51Z",
"ct_to_censys_at": "2025-07-22T22:54:29Z",
"index": 140846173
},
"trustasia_log_2025_b": {
"added_to_ct_at": "2025-07-22T15:40:28Z",
"ct_to_censys_at": "2025-07-22T15:53:10Z",
"index": 133003481
}
}
},
"ever_seen_in_scan": true,
"fingerprint_md5": "1152f2dbf5ae019251079423c32b6303",
"fingerprint_sha1": "609f41d783685e64229d7c5e2d7bc9c507dac6d8",
"fingerprint_sha256": "15adbb67d8c139d97fbb381b80a486520cb5d9d1d3cbe80d26c9ecb4d75181fb",
"modified_at": "2025-08-09T19:55:36Z",
"names": [
"*.gkecnapps.cn",
"*.google-analytics-cn.com",
"*.google-analytics.com",
"*.google.ca",
"*.google.cl",
"*.google.co.in",
"*.google.co.jp"
],
"parent_spki_fingerprint_sha256": "f179aefaca72af5150ceec153c69a84f43b3912a11ed74fa21f0df945fb05037",
"parent_spki_subject_fingerprint_sha256": "f179aefaca72af5150ceec153c69a84f43b3912a11ed74fa21f0df945fb05037",
"parse_status": "success",
"parsed": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://i.pki.goog/we2.crt"
],
"ocsp_urls": [
"http://o.pki.goog/we2"
]
},
"authority_key_id": "75bec477ae89f644377dcfb1681f1d1aebdc3459",
"basic_constraints": {},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
}
],
"crl_distribution_points": [
"http://c.pki.goog/we2/Gt0Gl6QoGAU.crl"
],
"extended_key_usage": {
"server_auth": true
},
"key_usage": {
"digital_signature": true,
"value": 1
},
"signed_certificate_timestamps": [
{
"log_id": "12f14e34bd53724c840619c38f3f7a13f8e7b56287889c6d300584ebe586263a",
"signature": {
"hash_algorithm": "SHA256",
"signature": "3043022061b8bbe07b359a4fac05fcc50e2c214cbe61e9094d2796f9636ceccbb29c5af7021f385c995d97d782f4cec3b6d70b6e73c906c4b8d1ae5838351b7c996e45871b",
"signature_algorithm": "ECDSA"
},
"timestamp": "2025-07-07T09:34:17Z"
},
{
"log_id": "a442c506496061548f0fd4ea9cfb7a2d26454d87a97f2fdf4559f6274f3a8454",
"signature": {
"hash_algorithm": "SHA256",
"signature": "304502205cc985dc74744afbec7d5ce3a4d6958d5f07520b928ea1619165fdeddb3a4868022100b9458231652d4a22ce36922e67223c1ed104e9d587f1a26e1baabd0a441375d3",
"signature_algorithm": "ECDSA"
},
"timestamp": "2025-07-07T09:34:18Z"
}
],
"subject_alt_name": {
"dns_names": [
"*.gkecnapps.cn",
"*.google-analytics-cn.com",
"*.google-analytics.com",
"*.google.ca",
"*.google.cl",
"*.google.co.in",
"*.google.co.jp"
]
},
"subject_key_id": "edfd5dda3947d3e71b49bfb0c26b2f5115139e6f"
},
"issuer": {
"common_name": [
"WE2"
],
"country": [
"US"
],
"organization": [
"Google Trust Services"
]
},
"issuer_dn": "C=US, O=Google Trust Services, CN=WE2",
"serial_number": "275681765554378825529392251565661853316",
"serial_number_hex": "cf6660720ceb3df3124e3618e3219684",
"signature": {
"signature_algorithm": {
"name": "ECDSA-SHA256",
"oid": "1.2.840.10045.4.3.2"
},
"valid": true,
"value": "3046022100fe48f8de808b17ed4c7d0db587e3fba2b373ba8c35e6c6ac131687094b357bf9022100ea9cadd896639ed6f6e9ce4badeeee5217b668a6d2fc68402360135c4955c25c"
},
"subject": {
"common_name": [
"*.google.com"
]
},
"subject_dn": "CN=*.google.com",
"subject_key_info": {
"ecdsa": {
"b": "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
"curve": "P-256",
"gx": "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"gy": "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
"length": 256,
"n": "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
"p": "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
"pub": "04b5353f923af2e0daa8b3d08769b12b3db01270fd1410c22eb3717e69283c8a0719701ceea1cc02917507837d7f6d1e21fcd0f22b89ef57edf86b1209df8beb99",
"x": "b5353f923af2e0daa8b3d08769b12b3db01270fd1410c22eb3717e69283c8a07",
"y": "19701ceea1cc02917507837d7f6d1e21fcd0f22b89ef57edf86b1209df8beb99"
},
"fingerprint_sha256": "b7a6eea67668ef0ec8aaa7b35a16000443088c395f674bb95982698c0a0ccf10",
"key_algorithm": {
"name": "ECDSA",
"oid": "1.2.840.10045.2.1"
}
},
"validity_period": {
"length_seconds": 7257600,
"not_after": "2025-09-29T08:34:13Z",
"not_before": "2025-07-07T08:34:14Z"
},
"version": 3
},
"revocation": {
"crl": {
"reason": "unspecified"
},
"ocsp": {
"reason": "unspecified"
}
},
"spki_fingerprint_sha256": "79ba7ff91347c5ed56264f9cf1ac4b6dce73d3647f04dbc736152e0236f45c6b",
"spki_subject_fingerprint_sha256": "79ba7ff91347c5ed56264f9cf1ac4b6dce73d3647f04dbc736152e0236f45c6b",
"tbs_fingerprint_sha256": "7c84f78a5cc923c39d3d2eeb26d32eb29275c0b875e53984d9a18efaf4d6f587",
"tbs_no_ct_fingerprint_sha256": "430491c1566e7e83ccf1536e10400c245641e87253f9711a1fdccd060ae27a86",
"validated_at": "2025-08-13T02:49:20Z",
"validation": {
"apple": {
"chains": [
{
"sha256fp": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"76b27b80a58027dc3cf1da68dac17010ed93997d0b603e2fadbe85012493b5a7",
"ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99"
]
}
],
"ever_valid": true,
"had_trusted_path": true,
"has_trusted_path": true,
"is_valid": true,
"parents": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320"
],
"type": "leaf"
},
"chrome": {
"chains": [
{
"sha256fp": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d"
]
}
],
"ever_valid": true,
"had_trusted_path": true,
"has_trusted_path": true,
"is_valid": true,
"parents": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320"
],
"type": "leaf"
},
"microsoft": {
"chains": [
{
"sha256fp": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2"
]
},
{
"sha256fp": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"bec94911c2955676db6c0a550986d76e3ba005667c442c9762b4fbb773de228c"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"71cca5391f9e794b04802530b363e121da8a3043bb26662fea4dca7fc951a4bd"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"76b27b80a58027dc3cf1da68dac17010ed93997d0b603e2fadbe85012493b5a7",
"ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99"
]
}
],
"ever_valid": true,
"had_trusted_path": true,
"has_trusted_path": true,
"is_valid": true,
"parents": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320"
],
"type": "leaf"
},
"nss": {
"chains": [
{
"sha256fp": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"b085d70b964f191a73e4af0d54ae7a0e07aafdaf9b71dd0862138ab7325a24a2"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d"
]
},
{
"sha256fp": [
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"76b27b80a58027dc3cf1da68dac17010ed93997d0b603e2fadbe85012493b5a7",
"ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99"
]
}
],
"ever_valid": true,
"had_trusted_path": true,
"has_trusted_path": true,
"is_valid": true,
"parents": [
"54f8ca858bcc7591f28d8dc3772e9bc581717f3a23a288bfd405939c36208de5",
"9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320"
],
"type": "leaf"
}
},
"validation_level": "dv",
"zlint": {
"failed_lints": [
"n_subject_common_name_included"
],
"notices_present": true,
"timestamp": "2025-07-22T08:56:26Z",
"version": 3
}
},
"endpoints": [
{
"banner": "HTTP/1.1 301 Moved Permanently\r\nLocation: https://www.google.com/\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Q7mlycxpf2vijrr-zsR4eA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp\r\nDate: <REDACTED>\r\nExpires: Fri, 12 Sep 2025 10:05:03 GMT\r\nCache-Control: public, max-age=2592000\r\nServer: gws\r\nContent-Length: 220\r\nX-XSS-Protection: 0\r\nX-Frame-Options: SAMEORIGIN\r\nAlt-Svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n",
"banner_hash_sha256": "650c7a87ada07d596c7e7155852f72af6fda38a12bc5547e0efea363a17ccb95",
"endpoint_type": "HTTP",
"hostname": "google.com",
"http": {
"body": "<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved</TITLE></HEAD><BODY>\n<H1>301 Moved</H1>\nThe document has moved\n<A HREF=\"https://www.google.com/\">here</A>.\r\n</BODY></HTML>\r\n",
"body_hash_sha1": "b52854d1f79de5ebeebf0160447a09c7a8c2cde4",
"body_hash_sha256": "5b61b0c2032b4aa9519d65cc98c6416c12415e02c7fbbaa1be5121dc75162edb",
"body_size": 220,
"headers": {
"Alt-Svc": {
"headers": [
"h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000"
]
},
"Cache-Control": {
"headers": [
"public, max-age=2592000"
]
},
"Content-Length": {
"headers": [
"220"
]
},
"Content-Security-Policy-Report-Only": {
"headers": [
"object-src 'none';base-uri 'self';script-src 'nonce-Q7mlycxpf2vijrr-zsR4eA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp"
]
},
"Content-Type": {
"headers": [
"text/html; charset=UTF-8"
]
},
"Date": {
"headers": [
"<REDACTED>"
]
},
"Expires": {
"headers": [
"Fri, 12 Sep 2025 10:05:03 GMT"
]
},
"Location": {
"headers": [
"https://www.google.com/"
]
},
"Server": {
"headers": [
"gws"
]
},
"X-Frame-Options": {
"headers": [
"SAMEORIGIN"
]
},
"X-XSS-Protection": {
"headers": [
"0"
]
}
},
"html_tags": [
"<TITLE>301 Moved</TITLE>",
"<meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">"
],
"html_title": "301 Moved",
"protocol": "HTTP/1.1",
"status_code": 301,
"status_reason": "Moved Permanently",
"supported_versions": [
"HTTP/1.1",
"HTTP/2"
],
"uri": "https://google.com/"
},
"ip": "2404:6800:4005:825::200e",
"path": "/",
"port": 443,
"scan_time": "2025-08-13T10:05:02Z",
"transport_protocol": "tcp"
}
],
"hostname": "google.com",
"port": 443,
"scan_time": "2025-08-13T10:05:02Z",
"software": [
{
"confidence": 0.25,
"cpe": "cpe:2.3:a:google:google_web_services:*:*:*:*:*:*:*:*",
"evidence": [
{
"data_path": "http.headers.server"
}
],
"part": "a",
"product": "google_web_services",
"source": "recog",
"vendor": "google"
}
],
"tls": {
"cipher_selected": "TLS_CHACHA20_POLY1305_SHA256",
"fingerprint_sha256": "15adbb67d8c139d97fbb381b80a486520cb5d9d1d3cbe80d26c9ecb4d75181fb",
"presented_chain": [
{
"fingerprint_sha256": "9c3f2fd11c57d7c649ad5a0932c0f0d29756f6a0a1c74c43e1e89a62d64cd320",
"issuer_dn": "C=US, O=Google Trust Services LLC, CN=GTS Root R4",
"subject_dn": "C=US, O=Google Trust Services, CN=WE2"
},
{
"fingerprint_sha256": "76b27b80a58027dc3cf1da68dac17010ed93997d0b603e2fadbe85012493b5a7",
"issuer_dn": "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA",
"subject_dn": "C=US, O=Google Trust Services LLC, CN=GTS Root R4"
}
],
"version_selected": "tlsv1_3",
"versions": [
{
"version": "tlsv1_3"
},
{
"version": "tlsv1_2"
},
{
"version": "tlsv1_1"
},
{
"version": "tlsv1_0"
}
]
}
}
}
}
],
"next_page_token": "",
"previous_page_token": "",
"query_duration_millis": 63,
"total_hits": 2
}
}ThreatQuotient provides the following default mapping for this action based on the information from .result.hits[].webproperty_v1.resource:
| Feed Data Path | ThreatQ Entity | ThreatQ Object Type or Attribute Key | Published Date | Examples | Notes |
|---|---|---|---|---|---|
.port |
Indicator.Attribute | Port | N/A | 443 | User-configurable |
.software.cpe |
Indicator.Attribute | CPE | N/A | cpe:2.3:a:google: google_web_services:::::::: |
User-configurable |
.cert.parsed.subject_dn |
Indicator.Attribute | Subject DN | N/A | CN=*.google.com | User-configurable |
.cert.parsed.issuer_dn |
Indicator.Attribute | Issuer Distinguished Name | N/A | C=US, O=Google Trust Services, CN=WE2 | User-configurable |
.endpoints[].ip |
Related Indicator.Value | IP Address/IPv6 Address | N/A | 2404:6800:4005:825::200e | If IP Address enabled in FQDN Relationship Filter. Type determined based on format. |
.cert.fingerprint_sha256 |
Related Indicator.Value | SHA-256 | N/A | 15adbb67d8c139d97fbb38 1b80a486520cb5d9d1d3cb e80... |
If Fingerprint SHA-256 enabled in FQDN Relationship Filter |
.cert.fingerprint_sha1 |
Related Indicator.Value | SHA-1 | N/A | 609f41d783685e64229d7c 5e2d7bc9c507dac6d8 |
If Fingerprint SHA-1 enabled in FQDN Relationship Filter |
.cert.fingerprint_md5 |
Related Indicator.Value | MD5 | N/A | 1152f2dbf5ae0192510794 23c32b6303 |
If Fingerprint MD5 enabled in FQDN Relationship Filter |
SHA-256
GET https://api.platform.censys.io/v3/asset/certificate/9b00121b4e85d50667ded1a8aa39855771bdb67ceca6f18726b49374b41f0041
Sample Response:
{
"result": {
"resource": {
"fingerprint_sha256": "9b00121b4e85d50667ded1a8aa39855771bdb67ceca6f18726b49374b41f0041",
"fingerprint_sha1": "d508e7f8163fb67434f84091dc7c2ca8afd5234d",
"fingerprint_md5": "3818d99263b47ab28f7de5b293ee1418",
"tbs_fingerprint_sha256": "4b098b6bd9459340fb0f3cfb80f0bc3283370c455d57ca20da40e7eecce341d5",
"tbs_no_ct_fingerprint_sha256": "5c095a40e76c245323086d26d1fa428d3b443b42fb58c7dbb19b32dfe516b749",
"parsed": {
"version": 3,
"serial_number": "311703586789118042424998420179537559397550",
"issuer_dn": "C=US, O=Let's Encrypt, CN=R3",
"issuer": {
"common_name": [
"R3"
],
"country": [
"US"
],
"organization": [
"Let's Encrypt"
]
},
"subject_dn": "CN=www.kgcontracting.co",
"subject": {
"common_name": [
"www.kgcontracting.co"
]
},
"subject_key_info": {
"key_algorithm": {
"name": "RSA",
"oid": "1.2.840.113549.1.1.1"
},
"rsa": {
"exponent": 65537,
"modulus": "c0b3b7d595e250fcbc54c6f9e81113c12da29fe35350a02b8ab769a5e43f07df7ac8ff72c482b3e838d64e97cb3fa15e415acbcfe6758a4e7ac401b4a5294ecca6ad1b583ec2136a408524eeadca55ba4a8af490cb9c764efbdecbe59a4ca160905e5972548018f55194e7ac94b2153d97bd5f055d58ad3abe0d1daa3b3c97fed490f1bb58fc5c819618891d05c32d68aeaabada321736e417f0fa58d7093d352c1800191645d1b820f5f7c93301ab7ca78393e953b82719741b735a67ce6a63faec0ac9d2d917f03b9fc0a0ab8012f4763c50118663af897294e85ba6e11c5ca0fd749645c2a58ddf14ad62717b40b5e7b620d256be28789e1ebd62e8046acd",
"length": 2048
},
"fingerprint_sha256": "754cb1e2e2088214a5970662bb5a60aec8a2e29b94f53529aa608abee6682c60"
},
"validity_period": {
"not_before": "2022-12-31T11:37:55Z",
"not_after": "2023-03-31T11:37:54Z",
"length_seconds": 7776000
},
"signature": {
"signature_algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"value": "95347a7bd89da6a6bd9adcc509669d933b5e2a29b414317d72b02c583bfadbf616f5b6977824ee80484fe4ae0c38dbb1013d896b5a9db12fdc62296fbefbba84ed089a6e62c148cc9d1e60bfd9cf6e7d1c8f5e0f315872618a6805e5bf48432ce2d0aac07d4ab845a7f68c1a61c3dd37c0e40c26b386b1f37ff2fc50e6eacdc305ecd13da1c43bb1209cb13c5a6387cffb57fad81d01496b3c6499817ed1cf1a0ef809b6b408035b5de72423c6c7f84c3a9e9513c89fa8fc49bf6f90746561ebd1b4ea22e7557d3e505b5ecd289dbb8ce71c4d3acc2e67a27bbb12dd242c8fa512d19dc8b7bd6b88bcc6a6484bb39c894f7b756630a10525a9ab3359030aa2ad",
"valid": true
},
"extensions": {
"key_usage": {
"digital_signature": true,
"key_encipherment": true,
"value": 5
},
"basic_constraints": {},
"subject_alt_name": {
"dns_names": [
"kgcontracting.co",
"www.kgcontracting.co"
]
},
"authority_key_id": "142eb317b75856cbae500940e61faf9d8b14c2c6",
"subject_key_id": "a6a1b9ac9d0886b3b58f5faba9f42f741d9ef29d",
"extended_key_usage": {
"server_auth": true,
"client_auth": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
},
{
"id": "1.3.6.1.4.1.44947.1.1.1",
"cps": [
"http://cps.letsencrypt.org"
]
}
],
"authority_info_access": {
"ocsp_urls": [
"http://r3.o.lencr.org"
],
"issuer_urls": [
"http://r3.i.lencr.org/"
]
},
"signed_certificate_timestamps": [
{
"log_id": "b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb499",
"timestamp": "2022-12-31T12:37:55Z",
"signature": {
"hash_algorithm": "SHA256",
"signature_algorithm": "ECDSA",
"signature": "304402203e73c9d1e7f17087b077237c715039e1d5f36cd75635df44017767227354dd7d022017cfb6779130c48b496851d5aeb970c3b43e0fa1f31d6bc03f3338d7b8716947"
}
},
{
"log_id": "e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e",
"timestamp": "2022-12-31T12:37:55Z",
"signature": {
"hash_algorithm": "SHA256",
"signature_algorithm": "ECDSA",
"signature": "30450221009c728da43c9bf4700b6d73c3b3155b5473d629d5b8f06c7335894ce61fbf3af002202e677d64f8e7368e39769ba45812fa3d0a2e3cce761d8e898276392d592b5475"
}
}
]
},
"serial_number_hex": "039403b7283199171fd9c1af1c8210f5a4ae"
},
"names": [
"kgcontracting.co",
"www.kgcontracting.co"
],
"validation_level": "dv",
"validation": {
"nss": {
"ever_valid": true,
"had_trusted_path": true,
"chains": [
{
"sha256fp": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
},
{
"sha256fp": [
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
}
],
"parents": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"
],
"type": "leaf"
},
"microsoft": {
"ever_valid": true,
"had_trusted_path": true,
"chains": [
{
"sha256fp": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
},
{
"sha256fp": [
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
}
],
"parents": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"
],
"type": "leaf"
},
"apple": {
"ever_valid": true,
"had_trusted_path": true,
"chains": [
{
"sha256fp": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
},
{
"sha256fp": [
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
}
],
"parents": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"
],
"type": "leaf"
},
"chrome": {
"ever_valid": true,
"had_trusted_path": true,
"chains": [
{
"sha256fp": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
},
{
"sha256fp": [
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd",
"96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
]
}
],
"parents": [
"0ac730f6b3a98bab6aa97c9c4c71b34dd5599f4933630e6d24a26751bd12ebac",
"67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd"
],
"type": "leaf"
}
},
"ct": {
"entries": {
"google_argon_2023": {
"index": 521618614,
"added_to_ct_at": "2022-12-31T12:37:55Z",
"ct_to_censys_at": "2023-05-04T22:00:22Z"
},
"google_xenon_2023": {
"index": 593655844,
"added_to_ct_at": "2022-12-31T12:37:55Z",
"ct_to_censys_at": "2023-06-21T10:02:57Z"
}
}
},
"ever_seen_in_scan": true,
"added_at": "2023-01-06T12:46:27Z",
"modified_at": "2024-01-23T03:09:33Z",
"validated_at": "2023-09-09T13:26:03Z",
"parse_status": "success",
"zlint": {
"version": 3,
"timestamp": "2023-09-09T13:26:04Z",
"notices_present": true,
"failed_lints": [
"n_subject_common_name_included"
]
},
"spki_subject_fingerprint_sha256": "cc9b074ebf41b484a56923d5585594967bda7a7f8b5be187ef0e7ae1ec90003c",
"parent_spki_subject_fingerprint_sha256": "390bc358202771a65e7be7a87924d7f2a079de04feb5ffd4163fae4fbf9b11e9"
},
"extensions": {}
}
}ThreatQuotient provides the following default mapping for this action based on the information from .result.resource:
| Feed Data Path | ThreatQ Entity | ThreatQ Object Type or Attribute Key | Published Date | Examples | Notes |
|---|---|---|---|---|---|
| .fingerprint_sha1 | Related Indicator.Value | SHA-1 | .added_at | d508e7f8163fb 67434f84091dc 7c2ca8afd5234d |
User-configurable |
| .fingerprint_md5 | Related Indicator.Value | MD5 | .added_at | 3818d99263b47 ab28f7de5b293 ee1418 |
User-configurable |
| .tbs_fingerprint_sha256 | Related Indicator.Value | SHA-256 | .added_at | 4b098b6bd9459 340fb0f3cfb80f0 bc3283370c455 d57ca20da40e7 eecce341d5 |
User-configurable |
| .tbs_no_ct_fingerprint_ sha256 |
Related Indicator.Value | SHA-256 | .added_at | 5c095a40e76c245 323086d26d1fa42 8d3b443b42fb58c 7dbb19b32dfe516 b749 |
User-configurable |
| .spki_subject_fingerprint_ sha256 |
Related Indicator.Value | SHA-256 | .added_at | cc9b074ebf41b484 a56923d558559496 7bda7a7f8b5be187 ef0e7ae1ec90003c |
User-configurable |
| .parent_spki_subject_ fingerprint_sha256 |
Related Indicator.Value | SHA-256 | .added_at | 390bc358202771a65 e7be7a87924d7f2a07 9de04feb5ffd4163fae 4fbf9b11e9 |
User-configurable |
| .names | Related Indicator.Value | FQDN | .added_at | kgcontracting.co | User-configurable. If it is valid FQDN. |
| .parsed.issuer_dn | Indicator.Attribute | Issuer Distinguished Name | .added_at | C=US, O=Let's Encrypt, CN=R3 | User-configurable |
| .parsed.subject_dn | Indicator.Attribute | Subject DN | .added_at | CN=www.kgcontracting. co |
User-configurable |
| .parsed.serial_number | Indicator.Attribute | Serial Number | .added_at | 3117035867891180424 2499842017953755939 7550 |
User-configurable |
| .parsed.signature.self_ signed |
Indicator.Attribute | Self Signed | .added_at | N/A | User-configurable. Updatable |
| .parsed.signature.valid | Indicator.Attribute | Valid Signature | .added_at | True | User-configurable. Updatable |
| .parsed.signature.signature_ algorithm.name |
Indicator.Attribute | Signature Algorithm Name | .added_at | SHA256-RSA | User-configurable |
| .parsed.signature.signature_ algorithm.oid |
Indicator.Attribute | Signature Algorithm OID | .added_at | 1.2.840.113549.1.1.11 | User-configurable |
| .parsed.signature.value | Indicator.Attribute | Signature | .added_at | 95347a7bd89da6a6bd9 adcc509669d933b5e2a 29b414317d72b02c583 bfad... |
User-configurable |
| .parsed.extensions.subject_ alt_name.dns_names |
Indicator.Attribute | DNS Name | .added_at | kgcontracting.co | User-configurable |
| .validation.apple.had_ trusted_path |
Indicator.Attribute | Browser Trust Apple | .added_at | True | User-configurable. Updatable |
| .validation.microsoft.had_ trusted_path |
Indicator.Attribute | Browser Trust Microsoft | .added_at | True | User-configurable. Updatable |
| .validation.nss.had_ trusted_path |
Indicator.Attribute | Browser Trust Mozilla NSS | .added_at | True | User-configurable. Updatable |
| .validation.chrome.had_ trusted_path |
Indicator.Attribute | Browser Trust Chrome | .added_at | True | User-configurable. Updatable |
| .parsed.subject.common_ name |
Indicator.Attribute | Common Name | .added_at | www.kgcontracting.co | User-configurable |
| .parsed.subject_key_info. key_algorithm.name |
Indicator.Attribute | Key Type | .added_at | RSA | User-configurable |
| .parsed.subject_key_info. rsa.length |
Indicator.Attribute | Key Length | .added_at | 2048 | User-configurable |
| .parsed.subject_key_info. rsa.modulus |
Indicator.Attribute | Modulus | .added_at | c0b3b7d595e250fcbc54c6 f9e81113c12da29fe35350 a02b8ab769a5e43f07d... |
User-configurable |
| .parsed.extensions.key_ usage.key_encipherment |
Indicator.Attribute | Key Encipherment | .added_at | True | User-configurable. Updatable |
| .parsed.extensions.key_ usage.digital_signature |
Indicator.Attribute | Digital Signature | .added_at | True | User-configurable. Updatable |
| .parsed.extensions.extended_ key_usage.server_auth |
Indicator.Attribute | Server Auth | .added_at | True | User-configurable. Updatable |
| .parsed.extensions.extended_ key_usage.client_auth |
Indicator.Attribute | Client Auth | .added_at | True | User-configurable. Updatable |
| .parsed.extensions.basic_ constraints.is_ca |
Indicator.Attribute | Is Certificate Authority | .added_at | N/A | User-configurable. Updatable |
| .parsed.extensions.authority_ info_access.ocsp_urls |
Indicator.Attribute | AIA Paths OCSP | .added_at | http://r3.i.lencr.org/ | User-configurable |
| .parsed.extensions.authority_ info_access.issuer_urls |
Indicator.Attribute | AIA Paths Issuer | .added_at | http://r3.o.lencr.org | User-configurable |
| .parsed.validity_period. not_before |
Indicator.Attribute | Valid From | .added_at | 2022-12-31T11:37:55Z | User-configurable. Updatable |
| .parsed.validity_period. not_after |
Indicator.Attribute | Valid Until | .added_at | 2023-03-31T11:37:54Z | User-configurable. Updatable |
Enriched Data
Object counts and action runtime are supplied as generalities only - objects returned by a provider can differ based on credential configurations and action runtime may vary based on system resources and load.
| Metric | Result |
|---|---|
| Run Time | 3 minutes |
| Indicators | 200 |
| Indicator Attributes | 5,000 |
Change Log
- Version 1.1.0
- Updated the integration to use the Censys Platform API.
- Removed the following configuration parameters:
- Censys API ID
- Censys API Secret
- Include WHOIS Data in Description
- Added the following new configuration parameters:
- Censys Personal Access Token - enter your Censys Platform API Personal Access Token.
- Censys Organization ID - enter the Censys Organization ID.
- IP Address/IPv6 Address Description Context - select the pieces of enrichment context to ingest into the description of IP Addresses.
- FQDN Context Filter - select the pieces of enrichment context to ingest into ThreatQ for indicators of type FQDN.
- IP Address/IPv6 Address Relationship Filter - select the relationships to include in the context enrichment for each IP Address.
- Ingest CVEs As - select the entity type to ingest CVE IDs as in ThreatQ.
- Added
DNS Namesas an option for the Certificates Relationship Filter parameter. - Added
Subject DNas an option for the Certificates Context Filter parameter. - Removed the following options from the Certificates Context Filter parameter:
Certificate Transparency ArgonCertificate Transparency Argon DateCertificate Transparency XenonCertificate Transparency Xenon Date
- Version 1.0.0
- Initial release
PDF Guides
| Document | ThreatQ Version |
|---|---|
| Censys Action Guide v1.1.0 | 6.5.0 or Greater |
| Censys Action Guide v1.0.0 | 6.5.0 or Greater |