Censys Solution: New Related Infrastructure Playbook Enhances Threat Pivot Capabilities

What Changed

The Censys solution adds a new CensysRelatedInfrastructure playbook and enhanced workbook visualization for related infrastructure analysis. The playbook integrates with Censys Pivot Analysis API to automatically discover and analyze connected infrastructure based on IOC values.

New Playbook: CensysRelatedInfrastructure

This playbook accepts IOC values (hosts, certificates, or web properties) and IOC type as input, creates a pivot analysis job through the Censys API, monitors job completion, and ingests the results into a custom Log Analytics table (CensysRelatedInfrastructure_CL) for analysis.

Key features:

• Automated pivot analysis job creation and monitoring
• Support for hosts, certificates, and web properties as IOC types
• Integration with Azure Key Vault for secure API token storage
• Custom table ingestion for workbook visualization
• Leverages Censys CensEye threat hunting capabilities

Workbook Enhancements

The existing Censys workbook receives new visualization capabilities to display related infrastructure data collected by the playbook. The workbook now includes dashboard components for analyzing pivot analysis results and related asset details.

Custom Table Schema

The playbook creates data in the CensysRelatedInfrastructure_CL table with fields including:

• censys_url_s: Direct link to Censys platform results
• count_d: Number of related assets discovered
• fields_s and values_s: Pivot analysis field mappings and values
• ioc_s: Original IOC value used for the pivot

Deployment Requirements

• Censys API token stored in Azure Key Vault as ‘Censys-Access-Token’
• Censys Organization ID from platform account settings
• Log Analytics Workspace configured for Microsoft Sentinel
• Managed identity permissions for Key Vault access

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/CensysRelatedAssetsDetails_CL.json
.script/tests/KqlvalidationsTests/CustomTables/CensysRelatedInfrastructure_CL.json
Sample Data/Custom/CensysRelatedAssetsDetails_CL.csv
Sample Data/Custom/CensysRelatedInfrastructure_CL.csv
Solutions/Censys/Playbooks/CensysAddIncidentComment/azuredeploy.json
Solutions/Censys/Playbooks/CensysAlertEnrichment/azuredeploy.json
Solutions/Censys/Playbooks/CensysAlertRescan/azuredeploy.json
Solutions/Censys/Playbooks/CensysEntityEnrichmentCertificate/azuredeploy.json
Solutions/Censys/Playbooks/CensysEntityEnrichmentHost/azuredeploy.json
Solutions/Censys/Playbooks/CensysEntityEnrichmentWebProperty/azuredeploy.json
Solutions/Censys/Playbooks/CensysHostHistory/azuredeploy.json
Solutions/Censys/Playbooks/CensysIOCLookup/azuredeploy.json
Solutions/Censys/Playbooks/CensysIncidentEnrichment/azuredeploy.json
Solutions/Censys/Playbooks/CensysRelatedInfrastructure/CensysRelatedInfrastructure.png
Solutions/Censys/Playbooks/CensysRelatedInfrastructure/README.md
Solutions/Censys/Playbooks/CensysRelatedInfrastructure/azuredeploy.json
Solutions/Censys/Playbooks/CensysRescan/azuredeploy.json
Solutions/Censys/Workbooks/Censys.json
Workbooks/Images/Preview/CensysBlack6.png
Workbooks/Images/Preview/CensysWhite6.png
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_Censys.json, createUiDefinition.json, mainTemplate.json)