Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some information in this article relates to a prereleased product which can be substantially modified before commercial release. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This plugin allows Security Copilot users to enrich investigations using threat intelligence from the Censys Platform. Currently the following functionalities are supported:
- Generating and executing Censys queries using natural language
- Searching the Censys Global Index
- Aggregating search results by specific fields
- Retrieving detailed information about IP addresses
- Looking up certificate information by SHA256 hash
- Getting web property information by domain and port
Prerequisites
- Access to a Censys Platform account
- A Personal Access Token (PAT) from Censys
- Your Censys Organization ID
Note
This article contains information about non-Microsoft plugins. This guidance is provided to help complete integration scenarios. However, Microsoft doesn't provide troubleshooting support for non-Microsoft plugins. Contact the vendor for support.
Know before you begin
Integration with Security Copilot works with a combination of a Personal Access Token (PAT) and Organization ID. You need to take the following steps before using the plugin.
Authentication Setup
Sign in to your Censys Account.
Navigate to the Personal Access Tokens tab and select Create New Token.
Give your token a descriptive name (for example, "Security Copilot Token") and select Create.
Locate your Organization ID from the Censys Platform URL (appears as
?org=ORG_ID).Combine your PAT and Organization ID with a colon separator:
PAT:ORG_ID
Plugin Configuration
- When you're asked to set up authentication, enter the combined PAT and Organization ID in the following format:
PAT:ORG_ID
- Select Save to complete setup.
Available Skills
The Censys Plugin for Microsoft Security Copilot exposes the following skills:
- Query Generation
- Creating Censys queries from natural language
- Converting user intent into CenQL syntax
- Global Index Search
- Executing queries against the Censys database
- Retrieving and formatting search results
- Data Aggregation
- Aggregating results by specified fields
- Generating statistical summaries
- Asset Information
- IP address lookups
- Certificate information retrieval
- Web property analysis
With the Censys plugin for Microsoft Security Copilot, you can invoke interactions with Censys in the context of a natural conversation. Here's an example:
- A user can ask about specific IP addresses or domains of interest
- The user can then use follow-up prompts such as "What other assets are associated with this IP?"
- The user can further investigate by asking for aggregated data about similar assets or certificates
Example Prompts
| Skill | Prompt |
|---|---|
| Generate Query | Generate a Censys query to find all the nginx servers |
| Search Global Index | Query Censys for host.location.country: "Netherlands" |
| Aggregate Results | What are the top 10 ASNs in the world? |
| IP Lookup | What does Censys know about IP 1.1.1.1? |
| Multiple IP Lookup | Get information about 1.1.1.1 and 2.2.2.2 |
| Certificate Lookup | Get the certificate 14e641e9f3eb7cf4bdf6b0bc364bd8529feafdb78904c45a49ce25d7daecc824 |
| Web Property Lookup | Get the web property google.com:443 |
| Multiple Properties | Look up google.com:443 and censys.io:443 |
Microsoft Security Copilot maintains context between queries, allowing for natural conversation flows. For example, after looking up an IP address, you can ask follow-up questions about related certificates or web properties without needing to specify the IP again.
Troubleshoot the Censys plugin
Errors occur
If you encounter errors, such as Couldn't complete your request, or An unknown error occurred, check:
- Ensure the plugin is turned on
- Verify your PAT and Organization ID are correctly formatted
- Check that your PAT hasn't expired
- Confirm you have sufficient API credits in your Censys account
- If issues persist, sign out of Security Copilot and sign back in
Prompts aren't invoking the correct capabilities
If prompts aren't invoking the correct capabilities, or prompts are invoking some other capability set:
- Ensure you're using supported prompt formats
- Try using direct skill invocation with "/"
- Check if other plugins might be intercepting similar queries
Provide feedback
To provide feedback, contact the Censys team.