Censys Threat Hunting

Censys Threat Hunting is a platform that enables security teams to proactively detect, analyze, and track adversary infrastructure before attacks are launched. The solution provides comprehensive Internet visibility through the Censys Internet Map, allowing threat hunters to identify malicious assets and investigate threats. The platform includes the Censys Threats Dataset, which offers curated threat intelligence on command and control infrastructure used by over 155 malware families. This dataset provides context on threat actor tactics, techniques, and procedures using fingerprints based on known malware deployments, URL endpoints associated with malware operations, and custom scanners for red team tools. CensEye automates threat hunting by identifying and correlating malicious infrastructure through detection of hosts and web properties with similar characteristics. The platform supports advanced pivoting capabilities across hosts, certificates, and historical data, enabling hunters to track evolving threats and surface related indicators. On-demand scanning capabilities allow instant validation of infrastructure and deep discovery of previously undetected services or configurations. Certificate and host history data enables exploration of historical relationships to build weaponization timelines and uncover tactics, techniques, and procedures. Interactive exploration dashboards provide visibility into threat infrastructure trends and anomalies. The platform supports contextual hashes including TLSH, JARM, JA3, and JA4+ for configuration-based analysis and comprehensive views of adversary operations.