Welcome back to another installment of Unleash the Power of Censys Search, the blog series that helps Censys Search users make the most of their Search experience!
If you’ve been with us throughout this series, you may have read our previous posts about writing queries and using historical data, as well as our most recent post on matched services.
In today’s post, we’re talking all about collaboration, and how to do more of it in Censys Search.
As They Say, Collaboration Is Key
We know that the work users are doing in Censys Search can require the effort of multiple practitioners and sometimes even full teams. Responding to security events and investigating threats often demands extensive exploration, pivoting, and analysis, and in turn, results in multiple work streams.
It also requires keeping track of a lot of moving parts. When teams spot something anomalous in their investigation, they need a way to categorize it, let other team members know about it, and easily return to it later on. Teams can’t afford time wasted due to disorganization or duplicated effort.
That’s why in Censys Search, teams can work better together using two important features: tags and comments.
Collaborating with Tags and Comments
Tags and comments give users a powerful ability to organize their work and collaborate with team members. Tags and comments make it possible for multiple users to organize, quickly return to, and share notes about hosts and certificates without leaving the Censys Search platform. In this way, teams can build on shared insights as they work together and save valuable time in the process.
Tags and comments are available to users with a paid package. These include our recently launched self-service packages: Censys Search Solo and Censys Search Teams.
How Tags Work, and Why You Should Use Them
Tags are custom markers that empower teams to quickly categorize and filter data. Tags make it easier to return back to the things you found interesting in Censys Search.
You can think of tags as virtual Post-it notes. When you come across a host or certificate in Censys Search that you want to earmark, you can add your own custom tag to the host or certificate page. The tag you create can display whatever text you’d like – you won’t be restricted to a preset list of categories. This opens the door to a whole new level of customization and personalization within Censys Search.
4 Advantages of Using Tags
- Quickly return to hosts and certificates of interest. Accelerate your work with the ability to jump right back to the hosts or certificates that caught your attention. Avoid time spent retracing steps or searching through results pages.
- Improve how you document and organize your work. Build a digital trail that captures which hosts or certificates are pertinent to your work. Benefit from the ability to quickly pull up hosts or certificates with specific tags any time you’re working in Search.
- Spot patterns, trends, and anomalies. Use tags to identify commonalities among hosts and certificates to more efficiently gain insights.
- Accelerate information sharing. Easily highlight relevant hosts and certificates to your teammates and signal how they relate to your work.
Tags in Practice
Let’s say you’ve come across a handful of host pages displaying unusual banners, and you’re not sure how to make sense of them. However, you think that one of your teammates might have a better idea of how to interpret. Rather than take a screenshot or pull links to share outside of Censys Search (only for your teammate to pop back into Search), you can simply mark those hosts with a tag like “Suspicious Banners” and your teammate will be able to pull hosts with that tag from their own instance of Search.
View of the “Add Tag” feature on a Censys Search host page
You can create a tag by navigating to the top right corner of a host or certificate page and clicking the “Add Tag” button. A display box will pop up, in which you can enter your tag name. Once you click “Add Tag,” your tag will appear on the host or certificate page any time you return to it.
Again, tags are completely customizable! Create the tags that make the most sense for what you’re doing and how your team talks about its work. Whenever possible, enrich your tag name with additional context about a host or certificate. Something as simple as “Suspicious C2 Server,” can be highly effective.
The Add Tag box can also show you tags that have been previously created by your team, so you can work from existing tags and follow a shared tagging structure if you choose. (And no need to worry, nobody outside of your organization can see your tags.)
Next, let’s talk about how to use the comments features to level up your collaboration.
How Comments Work, and Why You Should Use Them
Comments further extend the functionality of tags by allowing team members to annotate specific hosts or certificates with insights, context, or follow-up actions. In doing so, teams can create their own shared knowledge base directly within the Censys Search platform. I
This collaborative approach ensures that all team members have access to the same information. Comments are a great option when you have more to say about a finding than what could be conveyed through a custom tag.
3 Advantages of Using Comments
- Reduce redundancy and miscommunication. Use comments as a source of record to communicate to other team members that a host or certificate was already investigated, and to share what was learned.
- Increase information sharing. Promote more knowledge exchange using a feature that keeps documentation and conversation right within the Search tool.
- Identify next steps. Use the comments feature to make note of needed next steps in your investigation, or things you’d like to revisit. For example: “We should look further into the history of this certificate and compare it to a similar certificate we observed here.” (Users can include links.)
Comments in Practice
Perhaps you’ve come across a certificate with a number of unusual attributes that peak your interest. You’ve also observed some strange activity when you looked back at this certificate’s history. You think what you’re seeing could be relevant to your team’s ongoing investigation into a potential threat, and so you want to capture a few different notes about this certificate. You’ve already applied a tag that lets your team know this certificate is relevant to your current threat investigation, but now you can use the comment box to expand on your additional insights.
In this hypothetical example, you might decide to bullet out:
1) The unusual attributes, and why you think they’re unusual
2) The activity that stood out to you when looking at certificate history
3) What additional information might be needed, or what you plan to do next
4) A link to another certificate with similar attributes, or an external link to an article about a similar potential threat
There are lots of ways to tailor your approach to comments!
How to Leave a Comment
Comments can be found at the very bottom of a host or certificate page. There, you’ll see a box with a prompt to enter text. You and your team have the ability to type as much or as little as you’d like. You can include links and images for additional context in your write-up, too.
A view of the Comments feature in Censys Search
As with tags, only those within your organization can view comments left on certificates or hosts – no need to worry about outside viewers.
Achieving More, Together
The more security teams communicate, the more accurate, agile, and effective their work can be. Censys Search tags and comments are simple, yet impactful ways to optimize how cybersecurity teams work together. Even practitioners working independently on investigations can benefit from the documentation and organization that tags and comments facilitate.
Start using Censys Search tags and comments today!
Need access to tags and comments? Learn more about our plans and pricing.
A Reminder to Our Community Users
We recently shared that we will be making some changes to our Censys Search Community version. Namely, we will be discontinuing API access beyond 60 days. This will apply to both new Community Users and current Community Users. This means that Community Users who created their Censys Search Community accounts on or before December 6, 2023 – the date our self-service packages were launched – will no longer have API access after February 5, 2024.
Any Community User who created a Community account after December 6, 2023 will have API access for 60 days after their specific date of enrollment.
You can read more about this update in our recent blog.
As always, we appreciate your understanding and cooperation as we strive to maintain a high standard of service!
To learn more about how to upgrade your account, please visit our pricing page.
Upgrade My Access