Platform Integrations
You can incorporate Censys Platform data and functionality with the integrations listed below.
Enterprise customers leveraging Censys Legacy Search APIs can continue to utilize previously developed Legacy Search integrations until September 2026.
A list of Attack Surface Management integrations is available here.
Additionally, the Censys Platform offers REST APIs that allow you to develop integration workflows for nearly any security platform.
Censys-owned integrations
The following integrations are maintained by the Censys team.
| Integration | Description |
|---|---|
| Google SecOps | Use this integration to enrich IPs, domains, and certificates with Censys data manually or programmatically. You can also use the integration to retrieve host history, execute rescans, and initiate CensEye automated pivot jobs to find assets related to a target host, web property, or certificate. |
| Microsoft Sentinel | Use playbooks to enrich alerts and incidents with Censys internet data. Users can also manually retrieve information about IPs, domains, and certificates from Censys datasets. You can also use the integration to retrieve host history, execute rescans, and initiate CensEye automated pivot jobs to find assets related to a target host, web property, or certificate. |
| Palo Alto Cortex XSOAR/XSIAM | This integration adds commands to enrich IPs and certificates in Cortex with Censys Platform data. It also adds commands to initiate a Censys rescan of a host or web property, retrieve event history for an IP address, and run a search across Censys data. Additionally, it includes a playbook for enriching IPs, domains, and certificates and a dashboard that shows all Censys actions executed using the app. |
| Splunk Platform | The Censys for Splunk Platform integration adds the ability to automatically or manually enrich IPs, web properties, and certificates in Splunk with Censys Platform data. It also adds actions to initiate a Censys scan of a host or web property, retrieve event history for an IP address, and initiate CensEye automated pivot jobs to find assets related to a target host, web property, or certificate. |
| Splunk SOAR | The Censys for Splunk SOAR integration adds investigative actions that leverage Censys Platform data to Splunk. You can use these actions in playbooks or run them when examining events to enrich your incident response workflows. You can also use the integration to retrieve host history, execute rescans, and initiate CensEye automated pivot jobs to find assets related to a target host, web property, or certificate. |
| Collection webhooks | Collection webhooks provide you with the ability to receive trigger-based updates when new assets are added to or removed from your collection. Webhooks deliver Censys data to various applications, enabling you to monitor events and take action as needed. |
Vendor-developed integrations
Vendor-developed integrations are developed by our technology partners and are not maintained by the Censys team.
| Integration | Description |
|---|---|
| CyWare Censys v3 | The Censys v3 app helps security teams gain visibility into internet-exposed assets using trusted global scan data. It provides structured insights into hosts, certificates, and web properties to support exposure management and threat investigation. |
| OpenCTI Censys Enrichment | The Censys Enrichment connector allows OpenCTI to enrich observables (such as domains, IP addresses, and certificates) using data from the Censys search and intelligence platform. It retrieves detailed information on hosts, certificates, services, and organizations to enhance context and visibility within investigations. Learn more in the documentation. |
| The Vertex Project Censys-Synapse | The Vertex Project's Censys-Synapse tool adds new Storm commands to allow you to query the Censys API using your existing API key. |
| ThreatConnect Censys Playbook App | Use this Playbook App to retrieve multiple types of enrichment information for IOCs. Additionally, you can build custom Censys searches to retrieve result sets based on factors such as software versions being run, services running, open ports, and more. You can also use it to monitor your own potentially open and vulnerable infrastructure, among numerous other possible use cases. |
| ThreatQuotient Censys Operation and Censys Action | ThreatQuotient has two Censys Platform integrations.
|