Details
Content
Dependencies
Version History

The Censys integration adds the ability to enrich IPs, web properties, and certificates in Palo Alto XSOAR and XSIAM with Censys Platform data. It also adds actions to initiate a Censys rescan of a host or web property and retrieve event history for an IP address. Additionally, users can find related infrastructure to a host, certificate, or web property.

Note: Support for this Pack was moved to Partner starting April 14, 2026. In case of any issues, please contact the Partner directly at support@censys.com or https://docs.censys.com.

Product/Integration Overview

The Censys Platform furnishes real-time intelligence, enabling security teams to reliably detect threats with greater speed, prioritize risks with confidence, and expedite investigations. Through continuous monitoring of the global internet, Censys identifies exposed assets, adversary infrastructure, and security vulnerabilities that conventional tools frequently overlook.

Leveraging industry-leading data accuracy, advanced analytics, and robust search functionalities, Censys mitigates informational clutter, thereby reducing false positives and inefficient effort while simultaneously offering profound visibility into external risks. Security professionals are empowered to track infrastructure modifications, monitor evolving threats, and execute faster, data-driven decisions to safeguard their organizations.

This Integration facilitates the automatic enrichment of data within Palo Alto with information from our Censys Platform, benefiting threat hunters, incident responders, and threat analysts.

What does this pack do?

The commands in this pack help you retrieve the most accurate and fresh data from Censys Platform helping you navigate Incident Response work faster.
They also help automate repetitive tasks associated with:

Retrieve information about the host using its IP address.
Retrieve certificate information using its SHA-256 fingerprint.
Retrieve web property information using a hostname and port combination.
Run a Platform search query.
Retrieve the event history for a host.
Initiate a live rescan for a known host service at a specific IP and port or a hostname and port.
Use the related infrastructure command to discover and map suspicious or malicious internet-facing assets that share parsed Censys data key-value pairs.

To fully leverage the capabilities of this integration, customers need a Censys Adversary Investigation module license, which facilitates the searching of related infrastructure and provides access to the comprehensive dataset.

Dashboard

Censys SOAR Dashboard: This dashboard displays the total number of times the Censys playbook and Censys commands have been executed, including breakdown by execution type.

Playbooks

Indicator Enrichment - Censys: This playbook enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Note: Support for this Pack was moved to Partner starting April 14, 2026. In case of any issues, please contact the Partner directly at support@censys.com or https://docs.censys.com.

Product/Integration Overview

This Integration facilitates the automatic enrichment of data within Palo Alto with information from our Censys Platform, benefiting threat hunters, incident responders, and threat analysts.

What does this pack do?

Retrieve information about the host using its IP address.
Retrieve certificate information using its SHA-256 fingerprint.
Retrieve web property information using a hostname and port combination.
Run a Platform search query.
Retrieve the event history for a host.
Initiate a live rescan for a known host service at a specific IP and port or a hostname and port.
Use the related infrastructure command to discover and map suspicious or malicious internet-facing assets that share parsed Censys data key-value pairs.

Dashboard

Censys SOAR Dashboard: This dashboard displays the total number of times the Censys playbook and Censys commands have been executed, including breakdown by execution type.

Playbooks

Indicator Enrichment - Censys: This playbook enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Dashboards

Name	Description
Censys SOAR Dashboard

Integrations

Name	Description
Censys v2 (Partner Contribution)	Built on the industry’s most comprehensive Internet Map, the Censys Platform delivers unmatched visibility into global internet assets, adversary infrastructure, and evolving threats.
Censys (Deprecated) (Partner Contribution)	Deprecated. Use Censys v2 instead. Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the internet. Driven by internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

Playbooks

Name	Description
Indicator Enrichment - Censys	This playbook enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Integrations

Name	Description
Censys (Deprecated) (Partner Contribution)	Deprecated. Use Censys v2 instead. Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the internet. Driven by internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Censys v2 (Partner Contribution)	Built on the industry’s most comprehensive Internet Map, the Censys Platform delivers unmatched visibility into global internet assets, adversary infrastructure, and evolving threats.

Playbooks

Name	Description
Indicator Enrichment - Censys	This playbook enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (5)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR

3.1.0 - 9008008 (May 14, 2026)

Dashboards

Censys SOAR Dashboard

New: Added a new dashboard- Censys SOAR Dashboard that displays the total number of times the Censys playbook and Censys commands have been executed, including breakdown by execution type.

Integrations

Censys v2

New: Added the cen-related-infrastructure-list command to initiate a CensEye (Related Infrastructure) pivot analysis job for a Host, Web Property, or SHA256 Certificate.
New: Added the cen-host-history-list command to retrieve the event history for a host (IP address).
New: Added the cen-rescan command to initiate a live rescan for a known host service at a specific IP and port (ip:port) or hostname and port (hostname:port).
Added the port argument to the domain command.
Updated the ip, domain, and cen-search commands to improve Human Readable output and context data.
Updated the Docker image to: demisto/python3:3.12.13.8428455.

Playbooks

Indicator Enrichment - Censys

New: Added a new playbook- Indicator Enrichment - Censys that enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Related pull requests:
- 44290
- 44006

Download

3.0.1 - 8429843 (April 23, 2026)

Censys

This content pack is now supported by Censys.

Related pull requests:
- 43938
- 43859

Download

3.0.0 - 7695964 (March 16, 2026)

Integrations

Censys v2

Updated the integration to use Censys API V3.
Deleted the App ID parameter.
Added support for the Organization ID parameter.
Added support for the API Token parameter that accepts a Personal Access Token (PAT) from the Censys platform.
Updated the cen-search command to exclude the page argument.
Updated the Docker image to: demisto/python3:3.12.13.7444307.

Related pull requests:
- 42713

Download

2.0.34 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.33 - 4096037 (July 8, 2025)

Integrations

Censys v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

3.1.0 - 9008008 (May 14, 2026)

Integrations

Censys v2

New: Added the cen-related-infrastructure-list command to initiate a CensEye (Related Infrastructure) pivot analysis job for a Host, Web Property, or SHA256 Certificate.
New: Added the cen-host-history-list command to retrieve the event history for a host (IP address).
New: Added the cen-rescan command to initiate a live rescan for a known host service at a specific IP and port (ip:port) or hostname and port (hostname:port).
Added the port argument to the domain command.
Updated the ip, domain, and cen-search commands to improve Human Readable output and context data.
Updated the Docker image to: demisto/python3:3.12.13.8428455.

Playbooks

Indicator Enrichment - Censys

New: Added a new playbook- Indicator Enrichment - Censys that enriches the IP addresses, domains, and SHA256 file hashes indicators with Censys threat intelligence data.

Related pull requests:
- 44290
- 44006

Download

3.0.1 - 8429843 (April 23, 2026)

Censys

This content pack is now supported by Censys.

Related pull requests:
- 43938
- 43859

Download

3.0.0 - 7695964 (March 16, 2026)

Integrations

Censys v2

Updated the integration to use Censys API V3.
Deleted the App ID parameter.
Added support for the Organization ID parameter.
Added support for the API Token parameter that accepts a Personal Access Token (PAT) from the Censys platform.
Updated the cen-search command to exclude the page argument.
Updated the Docker image to: demisto/python3:3.12.13.7444307.

Related pull requests:
- 42713

Download

2.0.34 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.33 - 4096037 (July 8, 2025)

Integrations

Censys v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	November 9, 2020
Last Release	May 14, 2026

Threat Intelligence Management

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.