components:
schemas:
Activemq:
additionalProperties: false
properties:
cache_enabled:
type: boolean
cache_size:
format: int32
type: integer
max_frame_size:
format: int64
type: integer
max_inactivity_duration:
format: int64
type: integer
max_inactivity_duration_initial_delay:
format: int32
type: integer
platform_details:
type: string
provider_name:
type: string
provider_version:
type: string
size_prefix_disabled:
type: boolean
stack_trace_enabled:
type: boolean
tcp_no_delay_enabled:
type: boolean
tight_encoding_enabled:
type: boolean
type: object
ActorInfo:
additionalProperties: false
properties:
email:
description: The email of the entity that performed the action.
type: string
id:
description: The ID of the entity that performed the action. This will depend on the type of entity, as it could either be a Censys user ID or an ASM workspace ID.
type: string
type:
description: The type of entity that performed the action.
enum:
- unknown
- user
- system
- customer_support
- asm_workspace
type: string
required:
- type
type: object
AlternativeQuery:
additionalProperties: false
properties:
query:
description: An alternative query that may be used.
type: string
targets:
description: The types of Platform data records (host, cert, and web) that can be targeted by the alternative query.
items:
enum:
- host
- web
- cert
- unknown
type: string
type:
- array
- "null"
required:
- query
- targets
type: object
Amqp:
additionalProperties: false
properties:
explicit_tls:
description: Connected via a TLS connection after initial handshake
type: boolean
implicit_tls:
description: Connected via a TLS wrapped connection (AMQPS)
type: boolean
protocol_id:
$ref: "#/components/schemas/Amqp_Protocol"
version:
$ref: "#/components/schemas/Amqp_Version"
type: object
Amqp_Protocol:
additionalProperties: false
properties:
id:
format: int32
minimum: 0
type: integer
name:
type: string
type: object
Amqp_Version:
additionalProperties: false
properties:
major:
format: int32
minimum: 0
type: integer
minor:
format: int32
minimum: 0
type: integer
revision:
format: int32
minimum: 0
type: integer
type: object
AnalyticsCapabilities:
additionalProperties: false
properties:
analytics_module_support:
type: boolean
cell_based_scene_description_supported:
type: boolean
rule_options_supported:
type: boolean
rule_support:
type: boolean
type: object
AnermaCfForth:
additionalProperties: false
properties:
ip:
type: string
product:
type: string
serial_number:
type: string
unit_name:
type: string
version:
type: string
type: object
AnyConnect:
additionalProperties: false
properties:
aggregate_auth_version:
description: Version number indicated by the response for config-auth exchange
format: int32
type: integer
auth_methods:
description: Supported methods for users to enter credentials for this VPN
items:
type: string
type:
- array
- "null"
groups:
description: List of groups a user can authenticate with to use this VPN
items:
type: string
type:
- array
- "null"
raw:
description: XML content of the config-auth response
type: string
response_type:
description: Type of the response packet received after initializing the config-auth exchange
type: string
type: object
AssetCertificateListInputBody:
additionalProperties: false
properties:
certificate_ids:
description: A list of SHA-256 certificate fingerprints.
examples:
- 3daf2843a77b6f4e6af43cd9b6f6746053b8c928e056e8a724808db8905a94cf
items:
type: string
maxItems: 1000
minItems: 1
type:
- array
- "null"
required:
- certificate_ids
type: object
AssetHostListInputBody:
additionalProperties: false
properties:
at_time:
description: RFC3339 Timestamp to view all requested hosts at a specific point in time. Must be a valid RFC3339 string. Ensure that you suffix the date with T00:00:00Z or a specific time.
examples:
- "2025-01-01T00:00:00Z"
format: date-time
type: string
host_ids:
description: A list of host IP addresses.
examples:
- 8.8.8.8
items:
type: string
maxItems: 100
minItems: 1
type:
- array
- "null"
required:
- host_ids
type: object
AssetWebpropertyListInputBody:
additionalProperties: false
properties:
at_time:
description: RFC3339 Timestamp to view all requested webproperties at a specific point in time. Must be a valid RFC3339 string. Ensure that you suffix the date with T00:00:00Z or a specific time
examples:
- "2025-01-01T00:00:00Z"
format: date-time
type: string
webproperty_ids:
description: A list of web property identifiers.
examples:
- platform.censys.io:80
items:
type: string
maxItems: 100
minItems: 1
type:
- array
- "null"
required:
- webproperty_ids
type: object
AsteriskManagerInterface:
additionalProperties: false
properties:
version:
type: string
type: object
Attribute:
additionalProperties: false
properties:
components:
items:
$ref: "#/components/schemas/CPE"
type:
- array
- "null"
confidence:
format: double
type: number
cpe:
type: string
edition:
type: string
evidence:
items:
$ref: "#/components/schemas/Evidence"
type:
- array
- "null"
life_cycle:
$ref: "#/components/schemas/CPE_LifeCycle"
part:
type: string
product:
type: string
source:
enum:
- ""
- censys
- recog
- wappalyzer
- third_party
- html_meta_extractor
type: string
type:
items:
type: string
type:
- array
- "null"
update:
type: string
vendor:
type: string
version:
type: string
type: object
AuditLogEvent:
additionalProperties: false
properties:
actor:
$ref: "#/components/schemas/ActorInfo"
description: Information about the entity that performed the action.
authentication_method:
description: The method used by the actor to authenticate before performing the action.
type: string
event_type:
description: The type of action that was audited.
enum:
- user_created
- user_login
- user_login_failed
- user_password_changed
- user_password_reset
- user_mfa_changed
- user_settings_changed
- user_enabled
- user_disabled
- invitation_created
- invitation_resent
- invitation_accepted
- invitation_deleted
- membership_created
- membership_updated
- membership_removed
- org_created
- org_updated
- org_deleted
- saml_config_created
- saml_config_updated
- saml_config_deleted
- saml_config_domain_verified
- pat_created
- pat_deleted
- global_data_search_executed
- global_data_lookup_executed
- global_data_aggregation_executed
- asm_seed_created
- asm_seed_deleted
- asm_exclude_created
- asm_exclude_deleted
- asm_risk_instance_severity_changed
- asm_risk_instance_accepted
- asm_risk_instance_unaccepted
- asm_risk_type_severity_changed
- asm_risk_type_enabled
- asm_risk_type_disabled
- asm_risk_type_default_enabled
- tag_created
- tag_updated
- tag_deleted
- tag_assigned
- tag_unassigned
- tag_bulk_operation_started
- tag_bulk_operation_completed
- tag_bulk_operation_cancelled
- comment_created
- comment_updated
- comment_deleted
type: string
metadata:
additionalProperties: {}
description: Event-specific metadata. Contents vary by event type.
type: object
source:
description: Where the audited action originated from.
type: string
source_ip:
description: The IP address of the source of the audited action.
type: string
subject:
$ref: "#/components/schemas/SubjectInfo"
description: Information about the resource that was affected by the audited action.
timestamp:
description: The timestamp of the audit log event.
format: date-time
type: string
user_agent:
description: The user agent of the source of the audited action.
type: string
required:
- timestamp
- event_type
- actor
- subject
type: object
AuditLogEventsResponse:
additionalProperties: false
properties:
events:
description: The page of audit log events for the requested filters and pagination parameters.
items:
$ref: "#/components/schemas/AuditLogEvent"
type:
- array
- "null"
pagination:
$ref: "#/components/schemas/PaginationInfo"
description: Pagination information for listing more events.
total_results:
format: int64
type: integer
required:
- events
- pagination
- total_results
type: object
Auth:
additionalProperties: false
properties:
enabled:
type: boolean
type: object
AuthenticationError:
additionalProperties: false
properties:
error:
$ref: "#/components/schemas/AuthenticationErrorDetail"
description: Detailed information about the authentication error
type: object
AuthenticationErrorDetail:
additionalProperties: false
properties:
code:
description: HTTP status code
examples:
- 401
format: int64
type: integer
message:
description: Human-readable message describing the error occurrence
examples:
- Access credentials are invalid
type: string
reason:
description: Human-readable explanation of the underlying cause of the error
examples:
- Access token is not active
type: string
request:
type: string
status:
description: HTTP status message associated with the error
examples:
- Unauthorized
type: string
type: object
AuthorityInfoAccess:
additionalProperties: false
properties:
issuer_urls:
items:
type: string
type:
- array
- "null"
ocsp_urls:
items:
type: string
type:
- array
- "null"
type: object
AutoReplenishConfig:
additionalProperties: false
properties:
amount:
description: The amount of credits to replenish when auto-replenish is triggered.
format: int64
type: integer
enabled:
description: Whether the organization has auto-replenish enabled.
type: boolean
threshold:
description: The threshold at which the organization's credit balance will be auto-replenished.
format: int64
type: integer
required:
- enabled
type: object
AutonomousSystem:
additionalProperties: false
properties:
asn:
description: The ASN (autonomous system number) of the host's autonomous system.
format: int32
minimum: 0
type: integer
bgp_prefix:
description: The autonomous system's CIDR.
type: string
country_code:
description: The autonomous system's two-letter ISO 3166-1 alpha-2 country code (US, CN, GB, RU, ...).
type: string
description:
description: Brief description of the autonomous system.
type: string
name:
description: The friendly name of the autonomous system.
type: string
organization:
description: The name of the organization managning the autonomous system.
type: string
type: object
Bacnet:
additionalProperties: false
properties:
application_software_revision:
type: string
description:
type: string
firmware_revision:
type: string
instance_number:
format: int32
minimum: 0
type: integer
location:
type: string
model_name:
type: string
object_name:
type: string
vendor_id:
format: int32
minimum: 0
type: integer
vendor_name:
type: string
type: object
BasicConstraints:
additionalProperties: false
properties:
is_ca:
description: Whether the certificate is permitted to sign other certificates.
type: boolean
max_path_len:
description: When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.
format: int32
type: integer
type: object
CPE:
additionalProperties: false
properties:
cpe:
type: string
edition:
type: string
life_cycle:
$ref: "#/components/schemas/CPE_LifeCycle"
part:
type: string
product:
type: string
update:
type: string
vendor:
type: string
version:
type: string
type: object
CPE_LifeCycle:
additionalProperties: false
properties:
end_of_life:
type: boolean
end_of_life_date:
type: string
release_date:
type: string
type: object
CVSS:
additionalProperties: false
properties:
components:
$ref: "#/components/schemas/CVSS_Components"
description: These metrics contribute to how a CVE is scored.
score:
description: Score of the vulnerability; 0.1 is the lowest, 10 is the maximum
format: double
type: number
vector:
description: The path, method, or scenario used to exploit the vulnerability. Each section represents components that contribute to the overall CVSS score.
type: string
type: object
CVSS_Components:
additionalProperties: false
properties:
attack_complexity:
description: "Indicates conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: Low (L) – There are no specific pre-conditions required for exploitation, High (H) – The attacker must complete some number of preparatory steps in order to get access."
enum:
- ""
- low
- high
type: string
attack_vector:
description: "Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) – Vulnerabilities with this rating are remotely exploitable, from one or more hops away, up to, and including, remote exploitation over the Internet, Adjacent (A) – A vulnerability with this rating requires network adjacency for exploitation. The attack must be launched from the same physical or logical network, Local (L) – Vulnerabilities with this rating are not exploitable over a network, Physical (P) – An attacker must physically interact with the target system."
enum:
- ""
- network
- adjacent
- local
- physical
type: string
availability:
description: "If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) – There is no loss of availability, Low (L) – Availability might be intermittently limited, or performance might be negatively impacted, as a result of a successful attack, High (H) – There is a complete loss of availability of the impacted system or information."
enum:
- ""
- none
- low
- high
type: string
confidentiality:
description: "Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three potential values: High (H) – The attacker has full access to all resources in the impacted system, including highly sensitive information such as encryption keys, Low (L) – The attacker has partial access to information, with no control over what, specifically, they are able to access, None (N) – No data is accessible to unauthorized users as a result of the exploit."
enum:
- ""
- none
- low
- high
type: string
integrity:
description: "Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has been maintained. Integrity has three values: None (N) – There is no loss of the integrity of any information, Low (L) – A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system, High (H) – The attacker can modify any/all information on the target system, resulting in a complete loss of integrity."
enum:
- ""
- none
- low
- high
type: string
privileges_required:
description: "Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) – There is no privilege or special access required to conduct the attack, Low (L) – The attacker requires basic, “user” level privileges to leverage the exploit, High (H) – Administrative or similar access privileges are required for successful attack."
enum:
- ""
- none
- low
- high
type: string
scope:
description: "Determines whether a vulnerability in one system or component can impact another system or component. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a scope change occurs. Scope has two possible ratings: Changed (C) – An exploited vulnerability can have a carry over impact on another system, Unchanged (U) – The exploited vulnerability is limited in damage to only the local security authority."
enum:
- ""
- unchanged
- changed
type: string
user_interaction:
description: "Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) – No user interaction is required, Required (R) – A user must complete some steps for the exploit to succeed. For example, a user might be required to install some software."
enum:
- ""
- none
- required
type: string
type: object
CVSSv4:
additionalProperties: false
properties:
components:
$ref: "#/components/schemas/CVSSv4_Components"
description: These metrics contribute to how a CVE is scored.
score:
description: Score of the vulnerability; 0.1 is the lowest, 10 is the maximum
format: double
type: number
vector:
description: The path, method, or scenario used to exploit the vulnerability. Each section represents components that contribute to the overall CVSS score.
type: string
type: object
CVSSv4_Components:
additionalProperties: false
properties:
attack_complexity:
description: "Indicates conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: Low (L) – There are no specific pre-conditions required for exploitation, High (H) – The attacker must complete some number of preparatory steps in order to get access."
enum:
- ""
- low
- high
type: string
attack_requirements:
enum:
- ""
- none
- present
type: string
attack_vector:
description: "Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) – Vulnerabilities with this rating are remotely exploitable, from one or more hops away, up to, and including, remote exploitation over the Internet, Adjacent (A) – A vulnerability with this rating requires network adjacency for exploitation. The attack must be launched from the same physical or logical network, Local (L) – Vulnerabilities with this rating are not exploitable over a network, Physical (P) – An attacker must physically interact with the target system."
enum:
- ""
- network
- adjacent
- local
- physical
type: string
automatable:
enum:
- ""
- "no"
- "yes"
type: string
availability:
description: "If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) – There is no loss of availability, Low (L) – Availability might be intermittently limited, or performance might be negatively impacted, as a result of a successful attack, High (H) – There is a complete loss of availability of the impacted system or information."
enum:
- ""
- none
- low
- high
type: string
confidentiality:
description: "Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three potential values: High (H) – The attacker has full access to all resources in the impacted system, including highly sensitive information such as encryption keys, Low (L) – The attacker has partial access to information, with no control over what, specifically, they are able to access, None (N) – No data is accessible to unauthorized users as a result of the exploit."
enum:
- ""
- none
- low
- high
type: string
integrity:
description: "Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has been maintained. Integrity has three values: None (N) – There is no loss of the integrity of any information, Low (L) – A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system, High (H) – The attacker can modify any/all information on the target system, resulting in a complete loss of integrity."
enum:
- ""
- none
- low
- high
type: string
privileges_required:
description: "Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) – There is no privilege or special access required to conduct the attack, Low (L) – The attacker requires basic, “user” level privileges to leverage the exploit, High (H) – Administrative or similar access privileges are required for successful attack."
enum:
- ""
- none
- low
- high
type: string
provider_urgency:
enum:
- ""
- clear
- green
- amber
- red
type: string
recovery:
enum:
- ""
- automatic
- user
- irrecoverable
type: string
safety:
enum:
- ""
- negligible
- present
type: string
user_interaction:
description: "Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) – No user interaction is required, Required (R) – A user must complete some steps for the exploit to succeed. For example, a user might be required to install some software."
enum:
- ""
- none
- required
type: string
value_density:
enum:
- ""
- diffuse
- concentrated
type: string
vulnerability_response_effort:
enum:
- ""
- low
- moderate
- high
type: string
type: object
CWE:
additionalProperties: false
properties:
entry:
description: A unique identifier associated with a class of a software or hardware weakness.
type: string
type: object
CabfOrganizationId:
additionalProperties: false
properties:
country:
type: string
reference:
type: string
scheme:
type: string
state:
type: string
type: object
Capabilities:
additionalProperties: false
properties:
analytics:
$ref: "#/components/schemas/AnalyticsCapabilities"
device:
$ref: "#/components/schemas/DeviceCapabilities"
device_io:
$ref: "#/components/schemas/DeviceIOCapabilities"
events:
$ref: "#/components/schemas/EventsCapabilities"
image:
$ref: "#/components/schemas/ImageCapabilities"
media:
$ref: "#/components/schemas/MediaCapabilities"
pan_tilt_zoom:
$ref: "#/components/schemas/PanTiltZoomCapabilities"
recording:
$ref: "#/components/schemas/RecordingCapabilities"
replay:
$ref: "#/components/schemas/ReplayCapabilities"
search:
$ref: "#/components/schemas/SearchCapabilities"
type: object
CenseyeJob:
additionalProperties: false
properties:
at_time:
description: The point-in-time the asset data was evaluated at.
format: date-time
type: string
create_time:
description: When the job was created.
format: date-time
type: string
delete_time:
description: When the job and results will be deleted.
format: date-time
type: string
error:
description: Error message if the job failed.
type: string
job_id:
description: Unique identifier of the job.
examples:
- 550e8400-e29b-41d4-a716-446655440000
type: string
result_count:
description: Total number of result field-value pairs.
examples:
- 42
format: int32
minimum: 0
type: integer
state:
description: Current state of the job.
enum:
- started
- completed
- failed
- unknown
examples:
- completed
type: string
target:
$ref: "#/components/schemas/CenseyeTarget"
description: The asset that was analyzed.
update_time:
description: When the job was last updated.
format: date-time
type: string
required:
- job_id
- target
- state
type: object
CenseyeJobsListResponse:
additionalProperties: false
properties:
jobs:
description: List of CensEye jobs.
items:
$ref: "#/components/schemas/CenseyeJob"
type:
- array
- "null"
next_page_token:
description: Token to retrieve the next page of jobs.
type: string
required:
- jobs
type: object
CenseyeResult:
additionalProperties: false
properties:
count:
description: Number of matching documents for this field-value combination.
format: double
type: number
field_value_pairs:
description: The field-value pairs that were counted.
items:
$ref: "#/components/schemas/FieldValuePair"
type:
- array
- "null"
required:
- count
- field_value_pairs
type: object
CenseyeResultsResponse:
additionalProperties: false
properties:
next_page_token:
description: Token to retrieve the next page of results.
type: string
results:
description: List of count results.
items:
$ref: "#/components/schemas/CenseyeResult"
type:
- array
- "null"
required:
- results
type: object
CenseyeTarget:
additionalProperties: false
properties:
certificate_id:
description: SHA-256 fingerprint of the certificate to analyze.
examples:
- 3daf2843a77b6f4e6af43cd9b6f6746053b8c928e056e8a724808db8905a94cf
type: string
host_id:
description: IP address of the host to analyze.
examples:
- 8.8.8.8
type
# --- truncated at 32 KB (732 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/openapi/censys-platform-openapi.yml