ceven

Securitytrails

Pulls domain intelligence and IP data into your security workflows to map attack surfaces and track DNS changes in real time.

Try Securitytrails in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Securitytrails integration

    • Describe the outcome and Ceven picks the right Securitytrails calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Securitytrails data, across all 12 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Securitytrails access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Securitytrails, when, and on whose behalf.
    • The agent pauses and asks when Securitytrails is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Securitytrails.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Securitytrails action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Securitytrails, and when to use it.

Bulk Static Asset Rules
Use this when you need to add or remove up to 1000 static asset rules for a project in a single batch operation.
Get Company Associated IPs
Pull all IP addresses linked to a specific company domain to map the organizational network footprint.
Get Domain
Retrieve current data and DNS record statistics for a specific hostname to assess its current configuration.
Get Domain SSL
Fetch current and historical SSL certificate details for a hostname to track certificate rotation or expiration.
IP Search Statistics
Pull summary metrics and statistics for a specific IP DSL query to understand the size of a result set.
List ASI Projects
Pull a list of all available Attack Surface Management projects to find the required project IDs.
Ping
Test the current API key and connectivity to ensure the connection to SecurityTrails is active.
Scroll Results
Fetch the next batch of data from a DSL search using a scroll id from a previous request.
Search IPs
Search for IP addresses using custom DSL queries to filter for specific network characteristics.
SQL API Execute Query
Run a custom SQL query across the Hosts and IPs datasets for complex data retrieval.
SQL API Scroll Results
Retrieve the next page of results for a large SQL query using the provided scroll id.
Get Usage
Pull current API usage statistics to monitor remaining credits for the billing period.
Temp Scrape Securitytrails Usage
Temporary action for scraping Securitytrails usage from documentation.

13 actions · scroll to see them all

Frequently asked questions

Ceven uses the scroll mechanism provided by the SecurityTrails API to handle large datasets. When a DSL search or SQL query returns more results than can fit in a single response, the API provides a scroll id. The Ceven agent automatically captures this id and makes subsequent calls to the scroll results endpoint until every record is retrieved. This prevents timeouts and ensures that your security reports include the full dataset rather than just the first page. You can monitor the progress of these large fetches within the workflow logs to see how many batches the agent has processed.
Yes. You can build a workflow that periodically calls the Get Domain and Get Company Associated IPs endpoints. By comparing the current list of subdomains and IPs against a known asset list stored in your database, Ceven can identify new or unauthorized infrastructure. When a discrepancy is found, the agent can trigger a notification in Slack or create a ticket in Jira. This creates a continuous loop of discovery and verification that removes the need for manual quarterly audits of your external attack surface.
The SQL API is powerful but subject to specific constraints regarding query complexity and execution time. SecurityTrails may reject queries that are too resource intensive or lack proper filtering. A common quirk is that certain high volume datasets require a paid tier with specific permissions to access via SQL. If a query fails due to a timeout or permission error, the Ceven agent will report the exact API error code. We recommend starting with narrow filters and using the IP Search Statistics tool to estimate result sizes before running massive joins.
Ceven does not store a permanent copy of the SecurityTrails database. Instead, it pulls the data into the temporary context of your active workflow. If you want to maintain a historical record of DNS changes over time, you should configure your workflow to push the results from the Get Domain SSL or DNS endpoints into your own data warehouse or a security information and event management system. This allows you to build your own long term trend analysis while using SecurityTrails as the real time source of truth.
The agent uses the Get Domain SSL endpoint to retrieve the certificate chain and validity dates. You can set up a scheduled trigger in Ceven to check your critical domains every twenty four hours. The agent parses the expiration date and calculates the days remaining. If the date is within a specific threshold, such as thirty days, the agent can automatically notify the infrastructure team. Because it pulls historical SSL data, it can also detect if a certificate was unexpectedly replaced or issued by a different authority.
Ceven can retrieve WHOIS and ownership data through the various domain and IP lookup tools. By using the Search IPs and Get Domain tools, the agent can pivot from an IP to a domain and then to the registered owner information. This is particularly useful for threat intelligence where you need to attribute a series of attacks to a specific organization. The agent can aggregate this data from multiple lookups and present a summarized ownership report including the registered organization and country.
When the SecurityTrails API returns a rate limit or credit exhaustion error, Ceven will pause the workflow and mark the action as failed. The agent provides a clear error message indicating that the credit limit was hit. To prevent this, you can use the Get Usage tool within a pre check step in your workflow. The agent can check your remaining credits first and only proceed with the heavy data pulls if you have enough balance, or it can alert you when your credits drop below a certain percentage.
Yes, using the Bulk Static Asset Rules tool. You can feed a list of assets from another tool, such as a cloud inventory list from AWS or Azure, into a Ceven workflow. The agent then formats these assets into the required structure and pushes them to SecurityTrails in batches of up to 1000. This ensures that your Attack Surface Management project stays in sync with your actual cloud deployments without requiring manual entry in the SecurityTrails dashboard.

Alternatives to Securitytrails

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

WhoisXMLApi logoWhoisXMLApiShodan logoShodanCensys logoCensys

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Securitytrails and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free