feat(censys): Add certificate discovery for domain enrichment

[aleitao]

Summary

Enhances the Censys enrichment connector to discover X.509 certificates associated with domain observables, providing more comprehensive threat intelligence for infrastructure mapping and certificate transparency monitoring.

Proposed changes

• Add fetch_certs_by_domain() method to Client class for searching certificates that reference a domain in their names
• Add generate_octi_objects_from_domain_certs() method to Converter class for creating STIX certificate objects and relationships
• Update domain enrichment logic in Connector to combine both host discovery and certificate discovery
• Enhance README documentation with detailed behavior section explaining the certificate discovery feature

Motivation

Currently, when enriching a domain observable, the connector only discovers hosts with that domain in their DNS records. However, Censys also provides certificate transparency data that can reveal additional
infrastructure and patterns. This PR adds certificate discovery to provide:

• Certificate transparency monitoring: Track certificates issued for specific domains
• Infrastructure mapping: Discover shared certificates across threat actor infrastructure
• Phishing detection: Identify domains using similar certificates
• Threat hunting: Find related infrastructure through certificate patterns

Technical Implementation

The implementation follows the existing connector architecture:

1. Client layer: New fetch_certs_by_domain() method uses the Censys platform SDK to search for certificates with cert.names = 'domain' query
2. Converter layer: New generate_octi_objects_from_domain_certs() method reuses existing _generate_certificate() helper to create X509Certificate STIX objects with RELATED_TO relationships to the
   domain
3. Connector layer: Domain enrichment now yields both host objects and certificate objects using a generator pattern

Related issues

• Addresses gap in domain enrichment capabilities
• Complements existing host discovery with certificate transparency data

Checklist

• I consider the submitted work as finished
• I have signed my commits using GPG key
• I tested the code for its functionality using different use cases
• I added/updated the relevant documentation (README)
• Where necessary I refactored code to improve the overall quality

Further comments

Backward Compatibility: This change is fully backward compatible. It adds additional enrichment data for domains but does not modify existing functionality. All other observable types (IPs, certificates)
remain unchanged.

API Impact: Certificate discovery adds one additional Censys API call per domain enrichment. Users should be aware of their Censys API rate limits, which is now documented in the README.

Testing: The implementation is designed to handle:

• Domains with multiple certificates (generator yields all matches)
• Domains with no certificates (empty generator, no objects created)
• Domains with wildcard certificates (treated as regular certificates)
• Proper STIX relationship creation (uses existing _generate_certificate() and Relationship patterns)

Code Quality: The implementation follows existing patterns in the codebase:

• Includes comprehensive docstrings
• Follows the generator pattern used throughout the connector
• Reuses existing helper methods where possible

[mariot]

This is great! Thanks a lot. Could you sign your commits so we can merge this?

You can use pre-commit to fix the linter issues.

Thanks again

[aleitao]

This is great! Thanks a lot. Could you sign your commits so we can merge this?

You can use pre-commit to fix the linter issues.

Thanks again

Thank you for the quick comment.
I have run the pre-commit to fix the linter issues and signed the commit and force pushed the changes.