Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

ThreatConnect and Shodan: Enrich threat data to enhance decision making

Posted

By ThreatConnect

ThreatConnect and Shodan have partnered to deliver the Shodan Playbook App. This app allows you to retrieve multiple types of enrichment information for IOCs. Additionally,  it allows you to craft custom Shodan searches to retrieve result sets based on factors such as software versions being run, services running, open ports, and more. You can even use it to monitor your own potentially open and vulnerable infrastructure, among numerous other possible use cases. We’re excited to see what you use it for!

When put into production, the Shodan Playbook App will allow you to:

  • Aggregate available enrichment and analysis from various outside sources into one location- the ThreatConnect Platform. You will have a more holistic understanding of potential threats to make the most informed decision as part of your analytic, investigative, and remediation actions.
  • Utilize information from Shodan to aid and corroborate intelligence analysis or validate the accuracy and severity of security alerts.
  • Corroborate or dispute the output from other tools and services to perform an all-source assessment. Because operations feed intelligence in a continuous loop, your Security Operations Center (SOC) and Incident Response (IR) teams can leverage the work from the Threat Intelligence team during the course of their investigations.
  • Monitor for potential instances of your enterprise’s infrastructure appearing in the Shodan data set via vulnerable software, rogue services, etc. allowing direct and immediate value to be derived.

The following actions are available with this Playbook App:

  • DNS Lookup
  • Reverse DNS Lookup
  • Search Shodan
  • Get Enrichment
  • Parse Results

Together, ThreatConnect and Shodan help you to enrich Threat data so that you can make informed decisions and proactively monitor your own infrastructure.

If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the Shodan Playbook App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at sales@threatconnect.com.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.

Subscribe
to our Emails