With this integration, users have the ability to enrich indicators via Shodan to make more informed decisions and send infrastructure indicators to Shodan to help determine if there is a security concern that needs to be addressed. The Playbook automates:
- The querying of Shodan for information and context about an indicator.
- The parsing of relevant information from the Shodan response.
- The saving of relevant enrichment information inside ThreatConnect.
- Displaying of the results to the user for real-time feedback.
The follow actions are available:
- DNS Lookup
- Reverse DNS Lookup
- Search Shodan
- Get Enrichment
- Parse Results
This listing can be found in the ThreatConnect App Catalog under the name Shodan.