Enricher - Shodan#

=================

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Enricher name

Shodan

Input

Asn, city, company, country, country-code, domain, email, geo-lat, geo-long, hashes (hash-md5, hash-sha1, hash-sha256, and hash-sha512), host, IP addresses (ipv4 and ipv6), organization, person, port, postcode, and uri.

Output

Enriches supported observable types with the following information, when available: country name, city name, ZIP code, longitude, latitude, organization name, host name, IP address, open ports and services related to input IP addresses.

API endpoint

https://api.shodan.io/shodan

Description

The Shodan enricher uses input data such as country and city names, organization and personal names, ZIP codes, email addresses, and so on to return a list of matching IP addresses corresponding to your Internet-connected devices, along with location and user details.

Requirements#

Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.

Configure the enricher parameters#

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://api.shodan.io/.

  4. In the API key field, enter the Shodan Enter the API key to access the intelligence provider API and to consume the available services through their API endpoints.

  5. To store your changes, click Save; to discard them, click Cancel.

Additional information#

Polling the Shodan API through the Shodan enricher may consume Shodan credits.

Searching Shodan via the API uses query credits when:

  • The search query uses a search filter.

  • The retrieved search query results span beyond page one, and you request page 2 or beyond.

The Shodan enricher uses pagination. Therefore, if it requests results extending to page 2 or beyond, it consumes query credits.

For further details see Shodan Credits Explained.