Enricher - Shodan
This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.
Enricher name |
Shodan |
Input |
Asn, city, company, country, country-code, domain, email, geo-lat, geo-long, hashes (hash-md5, hash-sha1, hash-sha256, and hash-sha512), host, IP addresses (ipv4 and ipv6), organization, person, port, postcode, and uri. |
Output |
Enriches supported observable types with the following information, when available: country name, city name, ZIP code, longitude, latitude, organization name, host name, IP address, open ports and services related to input IP addresses. |
API endpoint |
https://api.shodan.io/shodan/ |
Description |
The Shodan enricher uses input data such as country and city names, organization and personal names, ZIP codes, email addresses, and so on to return a list of matching IP addresses corresponding to your Internet-connected devices, along with location and user details. |
Requirements
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.
Configure the enricher parameters
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value: https://api.shodan.io/.In the API key field, enter the Shodan Enter the API key to access the intelligence provider API and to consume the available services through their API endpoints.
To store your changes, click Save; to discard them, click Cancel.
Additional information
Polling the Shodan API through the Shodan enricher may consume Shodan credits.
Searching Shodan via the API uses query credits when:
The search query uses a search filter.
The retrieved search query results span beyond page one, and you request page 2 or beyond.
The Shodan enricher uses pagination. Therefore, if it requests results extending to page 2 or beyond, it consumes query credits.
For further details see Shodan Credits Explained.