Shodan
Visualize Shodan Organization, Alert, Host, Scan, and User changes through queries and alerts.
- Installation
- Data Model
- Types
Installation Guide
Prerequisites
To ingest organization and user entities, you will need an enterprise license.
Configuring Shodan
Authentication
Collect API key to authorize API requests.
Collect API Key
- Log in to your Shodan account.
- Click on Account in the top-right corner.
- Click Show API Key.
- Copy the API key and store it in a safe location.
Configuring in JupiterOne
-
In the J1 Search homepage, navigate to the Integrations section from the top navigation bar.
-
Search for Shodan and select it.
-
Click the Add Instance button and configure the following:
- Shodan API Key: Enter the API Token generated in Shodan.
- Account Name: Assign a name to identify this Shodan instance in JupiterOne. If the Tag with Account Name option is enabled, ingested entities will include this value in
tag.AccountName. - Description: Add a description to assist your team in identifying this integration instance.
- Polling Interval (optional): Select a polling interval appropriate for your monitoring needs. Leave this as
DISABLEDfor manual execution if unsure.
-
Click Create Configuration to save the settings.
Next Steps
Your integration instance will now run based on the configured polling interval, populating data within JupiterOne. Refer to our Instance Management Guide to learn more about managing and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Alert | shodan_alert | Alert |
| Host | shodan_host | Host |
| Organization | shodan_organization | Account |
| Scan | shodan_scan | Scanner |
| User | shodan_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
shodan_organization | HAS | shodan_user |
shodan_organization | HAS | shodan_scan |
shodan_scan | SCANS | shodan_host |
Shodan Alert
shodan_alert inherits from Alert
Shodan Host
shodan_host inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
asn | string | ||
bannerId | string | ||
hash | number | ||
hostnames | array of strings | ||
internetServiceProvider | string | ||
location | string | ||
organization | string | ||
product | string | ||
shodanCrawler | string | ||
shodanScanId | string | ||
transportLayerProtocol | string |
Shodan Organization
shodan_organization inherits from Account
Shodan Scan
shodan_scan inherits from Scanner
Shodan User
shodan_user inherits from User