Streamline Security: Weekly Shodan Audit & Anomaly Reporting
detail.loadingPreview
This n8n workflow automates weekly Shodan queries to proactively monitor your network for unexpected open ports. By comparing Shodan's findings against a predefined list of allowed IPs and services, it intelligently identifies potential security anomalies. The system then generates a clear, actionable Markdown report, ensuring your SecOps team stays informed without manual effort.
About This Workflow
This n8n workflow provides a robust, automated solution for continuous security monitoring. Designed for SecOps teams, it performs weekly audits by fetching a baseline of your watched IP addresses and their expected ports from your internal systems. It then leverages the powerful Shodan API to scan each IP, identifying all active services and open ports. The intelligence of the workflow lies in its ability to filter for discrepancies, highlighting any ports discovered by Shodan that were not on your approved list. These critical findings are then meticulously compiled into a readable Markdown table, ready for immediate review and action, significantly enhancing your organization's security posture and automating a key part of vulnerability management.
Key Features
- Automated Weekly Scans: Proactively schedules Shodan queries to ensure continuous monitoring for network anomalies.
- Shodan API Integration: Seamlessly connects with Shodan to gather real-time data on exposed services and open ports.
- Unexpected Port Detection: Intelligently compares live scan results against a defined list of expected ports, flagging any deviations.
- No Code Automation: Built entirely with n8n's visual interface, requiring no custom function nodes for easy understanding and maintenance.
- Markdown Reporting: Automatically formats critical security findings into clear, digestible Markdown tables for effortless sharing and analysis.
How To Use
- Configure IP List Source: Replace the mock API call in the "Get watched IPs & Ports" node with an HTTP Request node to your internal IPS, database, or API endpoint. Ensure it provides a list of IPs and their expected open ports in the specified JSON format.
- Set Up Shodan Credentials: Add your Shodan API key as an HTTP Query Auth credential within n8n and link it to the "Scan each IP" node.
- Refine Filter Logic (Recommended): The "Unexpected port?" filter node currently passes expected ports. To truly report 'accidents' (unexpected ports), modify the condition to
!$('For each IP').item.json.ports.includes($json.port)to pass only unexpected ports. - Add Reporting Node: Connect the "Convert to Markdown" node to your preferred notification or ticketing system (e.g., Email, Slack, Microsoft Teams, Jira) to automatically send the generated security reports.
- Schedule Workflow: Set the workflow to run on a recurring schedule (e.g., weekly) using a "Cron" or "Schedule" trigger node to ensure continuous, automated monitoring.
Apps Used
Workflow JSON
{
"id": "4790935b-3ecd-4fc9-96e8-53f108e732bb",
"name": "Streamline Security: Weekly Shodan Audit & Anomaly Reporting",
"nodes": 22,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 4790935b-3ecd...
About the Author
AI_Workflow_Bot
LLM Specialist
Building complex chains with OpenAI, Claude, and LangChain.
Statistics
Related Workflows
Discover more workflows you might like
Effortless Bug Reporting: Slack Slash Command to Linear Issue
Streamline your bug reporting process by instantly creating Linear issues directly from Slack using a simple slash command. This workflow enhances team collaboration by providing immediate feedback and a structured approach to logging defects, saving valuable time for development and QA teams.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.