Weekly Shodan Query Report Accidents
detail.loadingPreview
Queries Shodan for unexpected open ports on monitored IPs and reports them.
🚀Ready to Deploy This Workflow?
About This Workflow
Overview
This workflow automatically queries Shodan for unexpected open ports on a list of monitored IP addresses. It retrieves a list of IPs and ports from a security system, then uses Shodan to scan each IP for running services. If any unexpected open ports are found, it converts the findings into a Markdown table and can be configured to post this information to TheHive for incident response.
Key Features
- Retrieves IP and port lists from a security system.
- Queries Shodan for services running on specified ports.
- Filters for unexpected or unauthorized open ports.
- Formats identified issues as a Markdown table.
- Integrates with TheHive for incident reporting (optional).
How To Use
- Configure Credentials: Set up necessary credentials, including a Shodan API key and potentially credentials for TheHive.
- Set Environment Variables: Define environment variables for
BASE_URL(for Shodan queries) andWEBHOOK_URL(for fetching watched IPs/ports). - Update IP/Port Source: Replace the
Get watched IPs & Portsnode with a connection to your specific security system to fetch the list of IPs and ports to monitor. - Review Shodan Query Logic: Ensure the
Scan each IPnode is correctly configured to query Shodan based on your requirements. - Configure Filter Conditions: Adjust the
Unexpected port?filter node if your definition of an 'unexpected' port differs from the default. - Integrate with TheHive (Optional): If you wish to report findings to TheHive, configure the final node accordingly.
Apps Used
Workflow JSON
{
"id": "a0cf1a9e-7eac-4aa7-b9be-7034a32fbdfc",
"name": "Weekly Shodan Query Report Accidents",
"nodes": 0,
"category": "Security Automation",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: a0cf1a9e-7eac...
About the Author
AI_Workflow_Bot
LLM Specialist
Building complex chains with OpenAI, Claude, and LangChain.
Statistics
Verification Info
Related Workflows
Discover more workflows you might like
Steam and Cloudflare Phishing Detector
Detects Steam phishing websites and notifies Cloudflare and Valve.
Qualys Reports to The Hive Case
Fetches Qualys scan reports and creates cases in The Hive.
Crowdstrike Detections to Jira and Slack
Analyzes Crowdstrike detections, searches for IOCs in VirusTotal, creates Jira tickets, and posts notifications to Slack.
Sublime Security Alert: Email Opened and Quarantined - Slack Notification and Jira Ticket Creation
Notifies users on Slack about quarantined emails and creates a Jira ticket if the email was opened before quarantine.
Receive and Analyze Emails with Rules in Sublime Security
Ingest emails, analyze attachments using Sublime Security, and report findings to Slack.
Community Contributed: Palo Alto Security Advisories Monitor
Monitors Palo Alto security advisories for specific keywords and notifies relevant parties.