Shodan
Last updated
Last updated
Shodan is a Threat Intelligence (TI) integration. TI Data Source integrations are used during investigations to improve analysis and in interactive chat to help answer questions. They are optional, but enabling more tooling integrations enhances Dropzone analysis.
The Dropzone platform integrates with Shodan, a search engine for devices on the internet. Dropzone can use it for identifying IP device characteristics such hosting ownership, open ports, or known vulnerabilities.
Shodan requires an API key to enable.
To obtain an API key, do the following:
If you do not already have a corporate Shodan account, create one and become a member:
Create your account at https://account.shodan.io/register
Use social login or create an account
Shodan will send an email to your email address - follow the instructions to activate your account
Become a member via https://account.shodan.io/billing/member
Next, retrieve your API key
Go to the Shodan Developer Portal
Click on "Show API Key" located in the far top right corner
Record the API Key shown for use later in the Dropzone UI where it is called "API key"
To enable the Data Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Integrations
Click "Data Sources" in the top left corner
In the THREAT INTEL section, find the Shodan tile and click "Connect"
Input the API key
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
