top of page
Search

Splunk and Shodan Integration

Shodan is a specialized search engine that is used to find specific types of internet-connected devices and systems. Unlike traditional search engines like Google or Bing which index and search web pages, Shodan scans for and provides information about internet-connected devices, such as servers, webcams, printers, routers, and even smart home devices.


Using Dataflect, you can quickly and easily integrate Splunk and Shodan, allowing you to do things like:


  • Use the information returned by Shodan in dashboards,

  • Set up alerts to provide proactive monitoring of organizational infrastructure

    • e.g. alert when a port is exposed on a server that should not be

  • Audit and monitor security posture

  • Enrich Splunk search results with information returned from Shodan

    • e.g. add sub-domains and other DNS entries for a given domain that is present in search results

  • Execute a scan on a given IP address

In this demo, we will show the first example, using the information returned by Shodan in Splunk dashboards. We will use Dataflect to integrate Splunk with Shodan, and then create two dashboards. One in which a user can obtain information on an entered IP address, and one in which a user can obtain information on an entered hostname.


Dashboard that shows information in Splunk from Shodan returned for an entered IP address:



Do things like - check the known location of an IP address, see ownership information for the IP address, list known domains and subdomains for an IP address, list listening ports for an IP address.


Dashboard that shows information from Shodan returned for an entered hostname:


Do things like - List all DNS entries associated with a domain. See current (or historical) IP addresses associated with a hostname. See ports associated with a given subdomain.


These are a couple of examples that show you what an integration between Splunk and Shodan using Dataflect can look like, but the possibilities are limited only by your imagination.


If you'd like to schedule a demo to see how Dataflect can empower and extend your Splunk administrators reach out to us at sales@dataflect.com today!

38 views

Recent Posts

See All

Commentaires


bottom of page