Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Shodan is a search engine to provides the information about domains and IP addresses.

This document provides information about the Shodan connector, which facilitates automated interactions, with a Shodan server using FortiSOAR™ playbooks. Add the Shodan connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Shodan Versions: 1.7 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of the Shodan server to which you will connect and perform the automated operations and the API key to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Shodan connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Shodan server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the Shodan server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Search Domain Searches and returns information about a domain that you have specified by its domain name. domain_details
Investigation
Search IP Searches and returns information about an IP that you have specified by its IP address. ip_details
Investigation

 

operation: Search Domain

Input parameters

 

Parameter Description
Domain Name of the domain for which you want to retrieve information.

 

Output

The JSON output contains the details of the specified domain.

Following image displays a sample output:

 

Sample output of the Search Domain operation

 

operation: Search IP

Input parameters

 

Parameter Description
IP Address IP address for which you want to retrieve information.

 

Output

The JSON output contains the details of the specified IP address.

Following image displays a sample output:

 

Sample output of the Search IP operation

 

Included playbooks

The Sample - Shodan - 1.0.0 playbook collection comes bundled with the Shodan connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Shodan connector.

  • Search Domain
  • Search IP

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Shodan is a search engine to provides the information about domains and IP addresses.

This document provides information about the Shodan connector, which facilitates automated interactions, with a Shodan server using FortiSOAR™ playbooks. Add the Shodan connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching for information about a domain or an IP address.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Shodan Versions: 1.7 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Shodan connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Shodan server to which you will connect and perform automated operations.
API Key API key that is configured for your account for using the Shodan server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Search Domain Searches and returns information about a domain that you have specified by its domain name. domain_details
Investigation
Search IP Searches and returns information about an IP that you have specified by its IP address. ip_details
Investigation

 

operation: Search Domain

Input parameters

 

Parameter Description
Domain Name of the domain for which you want to retrieve information.

 

Output

The JSON output contains the details of the specified domain.

Following image displays a sample output:

 

Sample output of the Search Domain operation

 

operation: Search IP

Input parameters

 

Parameter Description
IP Address IP address for which you want to retrieve information.

 

Output

The JSON output contains the details of the specified IP address.

Following image displays a sample output:

 

Sample output of the Search IP operation

 

Included playbooks

The Sample - Shodan - 1.0.0 playbook collection comes bundled with the Shodan connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Shodan connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.