Shodan is a metadata search engine that scans the internet for connected devices (like servers, routers, webcams). It gathers information such as open ports, SSL certificates, and banners.
This connector enriches IPv4 observables and indicators with 'shodan' pattern_type exclusively, with no support for other scopes.
When processing an observable, the connector enriches it with Shodan identity information including the organization and its relationships, domain names and their relationships, hostnames and their relationships, autonomous systems and their relationships, X509 certificates and their relationships, geographic location data (city and country) with relationships, vulnerability information and relationships, while also updating the observable with comprehensive descriptions, relevant labels, and external references.
For indicators using the 'Shodan' pattern_type, the connector provides enrichment through faceted notes that retrieve the total number of search results for the query, presenting aggregated data across multiple dimensions including global statistics, the top 20 organizations, top 20 domains, top 20 ports, top 20 autonomous systems, and top 20 countries.
