Skip to main content
All CollectionsTemplatesBasic
Shodan - IP Address Enrichment with Cache - Workflow Template
Shodan - IP Address Enrichment with Cache - Workflow Template

Receives an IP Address from a parent workflow and query Shodan for enrichment.

Updated over a week ago

This workflow template facilitates threat intelligence enrichment by receiving an IP address from a parent workflow and querying Shodan for detailed information. It optimizes performance by first checking for cached responses from the last 24 hours. If the IP reputation is present in the cache, it returns the saved data; otherwise, it executes a Shodan search and stores the fresh results for future inquiries. It's designed to help security teams rapidly assess the threat level of an IP address while efficiently managing API call volumes.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives an IP Address as input.

  2. Lookup global variables for cached responses in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found in cache, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Shodan, Torq

Workflow Output

Returns full analysis data and a summary of the information.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?