The "Shodan - IP Address Enrichment with Cache" workflow template is designed to enhance threat intelligence by enriching IP addresses with data from Shodan. It efficiently checks a local cache for recent reputation data, reducing redundant queries and speeding up response times. If no cached data is available, it queries Shodan directly, providing comprehensive analysis and geolocation details. This workflow is ideal for security teams seeking to streamline IP reputation checks and integrate enriched data into broader security operations.
Optional Triggers
["This workflow is intended to be used as a function."]
Use Cases
Function , Threat Intelligence Enrichment
Workflow Breakdown
Receives an IP Address as input.
Lookup global variables for cached responses in the past 24 hours.
If reputation is found on local cache, the saved data is returned to the parent workflow.
When no reputation is found in cache, a summary of the analysis data is created and saved with the original api data.
Vendors
Utils, Shodan, Torq
Workflow Output
Returns full analysis data and a summary of the information.
Tips
Set "Provide Raw Data Analysis" to true or false to add or remove original vendor information to the output.