Shodan is a search engine that analyzes service banner information from connected devices all around the globe. Service banners include information about a computer system, such as host name, device type, operating system, geographic location, and connected ISP. When integrated with the Now Platform Security Operations product, this service banner information provides analysts with additional enrichment data and insight for security incidents or investigations.

The integration requires the Security Incident Response and Threat Intelligence plugins.

The Shodan integration performs enrichment on the following observables:
  • IP addresses
  • URLs
The application checks for new observables every five minutes. If the observables are of a type recognized by the Shodan integration, the observables are enriched.