The ServiceNow® Shodan Exploit Integration application uses data imported from the Shodan search engine to help you determine the impact and priority of potentially malicious exploits.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Shodan Exploit Integration

The Shodan search engine collects exploit data and the Shodan API makes that database available to the ServiceNow AI Platform®. It easily integrates with the ServiceNow® Vulnerability Response application to map exploits to third-party vulnerabilities enriching the exploit data in your instance.

There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

Every day, scheduled jobs invoke the integrations automatically in the order they are listed. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.

Available versions

Release version for Yokohama Release Notes

Shodan Exploit Integration v10.6, 10.7

For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

Roles

Shodan Exploit Integration tasks involve the following roles.
  • sn_vul_shodan.admin: Users with this role can read, write, and delete records.
  • sn_vul_shodan.user: Users with this role can read and write records.
  • sn_vul_shodan.read: Users with this role can read records.

Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

Shodan exploit integrations

To view the Shodan exploit integrations, navigate to All > Shodan Exploit Integration > Integrations.

The following integrations are included in the base system. These integrations are active by default.

Table 1. Shodan exploit integrations
Integration Description
Shodan ExploitDB Integration Retrieves ExploitDB data from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 03:15:00.
Shodan Metasploit Integration Retrieves Metasploit information from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 01:15:00.

To change the default start time for the scheduled integration imports, see Set Shodan Exploit Integration import time.

To view exploit data in third-party vulnerabilities, see View Vulnerability Response vulnerability libraries.

Changing other Shodan Exploit Integration settings requires advanced ServiceNow and Vulnerability Response expertise and is beyond the scope of the product documentation.