Shodan - Enrich Domain Name

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This playbook can be triggered manually from a Domain Entity context to fetch geo location and running services details from Shodan.io.

Attribute Value
Type Playbook
Solution Shodan
Source View on GitHub

Additional Documentation

📄 Source: ShodanPlaybooks/Shodan-EnrichDomain-EntityTrigger/readme.md

Shodan-EnrichDomain-EntityTrigger

Summary

The playbook can be triggered manually from a Domain Entity context to fetch geo location and running services details from Shodan.io. This playbook performs following actions:

  1. Get the domain name from entity.
  2. Query Shodan.io to fetch geo location and running services details.
  3. Collect all the details and format as table.
  4. Add the collected details as comment to the incident.



Prerequisites

  1. Prior to the deployment of this playbook, Shodan Logic App Custom Connector needs to be deployed under the same subscription.
  2. Refer to Shodan Logic App Custom Connector documentation for deployment instructions.

Deployment instructions

  1. To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
  2. Fill in the required parameters:
    • Playbook Name
    • Custom Connector Name

Deploy to Azure Deploy to Azure

Post-Deployment instructions

a. Authorize connections

Once deployment is complete, authorize each connection.

  1. Select the Microsoft Sentinel connection resource
  2. Click Edit API connection blade
  3. Click Authorize/Provide credentials
  4. Click Save
  5. Repeat these steps for other connections

b. Assign Playbook Microsoft Sentinel Responder Role

  1. Select the Playbook (Logic App) resource
  2. Click on Identity Blade
  3. Choose System assigned tab
  4. Click on Azure role assignments
  5. Click on Add role assignments
  6. Select Scope - Resource group
  7. Select Subscription - where Playbook has been created
  8. Select Resource group - where Playbook has been created
  9. Select Role - Microsoft Sentinel Responder
  10. Click Save

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to Shodan