Automate Network Security: Weekly Shodan IP Report Workflow

Enhance Your Network Security with Weekly Shodan IP Report Workflow

Every Monday at 5:00 AM, safeguard your digital infrastructure with our Automate Network Security: Weekly Shodan IP Report Workflow. This comprehensive n8n workflow meticulously monitors your network by examining IP addresses and their associated ports, ensuring anything unexpected is promptly identified and addressed.

What this workflow does

• Initiates every Monday at 5:00 AM to monitor and assess network security.
• Fetches a list of watched IP addresses and expected ports through an HTTP request.
• Sequentially processes each IP by sending a GET request to Shodan, the premier search engine for internet-connected devices, to gather detailed information.
• Extracts and converts Shodan's response into an array containing data on all ports for the IP.
• Utilizes a filter node to compare Shodan's ports with expected ports, retaining unexpected ones for detailed inspection.
• Compiles data for unexpected ports including IP, hostnames from Shodan, port number, service description, and detailed Shodan data like HTTP status, date, time, and headers.
• Formats this collected data into an HTML table and converts it into Markdown format.
• Generates an alert in TheHive, a security incident response platform, detailing unexpected ports per IP with a Markdown table and medium severity note.

Use cases

• Network administrators seeking automated monitoring for unexpected open ports that may pose security risks.
• SaaS operators aiming to maintain robust security compliance by regularly auditing network ports against known standards.
• Automation engineers looking to integrate security alerts into existing workflows for timely incident response.

Technical details

• Nodes used: Set, HTML, Filter, The Hive, Markdown, Item Lists.
• Starts with an HTTP request for IP addresses.
• Interacts with Shodan for detailed port data.
• Formats data into HTML and Markdown for alert generation.