- 509
Weekly Shodan Monitoring System for Identifying Open Ports
Enhance security by detecting unexpected open ports weekly using automated Shodan monitoring in n8n, ensuring proactive system protection.
Who is this workflow for? This n8n workflow automates the weekly monitoring of your network’s IP addresses using Shodan. Scheduled to run every Monday at 5:00 AM, it identifies unexpected open ports and generates detailed alerts in TheHive, enhancing your network security management..
What does this workflow do?
- Scheduled Execution: The workflow is triggered every Monday at 5:00 AM.
- Fetch Watched IPs and Expected Ports: Initiates an HTTP request to retrieve a list of monitored IP addresses along with their expected open ports.
- Sequential IP Processing: Iterates through each IP address one by one for thorough analysis.
- Shodan Data Retrieval: For each IP, sends a GET request to Shodan to obtain detailed information about the IP and its open ports.
- Data Extraction and Transformation: Extracts the relevant data from Shodan’s response and converts it into an array format, listing all ports associated with the IP.
- Port Comparison: Uses a filter node to compare the ports discovered by Shodan against the expected ports. Ports that do not match the expected list are identified for further investigation.
- Data Assembly for Unexpected Ports: For each unexpected port, compiles comprehensive data including the IP address, associated hostnames, port number, service description, and additional details such as HTTP status codes and headers from Shodan.
- Data Formatting: Organizes the collected information into an HTML table and converts it into Markdown format for readability.
- Alert Generation in TheHive: Creates an alert in TheHive with the following details:
- Title: Indicates unexpected ports detected for the specific IP.
- Description: Includes the Markdown-formatted table with detailed Shodan data.
- Severity: Set to medium to highlight the importance of the issue.
- Timestamp: Records the current date and time of the alert.
- Tags: Adds relevant tags for categorization.
- Traffic Light Protocol (TLP): Set to Amber to control information sharing.
- Status and Type: Marks the alert with a new status and categorizes it as an ‘Unexpected open port’.
- Source Information: Attributes the alert to n8n and includes a unique source reference combining the IP address with the current Unix time.
- Additional Options: Enables follow-up actions and JSON parameter configurations.
🤖 Why Use This Automation Workflow?
- Automated Security Monitoring: Eliminates the need for manual checks by automatically scanning IP addresses for unexpected open ports.
- Timely Incident Reporting: Generates real-time alerts in TheHive, ensuring swift response to potential security issues.
- Comprehensive Data Analysis: Provides detailed information from Shodan, including service descriptions and HTTP headers, facilitating informed decision-making.
👨💻 Who is This Workflow For?
This workflow is designed for network administrators, IT security professionals, and organizations that require continuous monitoring of their network infrastructure to ensure security compliance and quickly address potential vulnerabilities.
🎯 Use Cases
- Network Security Compliance: Regularly verify that all networked devices adhere to the organization’s security policies by ensuring only expected ports are open.
- Unauthorized Service Detection: Identify and address unauthorized services or applications running on your servers, reducing the risk of security breaches.
- Incident Response Automation: Streamline the incident response process by automatically generating detailed alerts in TheHive when unexpected open ports are detected.
TL;DR
This n8n workflow provides an automated solution for weekly monitoring of network IPs using Shodan. By identifying and reporting unexpected open ports directly to TheHive, it enhances your organization’s ability to maintain robust network security and respond promptly to potential threats.
Related
Create a Custom URL for Zoom Meetings Using n8n
Streamline scheduling by generating custom Zoom URLs. Automate meeting links and enhance organization with this n8n workflow template.
- 457
WordPress Auto-Blogging with SEO Content Automation
Streamline blog creation for better SEO. Automate content posting, optimize keywords, and manage WordPress updates seamlessly with this n8n workflow.
- 451
Weekly Task Reminder System for Notion in n8n
Automate task reminders to boost productivity. Integrate Notion seamlessly and receive weekly notifications with this easy-to-use n8n template.
- 569
Help us find the best n8n templates
About
A curated directory of the best n8n templates for workflow automations.