Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mikoiv/MicrosoftSentinel-ShodanMonitor
Ingesting Shodan Monitor Alerts to Microsoft Sentinel
https://github.com/mikoiv/MicrosoftSentinel-ShodanMonitor
Last synced: about 1 month ago
JSON representation
Ingesting Shodan Monitor Alerts to Microsoft Sentinel
- Host: GitHub
- URL: https://github.com/mikoiv/MicrosoftSentinel-ShodanMonitor
- Owner: mikoiv
- License: mit
- Created: 2021-03-10T15:40:57.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-19T05:59:54.000Z (over 1 year ago)
- Last Synced: 2023-09-19T09:27:33.109Z (over 1 year ago)
- Homepage: https://secopslab.substack.com/p/shodan-monitor-alerts-to-microsoft
- Size: 2.5 MB
- Stars: 31
- Watchers: 2
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-ip-search-engines - Microsoft Sentinel Shodan Monitor
README
# MicrosoftSentinel-ShodanMonitor
## Introduction
Shodan Monitor is a service for Shodan subscribers that can detect the following issues in publicly available networks and hosts:
* Services associated with ICS or IoT devices
* Compromised or malware-related services
* New open ports, uncommon open ports
* Open databases
* Known vulnerabilities
* Expired certificatesIn brief it provides a service for managing public attack surface, usually for your own assets.
This repository contains an Azure Logic App for ingesting Shodan Monitor alerts for querying, alerting and hunting in Microsoft Sentinel:
[![Log query](https://github.com/mikoiv/MicrosoftSentinel-ShodanMonitor/blob/main/Images/sentinel-logquery.png)](https://github.com/mikoiv/MicrosoftSentinel-ShodanMonitor/blob/main/Images/sentinel-logquery.png)
For further details and instructions you can read the following writeup:
**https://secopslab.substack.com/p/shodan-monitor-alerts-to-microsoft**
## Deployment
[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fmikoiv%2FMicrosoftSentinel-ShodanMonitor%2Fmain%2Fazuredeploy.json)
## Parameters
When deploying the template you have the following parameters to configure:
| Parameter | Description |
| ------------- | ------------- |
| **Resource Group** | Resource group for deployed resources |
| **Region**| Azure region for deployed resources |
| **Playbook Name** | Logic App name (default: ShodanMonitor-Sentinel) |
| **Log Analytics Connection Name** | API connection name (default: loganalyticsconnection-ShodanMonitor-Sentinel)|
| **Log Analytics Workspace ID**|Enter the unique ID of your Azure Log Analytics workspace|
| **Log Analytics Workspace Key**|Enter the primary or secondary key of your Azure Log Analytics workspace|The URL you need to provide Shodan Monitor can be found from the Logic App HTTP trigger, after deployment.