IBM Security QRadar SOAR

 View Only

  • 1.  Shodan lookup does not appear among action

    Posted Tue June 23, 2020 09:02 AM
    Hi,

    I installed Shodan app and it only creates a function and a message destination.
    I created the workflow and the rule for it but still does not appear among Actions for an IP Address.

    What can be the problem?

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: Shodan lookup does not appear among action

    Posted Wed June 24, 2020 10:31 AM
    Most likely the Rule does not match properly for the IP Address artifact. If you can post screenshots it could help identify where the problem is.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 3.  RE: Shodan lookup does not appear among action

    Posted Mon June 29, 2020 05:05 AM
    Hi Ben,

    I uploaded the screenshots.

    Adam

    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 4.  RE: Shodan lookup does not appear among action

    Posted Mon June 29, 2020 08:38 AM
    You mentioned you created a Rule (which you'll need if you want to use this workflow). Do you have a screenshot of the rule?

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 5.  RE: Shodan lookup does not appear among action

    Posted Mon June 29, 2020 08:43 AM
    It is there. Second screenshot.

    Adam

    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 6.  RE: Shodan lookup does not appear among action

    Posted Tue June 30, 2020 07:35 AM
    The Rule screenshot shows what looks to be an Automatic Rule. I think what you want is a Manual Rule which will look like this:



    Notice the Show Activity Fields that the bottom. That shows that it is a Manual rule.

    Ben



    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 7.  RE: Shodan lookup does not appear among action

    Posted Fri July 03, 2020 05:33 AM
    Edited by Adam Fri July 03, 2020 05:35 AM
    Hi Ben,

    Now the rule is based on your suggestion but the action is failing:

    Possibly the API key. Could be the problem that the same API key is used for another integration?

    Regards,
    Adam


    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 8.  RE: Shodan lookup does not appear among action

    Posted Tue July 07, 2020 07:16 AM
    Hi Ben,
    Thank you for your advice, now it is working but after one successful scan it raised an error:

    Traceback (most recent call last): File "/home/integration/.local/lib/python3.6/site-packages/fn_shodan/components/shodan_lookup.py", line 37, in _shodan_lookup_function host = api.host(shodan_lookuphost) File "/home/integration/.local/lib/python3.6/site-packages/shodan/client.py", line 380, in host return self._request('/shodan/host/%s' % ','.join(ips), params) File "/home/integration/.local/lib/python3.6/site-packages/shodan/client.py", line 340, in _request raise APIError(data['error']) shodan.exception.APIError: No information available for that IP.
    07/07/2020 13:04:58
    InformationQuerying Shodan for 200.134.211.100

    Is there a limitation of querying or something?

    What can be the cause of this?

    Thank you.

    Regards,
    Adam


    ------------------------------
    Adam
    ------------------------------

    Original Message


  • 9.  RE: Shodan lookup does not appear among action

    Posted Tue July 07, 2020 07:27 AM
    I haven't used that particular application so unfortunately I'm unable to comment on what might be the issue. You may have to look at the python code to see what is going on.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message