Configuring the Active Network Defense (AND) and Shodan Continuous External Scanning integration.

Configuring the Active Network Defense (AND) and Shodan Continuous External Scanning integration.

Active Network Defense (AND) is a network, cloud, and log security platform that acts as the focal point for NIST800/CMMC compliance, and operations security monitoring.  Shodan is an industry-leading internet monitoring platform gathering information about all devices directly connected to the Internet. If a device is directly hooked up to the Internet then Shodan queries it for various publicly-available information. The types of devices that are indexed can vary tremendously: ranging from small desktops up to nuclear power plants and everything in between.

This integration allows customers to incorporate the information collected by Shodan with their log and AND inspection data. This greatly expands the threat hunting data set - analyzing both internal and external data to target potential threats more completely.

Steps to configure:

  1. Navigate to Shodan Monitor (Paid Account Required).
  2. On the top menu, click 'Manage Assets', then click the 'Add Network' button to add a public IP address, or subnet for external port, and vulnerability scanning. F in the 'Name' and 'List of Ips' fields with information that describe your external networks, then click the 'Add Network' button at the bottom of the page.

  3. Next, to access the Shodan Monitor notification options, click 'Settings' on the top menu. 

  4. On the 'Settings' page, to create the Webhook that will notify Active Network Defense (AND) when new external ports, or vulnerabilities are identified, please click the dropdown menu labelled 'Notification Services', and select 'Webhook', then click the 'Add' button. 
  5. In the 'URL' field, please add '<UUID>' (where the UUID is from your Active Network Defense subscription), then type a short description for this webhook, then click the 'Apply to existing alerts' checkbox. 

  6. Then click the 'Add Notifier' button at the bottom of the page.
  7. Once active, scanning data on all exposed ports, and vulnerabilities will be automatically sent to Active Network Defense (AND) for analysis. The resulting data will be displayed in the 'Continuous External Scanning' dashboard.  If you don't see this dashboard, please open a support case via or emailing support[at]

About Hoplite

Our mission is to empower customers with the real-time intelligence, context, and automation required to proactively defend against rapidly evolving threats from around the world. Hoplite‚Äôs Intelligence and Behavior-based technologies are at the heart of this mission, allowing our customers, and partners to substantially harden their defenses, ensuring business operations are sustained at the highest level of effectiveness. Founded in 2013, and proudly headquartered in Bozeman, MT, Hoplite Industries Inc. ( / @HopliteInfo) provides cyber risk solutions to Fortune 500s, Government and Partner organizations around the world.

About Shodan

Analyze the Internet in Seconds

Shodan has servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence. Who buys Smart TVs? Which countries are building the most wind farms? What companies are affected by Heartbleed? Shodan provides the tools to answer questions at the Internet-scale.

    • Related Articles

    • How to find the web browser's HTTP response code

      FireFox: 1. In Firefox, visit a URL, right-click, select Inspect Element or Inspect to open the developer tools 2. Select the Network tab or directly press Ctrl+Shift+E together from your computer keyboard 3. Reload the page, select any HTTP request, ...