Configure and enable Shodan integration

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Before you use Shodan integration, you must download it from the ServiceNow Store.

    Before you begin

    Role required: sn_sec_tisc.admin

    Important:
    The Threat Intelligence Security Center and Whois Observable Enrichment plugins must be installed and active.

    Download the Whois integration from the ServiceNow Store and verify you have a valid Whois account before use. For more information see, Download the integration from the ServiceNow Store.

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center > Integrations > Enrichment Integrations > All Integrations > Observable Enrichment.
    2. In the Shodan card, select Configure New Enrichment to configure the integration.
    3. Complete the Configure New Enrichment form.
      Table 1. Configure New Enrichment form
      Field Description
      Name Name for the new enrichment integration. For example, Shodan.
      Vendor Name Name of the vendor.

      The details of the selected vendor are auto-populated and by default this field will be read only. For example, Shodan.
      Integration Type Type of integration that you selected. For example, Observable Enrichment.
      Description Description for the new enrichment integration.

      For example, the description for Shodan integration is, Shodan helps you to analyze banner information from connected devices all around the globe.
    4. Navigate to the Integration Configuration section.
    5. Enter (or paste) the API Key you acquired from the Shodan portal.
    6. Select Save to apply the changes.
      The integration details are validated, and by default the status is inactive.
    7. Select Enable to enable the integration.

    Result

    After configuration, Shodan can be selected for performing enrichment on observables in Threat Intelligence Security Center.