Understanding the Shodan Exploit Integration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding the Shodan Exploit Integration

    The ServiceNow® Shodan Exploit Integration application leverages data from the Shodan search engine to help you assess the impact and prioritize potentially malicious exploits within your environment. It seamlessly integrates with the ServiceNow® Vulnerability Response application to enrich your third-party vulnerability data by mapping exploits sourced from Shodan’s extensive database.

    Show full answer Show less

    This integration is designed to automate and simplify your vulnerability remediation lifecycle by synchronizing your instance with external vulnerability management systems through scheduled jobs that run daily.

    Key Features

    • Integration with Shodan API: Accesses exploit databases such as ExploitDB and Metasploit data via Shodan to enhance vulnerability context.
    • Automated Scheduled Jobs: Runs two key integrations daily—Shodan ExploitDB Integration at 03:15 and Shodan Metasploit Integration at 01:15—to keep your vulnerability data current and actionable.
    • Run-As User Configuration: Uses a predefined run-as user (default VR.System) for all integration records to maintain security and consistency; this value should not be changed.
    • Role-Based Access Control: Provides granular roles (snvulshodan.admin, snvulshodan.user, snvulshodan.read) to manage user permissions effectively within the Vulnerability Response application.
    • Out-of-the-Box Integrations: Includes preconfigured integrations with ExploitDB and Metasploit, both active by default, facilitating quick deployment without complex setup.

    Practical Use and Configuration

    • View and manage Shodan exploit integrations through the ServiceNow interface under All > Shodan Exploit Integration > Integrations.
    • Adjust scheduled import times if needed to fit your maintenance windows, but other configuration changes require advanced knowledge of ServiceNow and Vulnerability Response.
    • To review exploit data within vulnerabilities, access the Vulnerability Response vulnerability libraries.

    Benefits for ServiceNow Customers

    This integration empowers you to enhance the accuracy and priority of vulnerability assessments by incorporating real-time exploit intelligence directly into your ServiceNow environment. Automating data synchronization reduces manual effort and improves response times, enabling more effective vulnerability management and risk reduction.

    The ServiceNow® Shodan Exploit Integration application uses data imported from the Shodan search engine to help you determine the impact and priority of potentially malicious exploits.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Shodan Exploit Integration

    The Shodan search engine collects exploit data and the Shodan API makes that database available to the ServiceNow AI Platform®. It easily integrates with the ServiceNow® Vulnerability Response application to map exploits to third-party vulnerabilities enriching the exploit data in your instance.

    There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    Every day, scheduled jobs invoke the integrations automatically in the order they are listed. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.

    Available versions

    Release version for Yokohama Release Notes

    Shodan Exploit Integration v10.6, 10.7

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

    Roles

    Shodan Exploit Integration tasks involve the following roles.
    • sn_vul_shodan.admin: Users with this role can read, write, and delete records.
    • sn_vul_shodan.user: Users with this role can read and write records.
    • sn_vul_shodan.read: Users with this role can read records.

    Persona and granular roles are available to help you manage what users and groups can see and do in the Vulnerability Response application. For an initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant. For more information about managing granular roles, see Manage persona and granular roles for Vulnerability Response.

    Shodan exploit integrations

    To view the Shodan exploit integrations, navigate to All > Shodan Exploit Integration > Integrations.

    The following integrations are included in the base system. These integrations are active by default.

    Table 1. Shodan exploit integrations
    Integration Description
    Shodan ExploitDB Integration Retrieves ExploitDB data from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 03:15:00.
    Shodan Metasploit Integration Retrieves Metasploit information from Shodan and enriches your third-party vulnerability data. This integration is set to run daily at 01:15:00.

    To change the default start time for the scheduled integration imports, see Set Shodan Exploit Integration import time.

    To view exploit data in third-party vulnerabilities, see View Vulnerability Response vulnerability libraries.

    Changing other Shodan Exploit Integration settings requires advanced ServiceNow and Vulnerability Response expertise and is beyond the scope of the product documentation.