Introducing Shodan Workflow Actions for Splunk

TL;DR: My first public Splunk app is now live on Splunkbase. Check it out!

I've just published my first Splunk app: Shodan Workflow Actions for Splunk. This is a very simple app that introduces a suite of new workflow actions you can use from searches, and events. While it will be handy for all Splunk users and admins, these actions are especially handy for security professionals and will integrate perfectly with Splunk Enterprise Security (ES). This app adds new workflow actions to search Shodan for: hostnames, IPs, ports, OS and product names, cities, or a general Shodan search.

The app requires Splunk 6.3 (or above), and can be installed from your Splunk instance or downloaded from Splunkbase. Note that you will need a (free or paid) Shodan account for most of the workflow actions.

Full documentation is online at The app is totally open-source and is hosted on GitHub.

If you encounter any issues, bugs or missing features, raise an issue on GitHub, or hit me up on Twitter.


comments powered by Disqus