Weekly Shodan Query Report Accidents no function node
This workflow automatically monitors IP addresses and their ports within the enterprise's internal systems on a weekly basis. It utilizes the Shodan API to scan for open ports and services, promptly identifying any unexpected abnormal ports. The information is organized into a Markdown format report, which is then pushed to TheHive platform for quick response. Its core advantages lie in enhancing monitoring efficiency, reducing human oversight, ensuring network security, and helping the security team stay informed about potential risks, thereby building an efficient security protection system.
Tags
Workflow Name
Weekly_Shodan_Query___Report_Accidents__no_function_node_
Key Features and Highlights
This workflow automatically retrieves the list of IP addresses and their respective ports to be monitored from an internal system. It leverages the Shodan API to scan each IP, identifying open ports and running services. Unexpected ports are automatically filtered out, and the anomalous port information is compiled into a Markdown-formatted table. Finally, security alerts are generated and pushed to TheHive security incident response platform, enabling automated detection and rapid response to port anomalies.
Core Problems Addressed
Manual monitoring of IP ports and services is inefficient, prone to omissions, and slow to respond. This workflow automates scanning and comparison processes, helping security teams promptly detect abnormal open ports within the network, thereby preventing potential security risks and intrusions. It significantly enhances the speed of security incident detection and response capabilities.
Application Scenarios
- Port monitoring and anomaly detection of critical assets by Enterprise Security Operations Centers (SecOps)
- Network security audits and periodic exposure surface reviews
- Automated triggering of security incidents and alerting systems
- Integration with security incident management platforms (e.g., TheHive) for security automation workflows
Main Workflow Steps
- Scheduled Trigger: The workflow is initiated automatically every Monday on a fixed schedule.
- Retrieve Monitored IPs and Ports: Calls an internal system’s webhook API to obtain the list of IP addresses and their monitored ports.
- Batch Processing of IPs: Processes each IP address sequentially to avoid API call overload.
- Invoke Shodan API Scan: Queries each IP for open ports and running service information.
- Service List Splitting: Breaks down each port’s service details from the scan results into individual entries.
- Filter Anomalous Ports: Determines whether ports are expected; filters out unexpected open ports.
- Data Organization: Structures anomalous port information (IP, port, hostname, description, etc.) for output.
- Format Conversion: Converts the data into an HTML table, then transforms it into Markdown format for easy reading and reporting.
- Security Alert Creation: Pushes the anomalous port information as alerts to TheHive platform for security personnel to follow up and handle.
Involved Systems and Services
- Shodan: Internet-connected device search engine used to query open ports and service information of IPs.
- Internal Webhook API: Provides the list of IPs and ports to be monitored.
- TheHive: Open-source security incident response and case management platform used to receive and manage security alerts.
- n8n Automation Platform: Supports workflow scheduling, HTTP requests, data processing, format conversion, and integration for alert pushing.
Target Users and Value
- Security Operations Teams: Reduce manual inspection workload and improve risk detection efficiency through automation.
- Network Administrators: Gain real-time visibility into network port status and promptly identify misconfigurations.
- Security Analysts and Response Teams: Receive structured anomalous port alerts for rapid threat response.
- Enterprises and Organizations: Ensure the security of critical assets, reduce potential attack surfaces, and enhance overall network security situational awareness.
This workflow realizes continuous monitoring and alerting of network port anomalies through automation and integration, helping teams build an efficient and scalable security defense system.
HaveIBeenPwned New Breach Monitoring and Alert Workflow
This workflow automatically monitors the leaked data on the HaveIBeenPwned website at scheduled intervals to detect new data breach incidents. When new leaked information is found, the system promptly triggers alerts to ensure that users can quickly respond to security risks. This process runs automatically every 15 minutes and employs an intelligent caching mechanism to avoid duplicate alerts. It supports flexible integration with various messaging platforms, enhancing the efficiency and responsiveness of information security monitoring, making it suitable for the security management needs of both individuals and businesses.
Backup to GitHub
This workflow is designed to automatically back up workflow configurations to a specified GitHub repository, ensuring data security and version management. It supports both scheduled and manual triggers, intelligently assesses the backup status to avoid duplicate writes, thereby optimizing storage efficiency. By utilizing a sub-workflow design, it reduces memory usage and enhances execution stability, helping users effectively mitigate the risk of data loss. It meets the needs of team collaboration and compliance auditing, making it an important tool for automated management.
Ko-fi Payment Callback Reception and Intelligent Classification Workflow
This workflow is specifically designed to receive and process payment notifications from the Ko-fi platform. It can automatically verify the security of requests and intelligently categorize them into three types: donations, subscription payments, and store orders. By extracting key payment data, the workflow simplifies the data processing process, supports first-time subscription identification, and aids in precise marketing and user management. It is suitable for content creators, freelancers, and online stores, enhancing operational efficiency and enabling automated integration with other systems.
Automatically Send Daily Meeting List to Telegram
This workflow automatically retrieves meeting schedules from Google Calendar daily and sends the organized list of meetings as a message to a designated Telegram account. This way, users can receive timely information about the day's meetings in the morning, helping them avoid missing important appointments and improving time management efficiency. Additionally, it reduces the burden of manually checking and organizing meetings, making it suitable for busy professionals and team managers, thus facilitating efficient work.
Reschedule Overdue Asana Tasks and Clean Up Completed Tasks
This workflow is designed to automate the management of tasks in Asana. Its main features include rescheduling overdue tasks daily, ensuring that deadlines are updated to the current day to avoid omissions and task backlogs. It also automatically cleans up completed tasks to keep the task list tidy. Through complete automation, users do not need manual intervention, allowing for efficient task management and enhancing the efficiency and visualization of the workspace. It is suitable for project managers and teams that need to optimize task management.
Intelligent Local Folder Auto-Organizer Assistant
This workflow is an intelligent file organization assistant that can monitor new files in a specified local folder in real-time and uses AI technology to analyze file names for categorization. It automatically moves files to the corresponding subfolders, and if the target folder does not exist, it will intelligently suggest and create one. Through this automated process, users can efficiently manage files, reduce the hassle of manual organization, and enhance work efficiency, while also avoiding errors and time wastage associated with manual operations. It is suitable for the file management needs of both individual users and teams.
Post a Message to a Channel in RocketChat
This workflow is designed to automatically send preset messages to a specified RocketChat channel through manual triggering, enhancing internal communication efficiency. It simplifies the process for team members who frequently send repetitive messages manually, ensuring that information can be conveyed quickly and uniformly. This is applicable in scenarios such as corporate announcements, urgent notifications, and team collaboration reminders, helping users save time and improving the timeliness and accuracy of information delivery.
[hiroshidigital.com] Send Message In Larksuite
This workflow implements the functionality of automatically sending text messages to Feishu chat groups, addressing the cumbersome and error-prone nature of manual message sending. By calling the open platform API to obtain an access token, users can securely and quickly push messages with specified content, making it suitable for scenarios such as internal company notifications, project updates, alert information, and marketing promotions. This automation process enhances team communication efficiency, particularly for users who require scheduled or triggered notifications.