You can integrate ShadowTrackr in two ways. The first is to pull ShadowTrackr data into another application, and the way to go is to use the
API. The second way is to have ShadowTrackr use data from other systems. You can build anything you want with the API for this, but we now have a first built-in inegration. With a built-in integration you only have to put in your API key and enable it, no code required :-)
You can find the built-in integrations under
Settings in the GUI.
Shodan is a search engine that lets users search for various types of servers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.
The big difference with ShadowTrackr is that Shodan scans a large part of the hosts on internet and mostly focuses on ICS and IoT. So if Shodan scans a host, there will be more ports scanned and more port data available than you get from a ShadowTrackr scan. ShadowTrackr scans all your assets and all related infrastructure (not the entire internet), and tracks your historic data. So, in short: ShadowTrackr is more suited for discovering and monitoring your entire attack surface, Shodan is more suited for in-depth port scans and ICS/IoT. If you need more port data or expect to find ICS/IoT, then enabling the Shodan integration is useful.
When scanning subnets for new hosts, results can differ. Not all scans are the same and it might be that some scans are blocked and others not. The same is true for the IP addresses of the scanner nodes. If you expect this might be the case, then enabling the Shodan integration is also useful. This might result in new hosts being found and a better view of your attack surface. Once found through Shodan, ShadowTrackr will discover and process all infrastructure related to the new host as usual.
Shodan data is pulled into ShadowTrackr on the first time an asset is found and then renewed every three days. Note that if you use the ShadowTrackr API and want to include the raw Shodan data you have to set the full parameter to True. See
exporting raw data for details.