Crowdstrike Falcon LogScale Ingest API

This article demonstrates how you can integrate Shodan Monitor with LogScale. First, create a new repository in your LogScale Cloud account. Access to the new repository and go to Settings.

You can see here there are 2 important pieces of information that help to send data to this repository: Ingest host name and Ingest Token.

Please fill these 2 values into the below Python script. It will run continuously to track your monitored assets and send any information it finds to LogScale Cloud through the Ingest API.

import json
import requests

SHODAN_API_KEY = ''
INGEST_HOST_NAME = ''
INGEST_TOKEN = ''

def main():
    response = requests.get('https://stream.shodan.io/shodan/alert?key={}'.format(SHODAN_API_KEY), stream=True, verify=False)
    for banner in response.iter_lines(decode_unicode=True):
        if banner:
            headers = {"Content-Type": "application/json",
                    "Authorization": "Bearer {0}".format(INGEST_TOKEN)}
            requests.post(url=INGEST_HOST_NAME, headers=headers, data=banner)

if __name__ == '__main__':
    main()

Note that the Shodan API key is obtained from your Shodan Account site.

You can check your Search page on your LogScale Cloud and see the result: