Events Log

The Events Log contains 2 types of events:

• Notification
• Asset group changed

Shodan Monitor stores the most recent 2 weeks worth of events and makes them available via the website, API, RSS and Atom feeds.

• Website: https://monitor.shodan.io/events
• API: https://monitor.shodan.io/api/v1/events?key=YOUR_API_KEY
• RSS feed: https://monitor.shodan.io/events.rss?key=YOUR_API_KEY
• Atom feed: https://monitor.shodan.io/events.atom?key=YOUR_API_KEY

We also added an icon with a link to the RSS feed URL within the Events Log:

In addition to events for notifications, Shodan Monitor also generates events when an asset group changes for the domain- and query-based asset groups. There are 3 ways to define asset groups:

• Network
• Domain/ hostname
• Search query

Asset groups based on a domain or search query are considered dynamic asset groups because the IPs within them change based on DNS or search results. If you want to keep track of change within your asset groups then you can do that by looking for Asset Group Changed events in the Events Log. The website lets you filter on them:

A sample event in JSON format looks like:

{
    "alert_id": "XXX",
    "asset_group_changed": true,
    "new": [
        "1.1.1.1/32",
        "8.8.8.8/32"
    ],
    "previous": [
        "1.1.1.1/32",
        "8.8.4.4/32"
    ],
    "added": [
        "8.8.8.8/32"
    ],
    "removed": [
        "8.8.4.4/32"
    ],
    "timestamp": "2023-11-01 22:10:43"
}