API Reference

Threatnet Event Specification

An event is emitted for every interaction picked up by a Threatnet sensor. It serializes all the requests/ responses and adds additional information about the connecting host such as where it is located.

Properties
src_ip
[String] The IP address of the host as a string.
src_port
[Integer] The source port that the connecting host is sending data from.
dst_port
[Integer] The destination port number that the source host is connecting to.
timestamp
[String] The timestamp for when the event was triggered on the sensor. Example: "2014-01-15T05:49:56.283713"
shodan
[Object] Contains information that describes the sensor, such as where it is located, whether it uses default configurations or is hosted in the cloud.
shodan.location
[Object] An object containing all of the location information for the sensor.
shodan.tags
[String[]] A list of tags that describe the type of sensor, can include tags such as:
Optional Properties
asn
[String] The autonomous system number (ex. "AS4837").
data
[String] A base64-encoded string containing raw packet content.
domains
[String[]] An array of strings containing the top-level domains for the hostnames of the device. This is a utility property in case you want to filter by TLD instead of subdomain. It is smart enough to handle global TLDs with several dots in the domain (ex. "co.uk")
hostnames
[String[]] An array of strings containing all of the hostnames that have been assigned to the IP address for this device.
ics
[Object] An object containing information about the interaction performed on a sensor that is emulating an industrial control system.
ics.request
[String] The command/ request that was sent to the ICS sensor.
ics.response
[String] The response from the ICS sensor.
ics.session
[String] A unique session ID to identify the series of interactions a host has with the sensor.
isp
[String] The ISP that is providing the organization with the IP space for the source IP. Consider this the "parent" of the organization in terms of IP ownership.
location
[Object] An object containing all of the location information for the connecting host.
location.area_code
[Integer] The area code for the device's location. Only available for the US.
location.city
[String] The name of the city where the device is located.
location.country_code
[String] The 2-letter country code for the device location.
location.country_code3
[String] The 3-letter country code for the device location.
location.country_name
[String] The name of the country where the device is located.
location.dma_code
[Integer] The designated market area code for the area where the device is located. Only available for the US.
location.latitude
[Double] The latitude for the geolocation of the device.
location.longitude
[Double] The longitude for the geolocation of the device.
location.postal_code
[String] The postal code for the device's location.
location.region_code
[String] The name of the region where the device is located.
org
[String] The name of the organization that is assigned the IP space for the source IP.
ssh
[Object] An list of properties that describe the interaction performed with the SSH service.
ssh.password
[String] The password that was attempted to login.
ssh.session
[String] A unique session ID to identify the series of interactions a host has with the sensor.
ssh.type
[String] The type of interaction that was performed, such as: NEW_CONNECTION, VALID_COMMAND, FILE_DOWNLOAD, CLOSED_CONNECTION etc.
ssh.url
The URL location for a file that the user downloaded using a tool such as wget.
ssh.username
[String] The username that was attempted to login.
Sample Event
{
    "src_port": 77,
    "proto": "tcp",
    "timestamp": "2015-01-07T02:12:04.688228083Z",
    "isp": "China Telecom jiangsu",
    "src_ip": "222.186.56.177",
    "dst_port": 3128,
    "org": "China Telecom jiangsu province backbone",
    "shodan": {
        "org": "Digital Ocean",
        "isp": "Digital Ocean",
        "location": {
            "city": "New York",
            "region_code": "NY",
            "area_code": 212,
            "time_zone": "America/New_York",
            "dma_code": 501,
            "metro_code": "New York, NY",
            "country_code3": "USA",
            "latitude": 40.72139999999999,
            "postal_code": "10013",
            "longitude": -74.0052,
            "country_code": "US",
            "country_name": "United States",
            "continent": "NA"
        },
        "tags": [
            "cloud",
            "backscatter"
        ]
    },
    "asn": "AS23650",
    "location": {
        "city": "Nanjing",
        "region_code": "04",
        "area_code": 0,
        "time_zone": "Asia/Shanghai",
        "dma_code": 0,
        "metro_code": null,
        "country_code3": "CHN",
        "latitude": 32.0617,
        "postal_code": null,
        "longitude": 118.77780000000001,
        "country_code": "CN",
        "country_name": "China",
        "continent": "AS"
    }
}
    



Contact Us

Shodan ® - All rights reserved