ShadowTrackr

Log in >
RSS feed

Improved software and email detection

23 September 2024
This week's update improved the detection of software on websites and hosts.

Your assets are also checked for exposed email addresses, which will help you investigate and asses impact when they appear in a source like haveibeenpwned. That detection sometimes resulted in badly formatted email addresses, a problem that is now fixed.

Enjoy the the version :-)

Updated SSL scanner, and more capacity

16 September 2024
Yesterday the SSL scan software had a major update. Some certificates, especially in cloud environments, where showing trust issues that should have been no problem. With the new update, that is fixed. I hope all certificates are rescanned before the weekly reports are send out, but there might be some that still show a T grade. If you are in doubt, you can always fire a rescan from the GUI the make sure.

Also, all the infrastructure and scheduling updates of the last months are finally paying off. The scan capacity has massively increased and no scans should be running late anymore. If you do see that happening, please report it and I'll have a look at it.

OpenCTI connector for ShadowTrackr

02 September 2024
Good news for OpenCTI users: We now have a connector available! The source is here on Github: github.com/ShadowTrackr/opencti-connector-shadowtrackr. If you run OpenCTI in Docker, you can also use the prebuilt container basvanschaik/opencti-connector-shadowtrackr:1.0.2 on Dockerhub.

This first version of the connector uses the data in ShadowTrackr to reduce false positives in OpenCTI. ShadowTrackr contains a lot of data to track Cloud and CDN systems, TOR nodes, Public DNS servers en VPNs. If you run a Threat Intelligence Platform like OpenCTI, you'll be ingesting quite a few indicators that come from automatic analyses. Some of these are Cloud, VPN or CDN ip addresses that are rotated quickly. Others might be public DNS servers that malware uses to check if the internet is reachable. I've even seen GMail servers classified as "Phishing".

You don't want to block a CDN ip for 3 months if it's used by an atacker for just a day. And you don't want to block GMail servers when one bad user abused it to send out a phishing email.

You can use the ShadowTrackr OpenCTI connectors to label indicators, automatically reduce scores, and even reduce the validity date to just one day.

If you run a similar system as OpenCTI and need a plugin/connector to reduce false positives, please let me know.
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy