https://shadowtrackr.com/blog Updates on ShadowTrackr development en-us https://shadowtrackr.com/blog/t/Shadowserver-integration-updated https://shadowtrackr.com/blog/t/Shadowserver-integration-updated There is a lot of development going on, but not everything is directly visible. So we'll not bore you with details and stick to the useable stuff. We recently added integration with Shadowserver.org. Up until now, their data was only used for discovery. For multi-tenant users, each organization had to enter the API keys separately resulting in extra work for users and more load on our servers. This update allows multi-tenant users like MSSPs, Hosters and Network Operators to add the Shadowserver integration on group level. ShadowTrack will check daily, get all assets and events available in Shadowserver, and map these to the organizations you have in your group. The new integration also uses the Shadowserver data much better. Besides discovery, you can import the device_id data (both IPv4 and IPv6) in to a special index in ShadowTrackr called shadowserver_device_id. The Shadowserver reports are now also parsed and processed as events. So, if one of your servers is connecting to a sinkhole or honeypot the alert for that will show up in your ShadowTrackr events. Tue, 07 Apr 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Updated-Magic-queries-documentation https://shadowtrackr.com/blog/t/Updated-Magic-queries-documentation As part of a continuing effort to update and improve documentation, the first information on magic queries is now available. Sometimes you want data from ShadowTrackr that you know is in there, but cannot get out with the query language. A good example is if you want to combine data from two or more indexes. The query language does not support joins. This is where magic queries are used. All magic queries start with a $. There are a number of existing ones, and they are now listed in the documentation. For quick access, just type $ in the search bar in the gui and auto-complete will show you what's available. If you cannot find the magic query that you need, contact support and we'll try to make a new magic query for your specific needs. Mon, 30 Mar 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Updated-scheduling-algorithms https://shadowtrackr.com/blog/t/Updated-scheduling-algorithms Most scheduling algorithms have been reviewed and updated. The trigger for this was that sometimes an item could drop out or get stuck somewhere and was not properly scanned for a while. That is fixed now, and the resulting backlog of unscanned items was processed over the weekend. Sun, 29 Mar 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/API-v4-is-here,-with-more-data-and-more-options https://shadowtrackr.com/blog/t/API-v4-is-here,-with-more-data-and-more-options ShadowTrackr has been gathering more information on your assets since API v3 was released. There are more indexes, reports and magic queries available too. Not all of those were available in the API yet. Also, version 3 had some inconsistenties that we'd love to get rid of. Api v4 is now available. The ShadowTrackr python module on github is also updated. The most significant changes: The data returned is consistent and proper formatted everywhere Error messages and result descriptions have improved API is much better documented, with code examples Code examples are with cURL, Python and PHP All endpoints now have the same names in the python module New endpoints available for suppliers, vulnerabilities and more If you have specific requests for the API or questions on how to use it, please let us know :-) Mon, 16 Mar 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Scannernodes-upgraded https://shadowtrackr.com/blog/t/Scannernodes-upgraded There has been a big upgrade on all scannernodes. Fresh installs with a new OS, better monitoring, and better security. All scannernodes have encryption enabled now. Besides software improvements, server capacity had been increased too. Mon, 09 Mar 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Multi_tenant-endpoints-in-API https://shadowtrackr.com/blog/t/Multi_tenant-endpoints-in-API There have been some hidden API options for multi-tenant users for a while, and since there is a growing number of multi-tenant users it was about time to properly document it. If you have a multi-tenant subscription, there are groupadmins that can create, view and delete organizations in the GUI. These organizations are isolated and cannot see each others data. The groupadmin does have options to query and report over all organizations in the group. Some of you want to dynamically manage organizations through the API. For that, there are three endpoints available: create organization active_organizations delete_organization You can of course also use this functionality in the ShadowTrackr Python API. There is a multi-tenant example included in the code on Github. The groupcode and group API key needed to use this can be found in the GUI on the group settings page. This page is only accessible to groupadmins. Mon, 02 Mar 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-API-tag-management-endpoints https://shadowtrackr.com/blog/t/New-API-tag-management-endpoints With the two new endpoints add_tags and remove_tags you can now manage asset tags through the API. For those of you that have thousands of assets this is much easier than the manual tagging available in the GUI. The ShadowTrackr python module is updated too. More details about the endpoints are available in the API documentation. Mon, 23 Feb 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Data-and-core-infra-moved-to-Germany https://shadowtrackr.com/blog/t/Data-and-core-infra-moved-to-Germany If things feel a little different when you access ShadowTrackr today, that might be cause the core infrastructure and data are in Germany now. This weekend the migration was completed. It was quite the operation, but I'll not go into it because it tends to get a bit boring to read about. The point was to get the data in the EU. And not only have the data and servers moved, we also switched from an American to a German hosting company. We're following the calls to reduce dependencies outside the EU. That still means anyone from outside the EU is welcome to use ShadowTrackr of course. The scanner nodes have not migrated yet. The are spread all over the world as we need them to be and still at the old hosting company. Most of them, perhaps all, will migrate too. Mon, 16 Feb 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/New:-Censys-and-Shadowserver-integrations https://shadowtrackr.com/blog/t/New:-Censys-and-Shadowserver-integrations Two new integrations, and an update for the existing one (Shodan). These integrations allow you to enrich and import data into ShadowTrackr. For now they are mostly used for discovery and host data. Shadowserver has useful alerts too, and a next version of the integration might import these too. Censys and Shodan are different than ShadowTrackr. These platforms widely scan the entire internet, and so might pick-up an asset that ShadowTrackr has missed. ShadowTrackr scans your organization in-depth (and not just the hosts and websites), maintains history, and has more reporting options. They are different tools that nicely complement each other. You can configure how often checks are done, so you can stay in control of the credits you have on Censys and Shodan. If you have Shadowserver credentials and want to configure the integration, please check first if you receive their reports for just your assets or for other organizations too. If you run a CERT for an industry, you're likely to receive reports on the entire industry. If you are in law enforcement, you'll receive data on your entire jurisdiction. In those cases you'll want to tick the "no_suggestions" box on the Shadowserver configuration page in ShadowTrackr. If you don't do that, all assets that are not recognized as yours will be added as suggestions. This an run in the thousands. Mon, 09 Feb 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Updated-detections,-and-work-on-new-integrations https://shadowtrackr.com/blog/t/Updated-detections,-and-work-on-new-integrations Some updated detections have gone live this week. Also, a bigger update is on the way: the Shodan plugin is being updated, and Censys and Shadowserver integrations are currently in test. They might just go live in the next update round :-) Mon, 02 Feb 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/CAA-in-internetstandard-checks https://shadowtrackr.com/blog/t/CAA-in-internetstandard-checks The internet standards check at internet.nl has added a CAA check a while ago. Although the data for CAA has been in ShadowTrackr for years, it was still lacking on the internet standards overview and report. That is fixed now. The current update also introduced the option to make a proper PDF export of the $dns_dependency_report. While this sounds like a small step, it's actually quite a thing. The code behind this opens the door to exporting all sorts of fancy graphs to PDFs. Mon, 19 Jan 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-detections,-and-false-positive-CVE-removed https://shadowtrackr.com/blog/t/New-detections,-and-false-positive-CVE-removed The current update has more and better software detections, focussing mostly on webframeworks and remote login services. Recently all vulnerabilities detected on certificates where included in the main vulnerability index. Some of you have noticed that CVE-2013-0169 (LUCKY13) appeared on quite a few webserver/certificates. You can prevent this by removing all CBC ciphers, but the truth is that about all webservers have fixed this vulnerability years ago and almost all instances where CVE-2013-0169 is found are false positives. CVE-2013-0169 is now marked as false positive and does not appear in the vulnerability index anymore. It does still show on the certificate page with the notice that the webserver presenting the certificate is possibly vulnerable. Mon, 12 Jan 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-group-options,-DNS-dependency-preview https://shadowtrackr.com/blog/t/New-group-options,-DNS-dependency-preview For anyone using group accounts, you now have access to suggestions and events on the group level, meaning you can see and edit all of your suborganizations events and suggestions from the grouphome page. The overviews also show the organization names. To better enabled user management, you can now also see the last login time of users. A big thing for the coming year will be better graphs and reports, providing more actionable insights. The first one is in beta now: $dns_dependency_report This graph shows all your urls on the left, and your domain name servers on the right. This gives a very nice overview of how your DNS dependencies are. You can instantly spot the outliers, and see which domains depend on just a single provider. Mon, 05 Jan 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/Big-happy-new-year-server-and-database-cleanup https://shadowtrackr.com/blog/t/Big-happy-new-year-server-and-database-cleanup The title says it all. Since it's a nice quite day, it was time for a big cleanup. This has caused delays in scans, sorry about that. If you are doing periodic scans through the API and need the results within a shot time, you likely got less or no results for your scan. Regular users shouldn't really notice anything. Thu, 01 Jan 2026 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-vulnerabilities-index,-software-index-complete- https://shadowtrackr.com/blog/t/New-vulnerabilities-index,-software-index-complete- Almost all software detection has moved to the new software index. If you want to have a look, use this query: index=software It has separate fields for vendor, product, version and patch (name of the patch), and shows when specific software was first_seen and last_seen. This will allow you to check what software you had running in the past. Sometimes a new vulnerability is published and it turns out it has been used for months already. Your current software version might not be vulnerable, but the one last month might have been. You can check that now. The magic query $software_vulnerabilities_report and other software queries are now replaced with a fully functional software index. There are fields for software, assets, ip, url, cve, cvss_score, cvss_severity and, like with the software index, first_seen and last_seen fields for every cve seen on every asset. Here are some example queries: Show all recent vulnerabilities with a cvss_score above 8: index=vulnerabilities last_seen>-7d cvss_score>8 Show all recent criticals: index=vulnerabilities last_seen>-7d cvss_severity=critical Check if you where vulnerable to CVE-2025-23048 last month: index=vulnerabilities first_seen Mon, 08 Dec 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-software-index,-with-more-detections https://shadowtrackr.com/blog/t/New-software-index,-with-more-detections This week the new software index has moved to production. All older, decentralized data is being migrated or re-indexed and this might result in temporary issues like counts not matching in different overviews. By the end of the week all should be fine again. The data in today's weekly report is still based on the old indexes. The new index allows for easier development of detection rules, more software detections, faster lookups and automatic false positive marking. That last one is very interesting. Under certain specific circumstances we can detect that the exposed software is actually a patched version for which the version number has not changed. If we see this, we'll automatically create a false positive entry for you and you can keep track of what is happening. Mon, 01 Dec 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/More-supplier-detections,-more-software-detection-rules https://shadowtrackr.com/blog/t/More-supplier-detections,-more-software-detection-rules This week n bunch of new and improved detection rules have gone live, and more suppliers are detected. You can check out the suppliers yourself in the new suppliers index. For now, it remains undocumented. When the software suppliers are added it's complete enough to be used, and it will be available as a report in the report library. Mon, 24 Nov 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/Sneak-preview:-supplier-index https://shadowtrackr.com/blog/t/Sneak-preview:-supplier-index To better prepare and handle supply chain attacks, you first need to have a list of your suppliers. For any reasonably sized company, this can be quite a challenge. ShadowTrackr already has quite a lot of data on your hosting providers, software (including SaaS) providers, certificate issuers, domain registrars and more. All this information will now be gathered in a separate index named "suppliers". Not everything is in there yet, so it's not production ready. But, if you are interested, you can have a sneak peak with this query: index=suppliers Mon, 17 Nov 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/Patched-software-overview https://shadowtrackr.com/blog/t/Patched-software-overview The new vulnerabilities progress chart from last week is extended with a table showing which vulnerabilities from the previous week are no longer seen. If a vulnerability is no longer seen, it can be because it is patched, or because the website could not be scanned. If a vulnerability is patched, you will see the new version number detected, or just the name of the software in cases where the version could not be determined. If the website could not be scanned because it was not up, or returned an error, the table shows "not seen". You can investigate the details yourself by clicking on the url. The urls you see are specific for an ip address, since a website can be hosted on multiple servers. There are cases where your website runs in the cloud and appears on always changing ip addresses. In that case, the new cloud websites are compared against the old, and the comparison based on a specific ip address is not done. There are probably some more edge cases that can result in weird results. If you find one, please report it :-) Mon, 10 Nov 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/Vulnerabilities-progress-chart https://shadowtrackr.com/blog/t/Vulnerabilities-progress-chart The main thing of the current update is the stacked bar chart showing the number of vulnerabilities over time. They are stacked by severity (CRITICAL, HIGH, etc.) and you can see the last 4 weeks and two months ago. You'll want to see the height of the bar going down of course, that would indicate a shrinking attack surface. If you want to see which specific vulnerabilities you need to patch first to reduce you attack surface the most, have a look at the My vulnerabilities overview. The ones at the top are causing the biggest risks. Mon, 03 Nov 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/New:-Shared-hosting-report https://shadowtrackr.com/blog/t/New:-Shared-hosting-report There is a new report available in the report library that shows third party websites running on shared hosting where your websites are hosted too. These third party websites could be a security risk or damage your brand reputation, so you should have a look at them regularly. You can also look up the shared hosting for your organization directly with this magic query: $shared_hosting_report last_seen>-7d If you find trouble, contact the hosting company and ask them to organize the shared hosting in such a way that the offending website is not sharing a host with your website anymore. Another option of course is using dedicated hosting. Also, completely unrelated to shared hosting, with this weeks update everyone running a group account can now manage all users from the subaccounts in the groupaccount too. Mon, 27 Oct 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/New-report-options https://shadowtrackr.com/blog/t/New-report-options There have been some additions to the data and query language that allow better searching, reports and alerts. The first is that you can and a url, with wildcard, to all of the magic software queries. A magic query is one that starts with a $, and it is magic because it gathers data in a way that is not possible in the query language in ShadowTrackr. Here's an example: $software_vulnerabilities_report last_seen>-7d url="*.com" This will create a report of all vulnerable software found, with a list of assets with vulnerabilities that are found in the last week, but only for all your .com domains. The second change is that you can use asset as a column in the assets and cves_assets indexes. Asset can be an ip address or a url/domain and it supports wildcards. Example: index=cves_assets asset="*.nl" This will list all vulnerabilities (one per line) found on your .nl domains. Note that this index contains older (patched) vulnerabilities too, so if you only want the recents ones do: index=cves_assets last_seen>-7d asset="*.nl" The third and last addition is the days column in the certificates index. It shows how long a certificate is valid in days. This allows you to make types of new reports, like this overview that groups certificates and issuers per how long the certificates are valid. index=certificates last_seen>-7d by days | table days issuer Mon, 20 Oct 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/Better-alert-emails,-improved-group-account https://shadowtrackr.com/blog/t/Better-alert-emails,-improved-group-account The email alerts should be more usable now. Before, you had to open the attachment to see the actuals results. Most results are just about a few assets and listing those in the email body itself would save a click. So that's what is done now. Some results are shown, up to a maximum of 10. If there are too many columns to show properly, the middle ones are cut out in the email body (but still all included in the attachment). Another update is on group accounts. Some of you are responsible for multiple organisations that are not supposed to see each others data. This can be done with a groupaccount, where the subaccounts behave just like regular ShadowTrackr accounts but the groupaccount admins can see and search all data of all subaccounts. As a groupaccount admin you can enter a subaccount and go back to the grouplevel, but it wasn't always very clear where exactly you were at a given moment. That is fixed now (it's shows in the bottom left, in bright yellow). Also some extra menu items are added to the groupadmin menu for better navigation. Mon, 06 Oct 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/In-Beta:-RPKI-checks-in-internet-standards-report https://shadowtrackr.com/blog/t/In-Beta:-RPKI-checks-in-internet-standards-report The internet standards report has been in ShadowTrackr for quite some time, but so far the RPKI checks where skipped. They are now implemented and rolled out over all assets to verify if this new update works properly. On most assets, it does. Sometimes multiple overlapping prefixes are found, with one of them resulting in an "invalid length" problem. These will be filtered out in the coming week. The Internet standard report is by default enabled for all domains. You can add specific urls or subdomains if you want: Go to the url page and click "add to internet standards report" in the action menu (the three dots) in the upper right corner. Mon, 29 Sep 2025 00:00:00 +0000 https://shadowtrackr.com/blog/t/Sorted-vulnerabilities-and-certificate-scans https://shadowtrackr.com/blog/t/Sorted-vulnerabilities-and-certificate-scans The vulnerabilities reports and the vulnerabilities overview in the GUI are better ordered now. The goal is that you can immediately see which software you should update first to reduce your risk. Last week the order changed so that the software is in the first column and the assets that run that software are second. This week the sort order changed so that the software with the worst vulnerabilities (in score and number) is now on top. The vulnerabilities per line are also ordered with the worst at the front. This should better enable you to prioritize actions. Another update is in the way the certificates are scanned. Some edge cases were not handled properly. They are now. Mon, 22 Sep 2025 00:00:00 +0000