<?xml version='1.0' encoding='UTF-8'?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>

<title>ShadowTrackr.com Blog</title>
<link>https://shadowtrackr.com/blog</link>
<atom:link href="https://shadowtrackr.com/rss" rel="self" type="application/rss+xml" />
<description>Updates on ShadowTrackr development</description>
<language>en-us</language>
<item>
<title>Branded PDF reports</title>
<link>https://shadowtrackr.com/blog/branded-pdf-reports</link>
<guid>https://shadowtrackr.com/blog/branded-pdf-reports</guid>
<description>The option to customize all pdf reports that ShadowTrackr sends is now available by default for all multi-tenant accounts. Look under Group settings in the left hand menu, and you'll find Branding

You can set your own logo instead of the ShadowTrackr logo, and even change the default ShadowTrackr color in the pdf to match your brand. This is especially useful for MSSPs.</description>
<pubDate>Mon, 06 Jul 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Revamped alerts GUI</title>
<link>https://shadowtrackr.com/blog/revamped-alerts-gui</link>
<guid>https://shadowtrackr.com/blog/revamped-alerts-gui</guid>
<description>The alerts GUI has undergone a major UX upgrade. While working on a query for an alert, you can now see the live results. This will make it easier to fine tune it. 

The actions to take (send emails, call webhooks) have moved to a second tab to clear up the screen. You can still send alerts to any email account, even if they are not ShadowTrackr users.

There is also a third tab where you can select the fields you want to include in the results that are sent. The default fields are preselected. It was possible to do this before with advanced query syntax, but seeing which fields are available and ticking the boxes for the ones you want is just much easier.

The email format has changed a bit and should allow you to better interpret the alert context. 

Some of these improvements, like the email format and third tab to select output fields, have been added to the reports GUI as well.</description>
<pubDate>Mon, 29 Jun 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Alerts for Multi-tenant accounts</title>
<link>https://shadowtrackr.com/blog/alerts-for-multi_tenant-accounts</link>
<guid>https://shadowtrackr.com/blog/alerts-for-multi_tenant-accounts</guid>
<description>This week's update is a major one. The pricing structure has changed so that resellers, MSSPs and others that need a multi-tenant account can now register for online credit card subscription. It's still possible to work with purchase orders, but for those that want simplicity and speed there now is a better option. 

Also, since we're fully European now prices are in Euros instead of in Dollars. The numbers are the same, which means a slight increase in price. This covers our increased costs. All existing accounts, including the current online credit card subscriptions, will stay on the old price levels for now.

Since multi-tenant use is increasing we also put more development in multi-tenant features. Alerts and the alert library are now available on the group level in multi-tenant accounts. This means you can set an alert for a specific event happening in any of the organizations in your group account.

Please note that there still is a lot in the development pipeline for alerts. Some of you handed in wishlists with useful request for alerts, and we intent to support all of them.

</description>
<pubDate>Mon, 15 Jun 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New: Supplier Dependency Report</title>
<link>https://shadowtrackr.com/blog/new:-supplier-dependency-report</link>
<guid>https://shadowtrackr.com/blog/new:-supplier-dependency-report</guid>
<description>ShadowTrackr has been gathering supplier information for your assets for while now, and we've been expanding that. For each supplier, we now track where the corporate seat is and if it is Sovereign European (focused on having EU only dependencies), Fully European (no outside EU control), a European Subsidiary (non-European controlling party), or Non-European. 

Given the current drive in Europe to achieve more independence from Non-European countries, the new Supplier Dependency Report might be of help. It shows a worldmap with the countries where the suppliers of your assets, and allows you to drill down on details.

Here are some example queries to see results for your organization:

$supplier_dependency_report country="united states"

$supplier_dependency_report control="Non-European" 
    or "European subsidiary"




</description>
<pubDate>Mon, 18 May 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Set Custom IDs for assets</title>
<link>https://shadowtrackr.com/blog/set-custom-ids-for-assets</link>
<guid>https://shadowtrackr.com/blog/set-custom-ids-for-assets</guid>
<description>If you have an internal asset management system or CMDB that has its own IDs, you can now add those as custom IDs to ShadowTrackr through the API. The IDs will come back with API results and can be used to select in queries. If set they are also shown in the GUI (but you cannot set them there at the moment).

A custom_id does not have to be unique. You can have a single ID for multiple ip addresses or urls.
</description>
<pubDate>Mon, 11 May 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Automatic False Positive detection update</title>
<link>https://shadowtrackr.com/blog/automatic-false-positive-detection-update</link>
<guid>https://shadowtrackr.com/blog/automatic-false-positive-detection-update</guid>
<description>The TLS and SSL tests come up with quite a lot of results for some older vulnerabilities.  These might be a thing for legacy systems, but are almost always fixed in modern systems. That does not always show on the outside and clogs up the vulnerability overviews.

You can of course mark them as false positives, but since there can be quick a lot we changed the default. The following vulnerabilities are now by default marked as false positive:  CVE-2011-3389, CVE-2013-0169, CVE-2013-3587, CVE-2014-0224.</description>
<pubDate>Mon, 11 May 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Big UI update for better UX</title>
<link>https://shadowtrackr.com/blog/big-ui-update-for-better-ux</link>
<guid>https://shadowtrackr.com/blog/big-ui-update-for-better-ux</guid>
<description>The Shadowtrackr User Interface has organically grown over the years. This is a nice way of saying that it got a bit inconsistent and at some places rather ugly even.

This weeks update brings consistency back and adds a better overall user experience.</description>
<pubDate>Mon, 04 May 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Trouble: It's always DNS :-(</title>
<link>https://shadowtrackr.com/blog/trouble:-it's-always-dns-:_(</link>
<guid>https://shadowtrackr.com/blog/trouble:-it's-always-dns-:_(</guid>
<description>After moving the domain and DNS registry to a European provider, it turns out that new provider doesn't sail as smooth as the old one. 
Some of you might have problems with anycast and DNSSEC for our domain, and I'm not sure the new provider is handling this well.

We might have to move again, apologies for the trouble.
</description>
<pubDate>Tue, 28 Apr 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Domain and DNS moved to EU</title>
<link>https://shadowtrackr.com/blog/domain-and-dns-moved-to-eu</link>
<guid>https://shadowtrackr.com/blog/domain-and-dns-moved-to-eu</guid>
<description>Another step in reducing dependencies on providers from outside the EU was completed today. All DNS and Domain records have moved from a US company to Openprovider in The Netherlands.</description>
<pubDate>Mon, 20 Apr 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Data model updated, new detections</title>
<link>https://shadowtrackr.com/blog/data-model-updated,-new-detections</link>
<guid>https://shadowtrackr.com/blog/data-model-updated,-new-detections</guid>
<description>After updating the API documentation and magic queries, it was now time to update the data model. You'll find all indexes, fields, their datatypes and descriptions. For some indexes it's straight forward, but an index like DNS has many undescriptive fields (k, t, etc.) derived from the underlying DNS records that can be quite confusing without proper documentation. 

Besides this, a bunch of new and revised detections have gone to production, along with some bug fixes in the GUI.</description>
<pubDate>Mon, 13 Apr 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Shadowserver integration updated</title>
<link>https://shadowtrackr.com/blog/shadowserver-integration-updated</link>
<guid>https://shadowtrackr.com/blog/shadowserver-integration-updated</guid>
<description>There is a lot of development going on, but not everything is directly visible. So we'll not bore you with details and stick to the useable stuff.

We recently added integration with Shadowserver.org. Up until now, their data was only used for discovery. For multi-tenant users, each organization had to enter the API keys separately resulting in extra work for users and more load on our servers.

This update allows multi-tenant users like MSSPs, Hosters and Network Operators to add the Shadowserver integration on group level. ShadowTrack will check daily, get all assets and events available in Shadowserver, and map these to the organizations you have in your group.

The new integration also uses the Shadowserver data much better. Besides discovery, you can import the device_id data (both IPv4 and IPv6) in to a special index in ShadowTrackr called shadowserver_device_id. The Shadowserver reports are now also parsed and processed as events. So, if one of your servers is connecting to a sinkhole or honeypot the alert for that will show up in your ShadowTrackr events.</description>
<pubDate>Tue, 07 Apr 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Updated Magic queries documentation</title>
<link>https://shadowtrackr.com/blog/updated-magic-queries-documentation</link>
<guid>https://shadowtrackr.com/blog/updated-magic-queries-documentation</guid>
<description>As part of a continuing effort to update and improve documentation, the first information on magic queries is now available.

Sometimes you want data from ShadowTrackr that you know is in there, but cannot get out with the query language. A good example is if you want to combine data from two or more indexes. The query language does not support joins. This is where magic queries are used.

All magic queries start with a $. There are a number of existing ones, and they are now listed  in  the documentation. For quick access, just type $ in the search bar in the gui and auto-complete will show you what's available.

If you cannot find the magic query that you need, contact support and we'll try to make a new magic query for your specific needs. </description>
<pubDate>Mon, 30 Mar 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Updated scheduling algorithms</title>
<link>https://shadowtrackr.com/blog/updated-scheduling-algorithms</link>
<guid>https://shadowtrackr.com/blog/updated-scheduling-algorithms</guid>
<description>Most scheduling algorithms have been reviewed and updated. The trigger for this was that sometimes an item could drop out or get stuck somewhere and was not properly scanned for a while. That is fixed now, and the resulting backlog of unscanned items was processed over the weekend. </description>
<pubDate>Sun, 29 Mar 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>API v4 is here, with more data and more options</title>
<link>https://shadowtrackr.com/blog/api-v4-is-here,-with-more-data-and-more-options</link>
<guid>https://shadowtrackr.com/blog/api-v4-is-here,-with-more-data-and-more-options</guid>
<description>ShadowTrackr has been gathering more information on your assets since API v3 was released. There are more indexes, reports and magic queries available too. Not all of those were available in the API yet. Also, version 3 had some inconsistenties that we'd love to get rid of.

Api v4 is now available. The ShadowTrackr python module on github is also updated.

The most significant changes:

The data returned is consistent and proper formatted everywhere
Error messages and result descriptions have improved
API is much better documented, with code examples
Code examples are with cURL, Python and PHP
All endpoints now have the same names in the python module
New endpoints available for suppliers, vulnerabilities and more

If you have specific requests for the API or questions on how to use it, please let us know :-)</description>
<pubDate>Mon, 16 Mar 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Scannernodes upgraded</title>
<link>https://shadowtrackr.com/blog/scannernodes-upgraded</link>
<guid>https://shadowtrackr.com/blog/scannernodes-upgraded</guid>
<description>There has been a big upgrade on all scannernodes. Fresh installs with a new OS, better monitoring, and better security. All scannernodes have encryption enabled now. 
Besides software improvements, server capacity had been increased too.</description>
<pubDate>Mon, 09 Mar 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Multi-tenant endpoints in API</title>
<link>https://shadowtrackr.com/blog/multi_tenant-endpoints-in-api</link>
<guid>https://shadowtrackr.com/blog/multi_tenant-endpoints-in-api</guid>
<description>There have been some hidden API options for multi-tenant users for a while, and since there is a growing number of multi-tenant users it was about time to properly document it.

If you have a multi-tenant subscription, there are groupadmins that can create, view and delete organizations in the GUI. These organizations are isolated and cannot see each others data. The groupadmin does have options to query and report over all organizations in the group.

Some of you want to dynamically manage organizations through the API.
For that, there are three endpoints available:

create organization

active_organizations

delete_organization

You can of course also use this functionality in the ShadowTrackr Python API. There is a multi-tenant example included in the code on Github.

The groupcode and group API key needed to use this can be found in the GUI on the group settings page. This page is only accessible to groupadmins.

</description>
<pubDate>Mon, 02 Mar 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New API tag management endpoints</title>
<link>https://shadowtrackr.com/blog/new-api-tag-management-endpoints</link>
<guid>https://shadowtrackr.com/blog/new-api-tag-management-endpoints</guid>
<description>With the two new endpoints add_tags and remove_tags you can now manage asset tags through the API. For those of you that have thousands of assets this is much easier than the manual tagging available in the GUI.

The ShadowTrackr python module is updated too. More details about the endpoints are available in the API documentation.</description>
<pubDate>Mon, 23 Feb 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Data and core infra moved to Germany</title>
<link>https://shadowtrackr.com/blog/data-and-core-infra-moved-to-germany</link>
<guid>https://shadowtrackr.com/blog/data-and-core-infra-moved-to-germany</guid>
<description>If things feel a little different when you access ShadowTrackr today, that might be cause the core infrastructure and data are in Germany now. This weekend the migration was completed. It was quite the operation, but I'll not go into it because it tends to get a bit boring to read about. 

The point was to get the data in the EU. And not only have the data and servers moved, we also switched from an American to a German hosting company. We're following the calls to reduce dependencies outside the EU. That still means anyone from outside the EU is welcome to use ShadowTrackr of course.

The scanner nodes have not migrated yet. The are spread all over the world as we need them to be and still at the old hosting company. Most of them, perhaps all, will migrate too.</description>
<pubDate>Mon, 16 Feb 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New: Censys and Shadowserver integrations</title>
<link>https://shadowtrackr.com/blog/new:-censys-and-shadowserver-integrations</link>
<guid>https://shadowtrackr.com/blog/new:-censys-and-shadowserver-integrations</guid>
<description>Two new integrations, and an update for the existing one (Shodan). These integrations allow you to enrich and import data into ShadowTrackr. For now they are mostly used for discovery and host data. Shadowserver has useful alerts too, and a next version of the integration might import these too.

Censys and Shodan are different than ShadowTrackr. These platforms widely scan the entire internet, and so might pick-up an asset that ShadowTrackr has missed. ShadowTrackr scans your organization in-depth (and not just the hosts and websites), maintains history, and has more reporting options. They are different tools that nicely complement each other. You can configure how often checks are done, so you can stay in control of the credits you have on Censys and Shodan.

If you have Shadowserver credentials and want to configure the integration, please check first if you receive their reports for just your assets or for other organizations too. If you run a CERT for an industry, you're likely to receive reports on the entire industry. If you are in law enforcement, you'll receive data on your entire jurisdiction. In those cases you'll want to tick the "no_suggestions" box on the Shadowserver configuration page in ShadowTrackr. If you don't do that, all assets that are not recognized as yours will be added as suggestions. This an run in the thousands.</description>
<pubDate>Mon, 09 Feb 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Updated detections, and work on new integrations</title>
<link>https://shadowtrackr.com/blog/updated-detections,-and-work-on-new-integrations</link>
<guid>https://shadowtrackr.com/blog/updated-detections,-and-work-on-new-integrations</guid>
<description>Some updated detections have gone live this week. 

Also, a bigger update is on the way: the Shodan plugin is being updated, and Censys and Shadowserver integrations are currently in test. They might just go live in the next update round :-)</description>
<pubDate>Mon, 02 Feb 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>CAA in internetstandard checks</title>
<link>https://shadowtrackr.com/blog/caa-in-internetstandard-checks</link>
<guid>https://shadowtrackr.com/blog/caa-in-internetstandard-checks</guid>
<description>The internet standards check at internet.nl has added a CAA check a while ago. Although the data for CAA has been in ShadowTrackr for years, it was still lacking on the internet standards overview and report. That is fixed now.

The current update also introduced the option to make a proper PDF export of the $dns_dependency_report. While this sounds like a small step, it's actually quite  a thing. The code behind this opens the door to exporting all sorts of fancy graphs to PDFs.
	</description>
<pubDate>Mon, 19 Jan 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New detections, and false positive CVE removed</title>
<link>https://shadowtrackr.com/blog/new-detections,-and-false-positive-cve-removed</link>
<guid>https://shadowtrackr.com/blog/new-detections,-and-false-positive-cve-removed</guid>
<description>The current update has more and better software detections, focussing mostly on webframeworks and remote login services.

Recently all vulnerabilities detected on certificates where included in the main vulnerability index. Some of you have noticed that CVE-2013-0169 (LUCKY13) appeared on quite a few webserver/certificates. You can prevent this by removing all CBC ciphers, but the truth is that about all webservers have fixed this vulnerability years ago and almost all instances where CVE-2013-0169 is found are false positives.

CVE-2013-0169 is now marked as false positive and does not appear in the vulnerability index anymore. It does still show on the certificate page with the notice that the webserver presenting the certificate is possibly vulnerable.</description>
<pubDate>Mon, 12 Jan 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New group options, DNS dependency preview</title>
<link>https://shadowtrackr.com/blog/new-group-options,-dns-dependency-preview</link>
<guid>https://shadowtrackr.com/blog/new-group-options,-dns-dependency-preview</guid>
<description>For anyone using group accounts, you now have access to suggestions and events on the group level, meaning you can see and edit all of your suborganizations events and suggestions from the grouphome page. The overviews also show the organization names. To better enabled user management, you can now also see the last login time of users.

A big thing for the coming year will be better graphs and reports, providing more actionable insights. The first one is in beta now: $dns_dependency_report

This graph shows all your urls on the left, and your domain name servers on the right. This gives a very nice overview of how your DNS dependencies are. You can instantly spot the outliers, and see which domains depend on just a single provider.</description>
<pubDate>Mon, 05 Jan 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>Big happy new year server and database cleanup</title>
<link>https://shadowtrackr.com/blog/big-happy-new-year-server-and-database-cleanup</link>
<guid>https://shadowtrackr.com/blog/big-happy-new-year-server-and-database-cleanup</guid>
<description>The title says it all. Since it's a nice quite day, it was time for a big cleanup.

This has caused delays in scans, sorry about that. If you are doing periodic scans through the API and need the results within a shot time, you likely got less or no results for your scan.

Regular users shouldn't really notice anything. </description>
<pubDate>Thu, 01 Jan 2026 00:00:00 +0000</pubDate>
</item>
<item>
<title>New vulnerabilities index, software index complete </title>
<link>https://shadowtrackr.com/blog/new-vulnerabilities-index,-software-index-complete-</link>
<guid>https://shadowtrackr.com/blog/new-vulnerabilities-index,-software-index-complete-</guid>
<description>Almost all software detection has moved to the new software index. If you want to have a look, use this query:

    index=software

It has separate fields for vendor, product, version and patch (name of the patch), and shows when specific software was first_seen and last_seen. This will allow you to check what software you had running in the past. Sometimes a new vulnerability is published and it turns out it has been used for months already. Your current software version might not be vulnerable, but the one last month might have been. You can check that now.

The magic query $software_vulnerabilities_report and other software queries are now replaced with a fully functional software index. There are fields for software, assets, ip, url, cve, cvss_score, cvss_severity and, like with the software index, first_seen and last_seen fields for every cve seen on every asset. Here are some example queries:

Show all recent vulnerabilities with a cvss_score above 8:

    index=vulnerabilities last_seen>-7d cvss_score>8

Show all recent criticals:

    index=vulnerabilities last_seen>-7d cvss_severity=critical

Check if you where vulnerable to CVE-2025-23048 last month:

    index=vulnerabilities first_seen</description>
<pubDate>Mon, 08 Dec 2025 00:00:00 +0000</pubDate>
</item>
</channel>
</rss>
