Table: urlscan_server - Query URLscan Servers using SQL
URLscan is a service that allows users to analyze and monitor the security of their web servers. It provides detailed information about the server, including IP addresses, locations, and security vulnerabilities. With URLscan, users can easily identify potential security threats and take appropriate actions to mitigate them.
Table Usage Guide
The urlscan_server
table provides detailed insights into the servers scanned by URLscan. As a security analyst, explore server-specific details through this table, including IP addresses, locations, and security vulnerabilities. Utilize this table to uncover potential security threats and take appropriate actions to mitigate them.
Important Notes
- You must specify the
scan
in thewhere
clause to query this table.
Examples
List servers
Gain insights into the servers associated with a particular scan to understand its activity and usage. This can be useful for monitoring server performance, identifying potential issues, or tracking the impact of specific scans.
select *from urlscan_serverwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;
select *from urlscan_serverwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by count desc;
Servers by country
Explore which servers are associated with different countries. This is particularly useful for understanding the geographical distribution of your servers and identifying potential regional issues.
select countries ->> 0 as country, serverfrom urlscan_serverwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by country, server;
select json_extract(countries, '$[0]') as country, serverfrom urlscan_serverwhere scan = '54c78f69-5294-4a17-8ae0-a71943954e09'order by country, server;
Schema for urlscan_server
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
count | bigint | Number of requests to the server. | |
countries | jsonb | Countries where the server resides. | |
encoded_size | bigint | Total encoded size of all requests sent to this server. | |
ips | jsonb | IP addresses for the server. | |
scan | text | = | ID of the scan result. |
server | text | The server. | |
size | bigint | Total size of all requests sent to this server. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- urlscan
You can pass the configuration to the command with the --config
argument:
steampipe_export_urlscan --config '<your_config>' urlscan_server