GreyNoise
GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats.
Data Enrichment & Threat Intelligence · GreyNoise
Configuration parameters
integrationReliability— Integration ReliabilityfeedExpirationPolicy—feedExpirationInterval—apikey— API Keycredentials— API Keyinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (9)
-
cveQueries GreyNoise for CVE Vuln Intelligence.
-
greynoise-contextIdentifies IPs that have been observed mass-scanning the internet.
-
greynoise-ip-quick-checkCheck whether a given IP address is "Internet background noise", or has been observed scanning or attacking devices across the Internet. Note: It checks against the last 60 days of Internet scanner data.
-
greynoise-queryGet the information of IP based on the providence filters.
-
greynoise-riotIdentifies IPs from known benign services and organizations that commonly cause false positives in network security and threat intelligence products. The collection of IPs in RIOT is continually curated and verified to provide accurate results. These IPs are extremely unlikely to pose a threat to your network.
-
greynoise-similaritySearch for similar internet scanner IPs found in the GreyNoise Noise (internet scanner) dataset.
-
greynoise-statsGet aggregate statistics for the top organizations, actors, tags, ASNs, countries, classifications, and operating systems of all the results of a given GNQL query.
-
greynoise-timelineRetrieve daily scanner timeline information for an Internet Scanner.
-
ipRuns reputation on IPs.