GreyNoise

GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats.

Data Enrichment & Threat Intelligence · GreyNoise

Configuration parameters

  • integrationReliability — Integration Reliability
  • feedExpirationPolicy
  • feedExpirationInterval
  • apikey — API Key
  • credentials — API Key
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (9)

  • cve

    Queries GreyNoise for CVE Vuln Intelligence.

  • greynoise-context

    Identifies IPs that have been observed mass-scanning the internet.

  • greynoise-ip-quick-check

    Check whether a given IP address is "Internet background noise", or has been observed scanning or attacking devices across the Internet. Note: It checks against the last 60 days of Internet scanner data.

  • greynoise-query

    Get the information of IP based on the providence filters.

  • greynoise-riot

    Identifies IPs from known benign services and organizations that commonly cause false positives in network security and threat intelligence products. The collection of IPs in RIOT is continually curated and verified to provide accurate results. These IPs are extremely unlikely to pose a threat to your network.

  • greynoise-similarity

    Search for similar internet scanner IPs found in the GreyNoise Noise (internet scanner) dataset.

  • greynoise-stats

    Get aggregate statistics for the top organizations, actors, tags, ASNs, countries, classifications, and operating systems of all the results of a given GNQL query.

  • greynoise-timeline

    Retrieve daily scanner timeline information for an Internet Scanner.

  • ip

    Runs reputation on IPs.