GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats. The full integration code can be found here: https://github.com/demisto/content/tree/master/Packs/GreyNoise
GreyNoise tells security analysts what not to worry about. We do this by curating data on IPs that saturate security
tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating
more time to uncover and investigate true threats. Includes Actions to allow IP enrichment and GNQL queries via
the GreyNoise API.
What does this pack do?
The playbooks and actions in this pack help you to reduce Internet-Background noise and benign services from your
Incident Response work.
They also help automate repetitive tasks associated with routable IPv4 addresses:
- Query an IP to determine if it is Internet-Background Noise
- Query an IP to determine if it is a Benign Service
- Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
- Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
- Calculate the severity of the incident using GreyNoise IP reputation data
This Pack Contains two Integrations: GreyNoise and GreyNoise Community
- GreyNoise: is intended for those users that have a Paid GreyNoise subscription
- GreyNoise Community: is intended for those users that use the free GreyNoise Community API
For more information, visit our GreyNoise Documentation
For pricing information, visit our GreyNoise Pricing or contact
GreyNoise Sales
For GreyNoise support, contact GreyNoise Support
Pack Contributors:
- Brad Chiappetta - GreyNoise
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
GreyNoise tells security analysts what not to worry about. We do this by curating data on IPs that saturate security
tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating
more time to uncover and investigate true threats. Includes Actions to allow IP enrichment and GNQL queries via
the GreyNoise API.
What does this pack do?
The playbooks and actions in this pack help you to reduce Internet-Background noise and benign services from your
Incident Response work.
They also help automate repetitive tasks associated with routable IPv4 addresses:
- Query an IP to determine if it is Internet-Background Noise
- Query an IP to determine if it is a Benign Service
- Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
- Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
- Calculate the severity of the incident using GreyNoise IP reputation data
This Pack Contains two Integrations: GreyNoise and GreyNoise Community
- GreyNoise: is intended for those users that have a Paid GreyNoise subscription
- GreyNoise Community: is intended for those users that use the free GreyNoise Community API
For more information, visit our GreyNoise Documentation
For pricing information, visit our GreyNoise Pricing or contact
GreyNoise Sales
For GreyNoise support, contact GreyNoise Support
Pack Contributors:
- Brad Chiappetta - GreyNoise
Contributions are welcome and appreciated. For more info, visit our Contribution Guide.
