Skip to main content

GreyNoise

Download With Dependencies

GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. With this integration, users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats. The full integration code can be found here: https://github.com/demisto/content/tree/master/Packs/GreyNoise

GreyNoise tells security analysts what not to worry about. We do this by curating data on IPs that saturate security
tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating
more time to uncover and investigate true threats. Includes Actions to allow IP enrichment and GNQL queries via
the GreyNoise API.

What does this pack do?

The playbooks and actions in this pack help you to reduce Internet-Background noise and benign services from your
Incident Response work.
They also help automate repetitive tasks associated with routable IPv4 addresses:

  • Query an IP to determine if it is Internet-Background Noise
  • Query an IP to determine if it is a Benign Service
  • Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
  • Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
  • Calculate the severity of the incident using GreyNoise IP reputation data

This Pack Contains two Integrations: GreyNoise and GreyNoise Community

  • GreyNoise: is intended for those users that have a Paid GreyNoise subscription
  • GreyNoise Community: is intended for those users that use the free GreyNoise Community API

For more information, visit our GreyNoise Documentation

For pricing information, visit our GreyNoise Pricing or contact GreyNoise Sales

For GreyNoise support, contact GreyNoise Support

Pack Contributors:


  • Brad Chiappetta - GreyNoise

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

GreyNoise tells security analysts what not to worry about. We do this by curating data on IPs that saturate security
tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating
more time to uncover and investigate true threats. Includes Actions to allow IP enrichment and GNQL queries via
the GreyNoise API.

What does this pack do?

The playbooks and actions in this pack help you to reduce Internet-Background noise and benign services from your
Incident Response work.
They also help automate repetitive tasks associated with routable IPv4 addresses:

  • Query an IP to determine if it is Internet-Background Noise
  • Query an IP to determine if it is a Benign Service
  • Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
  • Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
  • Calculate the severity of the incident using GreyNoise IP reputation data

This Pack Contains two Integrations: GreyNoise and GreyNoise Community

  • GreyNoise: is intended for those users that have a Paid GreyNoise subscription
  • GreyNoise Community: is intended for those users that use the free GreyNoise Community API

For more information, visit our GreyNoise Documentation

For pricing information, visit our GreyNoise Pricing or contact GreyNoise Sales

For GreyNoise support, contact GreyNoise Support

Pack Contributors:


  • Brad Chiappetta - GreyNoise

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedFebruary 9, 2021
Last ReleaseSeptember 25, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.