Skip to main content

GreyNoise Premium

GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic.

Learn about Private Offer

GreyNoise tells security analysts what not to worry about. We do this by curating data on IPs that saturate security tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

Using a global network of passive sensors, GreyNoise collects, analyzes, and labels data on IPs that scan and attack the internet, in order to help organizations prioritize false positives or low-fidelity alerts triggered by harmless traffic. GreyNoise data provides security teams with an early warning system for mass exploitation attacks on the internet, real-time IP block lists they can use to defend themselves, and context to quickly eliminate noisy alerts.

This premium pack provides access to an enterprise GreyNoise API key that allows for an increased amount of queries, starting at 100 per day, as well as access to additional data returned from the enterprise API endpoints. This pack is only available via Private Offer and the solution will be customized and priced for the customer’s unique requirements.

Use Cases

  • SOC efficiency
    GreyNoise helps SOC analysts and incident responders investigate and triage security alerts more quickly and effectively by separating targeted activity from irrelevant or harmless background noise.

    And for security engineering teams building correlation rules and automation in SIEM and SOAR, GreyNoise data can be used to automatically de-prioritize and suppress noisy alerts GreyNoise customers have reduced alerts by up to 25% or more.

  • Vulnerability intelligence
    GreyNoise provides an early warning system to identify when a vulnerability is being mass exploited at scale in the wild. This information is a critical data point for patch prioritization, as well as knowing when to “break the glass” and trigger emergency patching protocols.

    During a mass exploitation attack, security teams are typically scrambling to fix the vulnerability, block ongoing attacks, and find early signs of compromise. GreyNoise provides dynamic IP blocklists, curated by CVE, that allow organizations to defend themselves during the early "window of exposure" from these attacks…and to hunt for known attacker IPs.

  • Threat hunting insights and productivity
    GreyNoise helps threat hunters and intelligence analysts by providing visibility and deep context into mass scanning IP addresses that form the early-stage attack infrastructure for many of today’s most dangerous cyber threats.

Getting Started

This premium pack provides access to an enterprise GreyNoise API key that can be used with the GreyNoise pack on the XSOAR marketplace

Additional details about configuring the GreyNoise integration for XSOAR can be found on the GreyNoise documentation page

Additional Information:

This pack subscription includes an API key generated by GreyNoise. GreyNoise will directly email the end user within 24 hours instructions for obtaining the key. The user then simply pastes the key into the GreyNoise free pack to allow it to function. If you need help or did not receive the key, please contact




Cortex XSOAR


CertificationRead more
Supported ByPartner
CreatedDecember 26, 2022
Last ReleaseDecember 26, 2022

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.