GreyNoise#
README
GreyNoise#
GreyNoise collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet. Mass scanners (such as Shodan and Censys), search engines, bots, worms, and crawlers generate logs and events omnidirectionally on every IP address in the IPv4 space. GreyNoise gives you the ability to filter this useless noise out.
The analyzer comes in a single flavour, but supports both the GreyNoise Paid and Community APIs, that will return GreyNoise additional information categorization for provided ip.
Requirements#
You need a valid GreyNoise API integration subscription or Community account to use the analyzer.
- Provide your API key as values for the
keyparameter. - Provide your API key type as "enterprise" (the default) or "community" for the
api_typeparameter
GreyNoise#
Author: Nclose
License: APLv2
Version: 3.1
Supported observables types:
- ip
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://viz.greynoise.io/
Description#
Determine whether an IP has known scanning activity using GreyNoise.
Configuration#
| key | API key for GreyNoise |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
| api_type | API Type to Match Key, either 'enterprise' or 'community' |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |
Templates samples for TheHive#
