Skip to content

GreyNoise#

README

GreyNoise#

GreyNoise collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet. Mass scanners (such as Shodan and Censys), search engines, bots, worms, and crawlers generate logs and events omnidirectionally on every IP address in the IPv4 space. GreyNoise gives you the ability to filter this useless noise out.

The analyzer comes in a single flavour, but supports both the GreyNoise Paid and Community APIs, that will return GreyNoise additional information categorization for provided ip.

Requirements#

You need a valid GreyNoise API integration subscription or Community account to use the analyzer.

  • Provide your API key as values for the key parameter.
  • Provide your API key type as "enterprise" (the default) or "community" for the api_type parameter

GreyNoise#

Author: Nclose
License: APLv2
Version: 3.1
Supported observables types:
- ip
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://viz.greynoise.io/

Description#

Determine whether an IP has known scanning activity using GreyNoise.

Configuration#

key API key for GreyNoise
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
api_type API Type to Match Key, either 'enterprise' or 'community'
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

GreyNoise: long report


Last update: November 15, 2021 06:39:12