GreyNoise

With the GreyNoise playbook app, you can look up IP addresses to validate if it was once involved with any mass automated activity. GreyNoise is an enrichment service that collects, analyzes, and labels data relating to noisy IP addresses across the internet. As part of the enrichment process, you can query GreyNoise and find that an offending IP address in your SIEM alert is not in the GreyNoise dataset; this means it’s more likely to be targeted activity, and you can raise the priority of that alert. In other words, this integration can tell you what IPs not to worry about and what IPs are worth looking into deeper. This integration consists of a single Playbook app that will allow these actions:

IP Lookup – Submit a single IP address to GreyNoise to validate whether or not it’s part of mass automated activity.
GNQL Query – Perform a custom query using the GreyNoise Query Language to retrieve IP addresses that match specified criteria.
Advanced Request

This app can be found in the ThreatConnect App Catalog under the name: GreyNoise

Categories:

ThreatConnect

GreyNoise

Developers

Company

Categories:

ThreatConnect

GreyNoise

Related Apps

Cisco Umbrella Reporting

Data Enrichment

DomainTools Iris Search Hash Monitoring Playbook

Data Enrichment

Hyas Insight Enrichment Playbooks

Data Enrichment

Developers

Company