Documentation Home Maltego Training Maltego Blog Contact Us
Welcome
Login
Open navigation

GreyNoise Enterprise

Modified on: Wed, 3 Nov, 2021 at 4:38 PM

Overview

GreyNoise is a cybersecurity platform that collects and analyzes internet-wide scan and attack traffic. This data is made available through SIEM, SOAR, TIP integrations, command-line tool, bulk data, visualizer, Enterprise API, and community API, so users can contextualize existing alerts, filter false positives, identify compromised devices, and track emerging threats.


With the help of GreyNoise datasets, analysts can recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps analysts focus on what matters most. 


The GreyNoise Enterprise Transforms allow users to identify and correlate activity that is related to mass-internet scanning. Enriching IPs with GreyNoise helps to provide insight on what activity an IP has been observed performing on sections of the internet.


Using the GreyNoise Enterprise Transforms, investigators can pull all data that GreyNoise has on an IP address, or pull specific data on CVEs, Tags or activity that an IP address has been observed scanning for as well as their correlation.


GreyNoise Enterprise data can be used to leverage information for the following types of investigations:

  • Cyber Intelligence
  • Threat Hunting
  • Threat Research


Don't miss our blog post, Threat Hunting with GreyNoise Intelligence and Maltego, for an interesting use case centered on Threat Hunting.


You can read more about GreyNoise and the GreyNoise Enterprise integration on our website here.


Pricing and Access

Community Hub

GreyNoise Enterprise Transforms are only available with a Maltego commercial license.


Commercial Hub

Users with a Maltego One, Classic, or XL license have the following purchase options.


Free Trial

Sign up for the GreyNoise Enterprise API key here to start your free trial: https://www.greynoise.io/viz/signup.


Bring Your Own Key

Simply plug in your GreyNoise Enterprise API key and start using the Transforms on your Maltego Desktop Client.

GreyNoise Enterprise Transforms

IP RIOT Lookup [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name IP RIOT Lookup [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_riot_ip_lookup
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

To All Details [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To All Details [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

To Actor [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To Actor [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup_actor
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

To Organization [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To Organization [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup_org
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

To Scanned Ports [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To Scanned Ports [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup_ports
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

To Tags [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To Tags [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup_tags
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

Find Scanning IPs By Actor [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
ASN string   True True False
GNApiKey string   False True False
Port int   True True False
Query Time Range daterange   True True False
Transform Meta Info
Information Value
Display Name Find Scanning IPs By Actor [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_query_by_actor
Input Entities maltego.Person
Output Entities Phrase
Short Description  

Find Scanning IPs By Tag [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
ASN string   True True False
Actor string   True True False
GNApiKey string   False True False
Port int   True True False
Query Time Range daterange   True True False
Transform Meta Info
Information Value
Display Name Find Scanning IPs By Tag [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_query_by_tag
Input Entities maltego.Phrase
Output Entities Phrase
Short Description  

Find Scanning IPs By ASN [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
Actor string   True True False
GNApiKey string   False True False
Port int   True True False
Query Time Range daterange   True True False
Transform Meta Info
Information Value
Display Name Find Scanning IPs By ASN [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_query_by_asn
Input Entities maltego.AS
Output Entities Phrase
Short Description  

To Scanned CVEs [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
GNApiKey string   False True False
Transform Meta Info
Information Value
Display Name To Scanned CVEs [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_noise_ip_lookup_cves
Input Entities maltego.IPv4Address
Output Entities Phrase
Short Description  

Find Scanning IPs By CVE [GreyNoise]

Transform Settings
Display Name Setting Type Default Value Optional Popup Authentication
ASN string   True True False
Actor string   True True False
GNApiKey string   False True False
Port int   True True False
Query Time Range daterange   True True False
Transform Meta Info
Information Value
Display Name Find Scanning IPs By CVE [GreyNoise]
Owner Brad Chiappetta
Author brad@greynoise.io
Data Source GreyNoise
Transform Name greynoise_query_by_cve
Input Entities maltego.CVE
Output Entities Phrase
Short Description  

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2021 by Maltego Technologies.