Open navigation

GreyNoise Enterprise

Modified on: Tue, 10 Dec, 2024 at 9:44 PM

Overview

GreyNoise is a cybersecurity platform that collects and analyzes internet-wide scan and attack traffic. This data is made available through SIEM, SOAR, TIP integrations, command-line tool, bulk data, visualizer, commercial plan API's, so users can contextualize existing alerts, filter false positives, identify compromised devices, and track emerging threats.


With the help of GreyNoise datasets, analysts can recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps analysts focus on what matters most. 


The GreyNoise Enterprise Transforms allow users to identify and correlate activity that is related to mass-internet scanning. Enriching IPs with GreyNoise helps to provide insight on what activity an IP has been observed performing on sections of the internet.


Using the GreyNoise Enterprise Transforms, investigators can pull all data that GreyNoise has on an IP address, or pull specific data on CVEs, Tags or activity that an IP address has been observed scanning for as well as their correlation.


GreyNoise Enterprise data can be used to leverage information for the following types of investigations:

  • Cyber Intelligence
  • Threat Hunting
  • Threat Research


You can read more about GreyNoise and the GreyNoise Enterprise integration on our website here.


GreyNoise Enterprise Transforms

IP RIOT Lookup [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameIP RIOT Lookup [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_riot_ip_lookup
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

To All Details [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo All Details [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

To Actor [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo Actor [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup_actor
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

To Organization [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo Organization [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup_org
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

To Scanned Ports [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo Scanned Ports [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup_ports
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

To Tags [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo Tags [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup_tags
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

Find Scanning IPs By Actor [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
ASNstring TrueTrueFalse
GNApiKeystring FalseTrueFalse
Portint TrueTrueFalse
Query Time Rangedaterange TrueTrueFalse
Transform Meta Info
InformationValue
Display NameFind Scanning IPs By Actor [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_query_by_actor
Input Entitiesmaltego.Person
Output EntitiesPhrase
Short Description 

Find Scanning IPs By Tag [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
ASNstring TrueTrueFalse
Actorstring TrueTrueFalse
GNApiKeystring FalseTrueFalse
Portint TrueTrueFalse
Query Time Rangedaterange TrueTrueFalse
Transform Meta Info
InformationValue
Display NameFind Scanning IPs By Tag [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_query_by_tag
Input Entitiesmaltego.Phrase
Output EntitiesPhrase
Short Description 

Find Scanning IPs By ASN [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
Actorstring TrueTrueFalse
GNApiKeystring FalseTrueFalse
Portint TrueTrueFalse
Query Time Rangedaterange TrueTrueFalse
Transform Meta Info
InformationValue
Display NameFind Scanning IPs By ASN [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_query_by_asn
Input Entitiesmaltego.AS
Output EntitiesPhrase
Short Description 

To Scanned CVEs [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
GNApiKeystring FalseTrueFalse
Transform Meta Info
InformationValue
Display NameTo Scanned CVEs [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_noise_ip_lookup_cves
Input Entitiesmaltego.IPv4Address
Output EntitiesPhrase
Short Description 

Find Scanning IPs By CVE [GreyNoise]

Transform Settings
Display NameSetting TypeDefault ValueOptionalPopupAuthentication
ASNstring TrueTrueFalse
Actorstring TrueTrueFalse
GNApiKeystring FalseTrueFalse
Portint TrueTrueFalse
Query Time Rangedaterange TrueTrueFalse
Transform Meta Info
InformationValue
Display NameFind Scanning IPs By CVE [GreyNoise]
OwnerBrad Chiappetta
Authorbrad@greynoise.io
Data SourceGreyNoise
Transform Namegreynoise_query_by_cve
Input Entitiesmaltego.CVE
Output EntitiesPhrase
Short Description 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.