GreyNoise Enterprise
Modified on: Tue, 10 Dec, 2024 at 9:44 PM
Overview
GreyNoise is a cybersecurity platform that collects and analyzes internet-wide scan and attack traffic. This data is made available through SIEM, SOAR, TIP integrations, command-line tool, bulk data, visualizer, commercial plan API's, so users can contextualize existing alerts, filter false positives, identify compromised devices, and track emerging threats.
With the help of GreyNoise datasets, analysts can recognize events not worth their attention. Indicators in GreyNoise are likely associated with opportunistic internet scanning or common business services, not targeted threats. This context helps analysts focus on what matters most.
The GreyNoise Enterprise Transforms allow users to identify and correlate activity that is related to mass-internet scanning. Enriching IPs with GreyNoise helps to provide insight on what activity an IP has been observed performing on sections of the internet.
Using the GreyNoise Enterprise Transforms, investigators can pull all data that GreyNoise has on an IP address, or pull specific data on CVEs, Tags or activity that an IP address has been observed scanning for as well as their correlation.
GreyNoise Enterprise data can be used to leverage information for the following types of investigations:
- Cyber Intelligence
- Threat Hunting
- Threat Research
You can read more about GreyNoise and the GreyNoise Enterprise integration on our website here.
IP RIOT Lookup [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | IP RIOT Lookup [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_riot_ip_lookup |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
To All Details [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | To All Details [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
To Actor [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | To Actor [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup_actor |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
To Organization [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | To Organization [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup_org |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
To Scanned Ports [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | To Scanned Ports [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup_ports |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
GNApiKey | string | | False | True | False |
Display Name | To Tags [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup_tags |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
Find Scanning IPs By Actor [GreyNoise]
ASN | string | | True | True | False |
GNApiKey | string | | False | True | False |
Port | int | | True | True | False |
Query Time Range | daterange | | True | True | False |
Display Name | Find Scanning IPs By Actor [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_query_by_actor |
Input Entities | maltego.Person |
Output Entities | Phrase |
Short Description | |
Find Scanning IPs By Tag [GreyNoise]
ASN | string | | True | True | False |
Actor | string | | True | True | False |
GNApiKey | string | | False | True | False |
Port | int | | True | True | False |
Query Time Range | daterange | | True | True | False |
Display Name | Find Scanning IPs By Tag [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_query_by_tag |
Input Entities | maltego.Phrase |
Output Entities | Phrase |
Short Description | |
Find Scanning IPs By ASN [GreyNoise]
Actor | string | | True | True | False |
GNApiKey | string | | False | True | False |
Port | int | | True | True | False |
Query Time Range | daterange | | True | True | False |
Display Name | Find Scanning IPs By ASN [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_query_by_asn |
Input Entities | maltego.AS |
Output Entities | Phrase |
Short Description | |
To Scanned CVEs [GreyNoise]
GNApiKey | string | | False | True | False |
Display Name | To Scanned CVEs [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_noise_ip_lookup_cves |
Input Entities | maltego.IPv4Address |
Output Entities | Phrase |
Short Description | |
Find Scanning IPs By CVE [GreyNoise]
ASN | string | | True | True | False |
Actor | string | | True | True | False |
GNApiKey | string | | False | True | False |
Port | int | | True | True | False |
Query Time Range | daterange | | True | True | False |
Display Name | Find Scanning IPs By CVE [GreyNoise] |
Owner | Brad Chiappetta |
Author | brad@greynoise.io |
Data Source | GreyNoise |
Transform Name | greynoise_query_by_cve |
Input Entities | maltego.CVE |
Output Entities | Phrase |
Short Description | |