GreyNoise
GreyNoise is a cybersecurity company that filters Internet background noise. It collects, analyzes, and labels mass internet scan and attack activity into a feed of Anti-Threat Intelligence. This context helps security teams reduce noise and prioritize signal-targeted attacks against their organization. Its drive to maximize analyst efficiency is delivered through its API, platform integrations, and visualizer. The company was founded in 2017 and is based in Washington, District of Columbia.
Specialties
Products
Integrations
GreyNoise
With the GreyNoise playbook app, you can look up IP addresses to validate if it was once involved with any mass automated activity. GreyNoise is an enrichment service that collects, analyzes, and labels data relating to noisy IP addresses across the internet. As part of the enrichment process, you can query GreyNoise and find that an offending IP address in your SIEM alert is not in the GreyNoise dataset; this means it's more likely to be targeted activity, and you can raise the priority of that alert. In other words, this integration can tell you what IPs not to worry about and what IPs are worth looking into deeper. This integration consists of a single Playbook app that will allow these actions:
- IP Lookup - Submit a single IP address to GreyNoise to validate whether or not it's part of mass automated activity.
- GNQL Query - Perform a custom query using the GreyNoise Query Language to retrieve IP addresses that match specified criteria.
- RIOT IP Lookup - Identify whether an IP is from known benign services and organizations that commonly cause false positives in network security and threat intelligence products.
- Advanced Request
This app can be found in the ThreatConnect App Catalog under the name: GreyNoise
Built By ThreatConnect
Built By ThreatConnect