Request a Demo

GreyNoise

GreyNoise is a cybersecurity company that filters Internet background noise. It collects, analyzes, and labels mass internet scan and attack activity into a feed of Anti-Threat Intelligence. This context helps security teams reduce noise and prioritize signal-targeted attacks against their organization. Its drive to maximize analyst efficiency is delivered through its API, platform integrations, and visualizer. The company was founded in 2017 and is based in Washington, District of Columbia.

Specialties

Integrations

GreyNoise

With the GreyNoise playbook app, you can look up IP addresses to validate if it was once involved with any mass automated activity. GreyNoise is an enrichment service that collects, analyzes, and labels data relating to noisy IP addresses across the internet. As part of the enrichment process, you can query GreyNoise and find that an offending IP address in your SIEM alert is not in the GreyNoise dataset; this means it's more likely to be targeted activity, and you can raise the priority of that alert. In other words, this integration can tell you what IPs not to worry about and what IPs are worth looking into deeper. This integration consists of a single Playbook app that will allow these actions:

  • IP Lookup - Submit a single IP address to GreyNoise to validate whether or not it's part of mass automated activity.
  • GNQL Query - Perform a custom query using the GreyNoise Query Language to retrieve IP addresses that match specified criteria.
  • RIOT IP Lookup - Identify whether an IP is from known benign services and organizations that commonly cause false positives in network security and threat intelligence products.
  • Advanced Request

This app can be found in the ThreatConnect App Catalog under the name: GreyNoise

Keep Reading

Built By ThreatConnect

GreyNoise Community

The GreyNoise Community app provides a free resource that allows for quick IP lookups within the GreyNoise datasets. This integration consists of a single Playbook app that will allow these actions:

  • IP Lookup - Query an IP via the Community API and see basic information on what GreyNoise knows about that IP.

This app can be found in the ThreatConnect App Catalog under the name: GreyNoise Community

Keep Reading

Built By ThreatConnect

Looking for an
integration not shown?