GreyNoise

Updated

GreyNoise Intelligence Card Extension

This article describes the Intelligence Card Extension for GreyNoise.

 


image3.png

About GreyNoise:

GreyNoise empowers users to differentiate between targeted cyber-attacks and pointless alerts. Think of GreyNoise as Anti-Threat Intelligence, telling you what NOT to worry about so you can focus on the activity that DOES matter. GreyNoise is a subscription-based offering that includes access to our data feed, platform integrations, and support tools. 

At GreyNoise, they collect and analyze untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the Internet. Mass scanners (such as Shodan and Censys), search engines, bots, worms, and crawlers generate logs and events omnidirectionally on every IP address in the IPv4 space. GreyNoise gives you the ability to filter this useless noise out.

Visit https://greynoise.io/start to sign up for an account and receive a GreyNoise API key. More information about GreyNoise scanning methodology is available at the GreyNoise Intelligence website

Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

image4.png

You can enrich any IP Address intelligence card with a live lookup of recent GreyNoise information.

You must have commercial access to GreyNoise to use this extension and we will need your API KEY.  These are different from your username/password for the GreyNoise login page and can be obtained from your “Account Settings” option. We do not have an OEM agreement in place with GreyNoise and client/ user will be expected to have their own credentials to enable the extension. 

 

Extending IP Address Cards

GreyNoise provides rich technical information and enriches IP Address Cards with the following threat intelligence:

  • Basic Information like Name, IP, Description, First Seen, Last seen, Routed Prefix, ASN, Classification, Category etc 
  • Location like City, Country and Country Code
  • Port Information like JA3 Count, Scan Count, Web Details, JA3 Details, and Scan Details and Tag Informations

Example of an IP Address: 71.6.135.131

mceclip0.png

In June, 2022, this extension was enhanced with the following:

- Added support for RIOT Trust Levels
- Clarified wording around RIOT IPs to better describe what they are
This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more