Skip to main content

Cyware Threat Intelligence eXchange

GreyNoise

Connector Category: Enrichment Tool

About Integration

GreyNoise Intelligence empowers SOC, CTI, and Threat Hunting teams to enrich security tools with new observations and additional context on opportunistic internet scanning and common business services. Intel Exchange uses GreyNoise to enrich IP addresses and vulnerabilities.

Configure GreyNoise as an Enrichment Tool

Configure GreyNoise in Intel Exchange to enrich IP addresses and vulnerabilities.

Before you Start

  • Ensure that you have the API token of your GreyNoise account.

  • Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.

    Note

    Ensure that the API key includes the permissions to retrieve IP addresses.

Steps 

To configure GreyNoise as an enrichment tool in Intel Exchange, follow these steps:

  1. Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools

  2. Search and select the GreyNoise enrichment tool. 

  3. Click Add Account and enter the following details:

    • Account Name: Enter a unique account name to identify the instance. For example, GreyNoise Prod.

    • API Key: Enter the API key of your GreyNoise account to authenticate communication between Intel Exchange and GreyNoise servers.

  4. Click Save.

    After successfully adding an account, you can view and enable GreyNoise feed enrichment types. You can also configure a quota to set a limit on the number of enrichment request the GreyNoise account can make. After the quota is exhausted, no further enrichment requests can be made until the quota resets for the next quota duration. For more details, refer to Define Quota in Configure Enrichment Tools.

    To understand the number of API calls and quota units consumed by the GreyNoise enrichment tool per polling, refer to the following table:

    Enrichment Tool

    Feed Enrichment Type

    No. of API calls

    Quota Consumed

    GreyNoise

    Retrieve IP Detail

    3

    3

    Retrieve Vulnerabilities Detail

    1

    1

    You can configure an enrichment policy to automatically enrich threat data objects using the GreyNoise enrichment tool. For more information, see Enrichment Policy.