GreyNoise
Connector Category: Enrichment Tool
About Integration
GreyNoise Intelligence empowers SOC, CTI, and Threat Hunting teams to enrich security tools with new observations and additional context on opportunistic internet scanning and common business services. Intel Exchange uses GreyNoise to enrich IPv4 addresses and vulnerabilities.
Configure GreyNoise as an Enrichment Tool
Configure GreyNoise in Intel Exchange to enrich IPv4 addresses and vulnerabilities.
Before you Start
Ensure that you have the API token of your GreyNoise account.
Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.
Note
Ensure that the API key includes the permissions to retrieve IPv4 addresses.
Steps
To configure GreyNoise as an enrichment tool in Intel Exchange, follow these steps:
Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the GreyNoise tool.
Click Add Account and enter the following details:
Account Name: Enter a unique account name to identify the instance. For example, GreyNoise Prod.
API Key: Enter the API key of your GreyNoise account to authenticate communication between Intel Exchange and GreyNoise servers.
Click Save.
After successfully adding an account, you can view and enable GreyNoise feed enrichment types and configure a quota to set a limit on the number of enrichment requests the account can make.
Note
Enrichment types are not enabled by default. Ensure you enable them in the final step.
You can configure an enrichment policy to automatically enrich threat data objects using the GreyNoise enrichment tool. For more information, see Enrichment Policy.
Enrichment Tool
Feed Enrichment Type
GreyNoise
Retrieve Vulnerabilities Detail
Retrieve IP Detail