Grey Noise Intelligence
App Vendor: Grey Noise Intelligence
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 2.0.0
About App
GreyNoise Intelligence collects and analyzes untargeted, widespread, and opportunistic scan and attack activity that reaches every server directly connected to the internet.
The GreyNoise Intelligence app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get IP Context | This action retrieves the context of an IP address using the GreyNoise application. |
IP Quick Check | This action enriches an IP address for quick context using the GreyNoise application. |
IP Riot Lookup | This action enriches an IP address for riot in the GreyNoise application. |
Get Multi IP Context | This action enriches a list of IPs using the GreyNoise application. |
Get Multi IP Quick Check | This action quickly checks a list of IPs in the GreyNoise application. |
Get Tag Details | This action retrieves all tag details from the GreyNoise application. |
Run GNQL Query | This action runs a GNQL query on the GreyNoise application. |
Configuration Parameters
The following configuration parameters are required for the GreyNoise Intelligence app to communicate with the GreyNoise Intelligence enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to authenticate GreyNoise APIs. Example: "a1b2c33d4e5f6g7h8i9jakblc" | Password | Required |
Action: Get IP Context
This action retrieves the context of an IP address using the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP | Enter the IP address to enrich. Example: "1.1.1.1" | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: IP Quick Check
This action enriches an IP address for quick context using the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP | Enter the IP address to enrich. Example: "1.1.1.1" | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: IP Riot Lookup
This action enriches an IP address for riot in the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP | Enter the IP address to enrich. Example: "1.1.1.1" | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: Get Multi IP Context
This action enriches a list of IPs using the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP list | Enter the IP list to enrich. Example: "[“255.255.11.135”, “255.255.111.35”]" | Any | Required |
Example Request
[
{
"ip_list": "[“255.255.11.135”, “255.255.111.35”]"
}
]Action: Get Multi IP Quick Check
This action quickly checks a list of IPs in the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP list | Enter the IP list to enrich. Example: "[“255.255.11.135”, “255.255.111.35”]" | Any | Required |
Example Request
[
{
"ip_list": "[“255.255.11.135”, “255.255.111.35”]"
}
]Action: Get Tag Details
This action retrieves all tag details from the GreyNoise application.
Action Input Parameters
This action does not require any input parameter.
Action: Run GNQL Query
This action runs a GNQL query on the GreyNoise application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query to run the search. Example: "actor: Alpha Strike Labs first_seen:2010-06-03" | Text | Required | |
Size | Enter the number of results to retrieve. Example: "8" | Text | Optional |
Example Request
[
{
"query": "actor: Alpha Strike Labs first_seen:2010-06-03",
"size": "8"
}
]