The GreyNoise Siemplify Integration is a set of actions and connectors that can be used in the Siemplify platform.
More details about Siemplify here: https://www.siemplify.co/
In order to use the GreyNoise Integration for Siemplify, install the Integration from the Siemplify marketplace. Then, configure the integration using a GreyNoise API key.
If you don't have a GreyNoise API key, you can sign up for a free trial at https://viz.greynoise.io/signup
The GreyNoise Actions allow for IPs to be queried in the different GreyNoise API endpoints and for a more complex GNQL query to be executed as part of a Case workflow.
The Quick IP Lookup action is designed to take all Address entities associated with a case/alert and enrich them against the GreyNoise Quick API.
The Context IP Lookup action is designed to take all Address entities associated with a case/alert and enrich them against the GreyNoise Context API. It also provides an Insight on the Case for each IP entity that is found.
The RIOT IP Lookup action is designed to take all Address entities associated with a case/alert and enrich them against the GreyNoise RIOT API. It also provides an Insight on the Case for each IP entity that is found.
The Execute GNQL Query action is designed to perform a GNQL query against the GreyNoise query endpoint and return all matching records, up to the supplied limit (default is 10 results).
The GreyNoise Connector allows for a GNQL to be used to generate alerts.
The Generate Alert from GreyNoise GNQL connector is primarily designed to be an alerting system for when GreyNoise
begins observing mass-internet scanning activity of a monitored IP. The primary use case is to query daily for a CIDR
block, using a query similar to: ip:85.32.32.0/24 last_seen:1d
Using a query similar to the above, this would generate an alert for an IP in the provided range if GreyNoise observes the IP performing mass-internet scanning.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Brad Chiappetta - Initial work - bradchiappetta
See also the list of contributors who participated in this project.
- Siemplify Community and Support members for help with the initial development.
Have any questions or comments about GreyNoise? Contact us at hello@greynoise.io
Code released under MIT License.