
Aug 27, 2024
1.5.2
ThreatQ versions >= 4.58.0
GreyNoise CDF
Overview
GreyNoise collects, analyzes, and labels data on IPs that saturate security tools with noise. This unique perspective helps analysts waste less time on irrelevant or harmless activity, and spend more time focused on targeted and emerging threats.
The GreyNoise CDF provides the following feeds:
- GreyNoise - ingests new, malicious IP Addresses every day. Additionally, a GNQL query can be provided to narrow down the results.
- GreyNoise Enrichment - queries GreyNoise with IP Addresses from a Threat Collection and enriches those IP Addresses with the data that it ingests.
The following system object types are ingested by the integration:
- Indicators
- Indicator Attributes
- Tags