The GreyNoise Action Bundle for ThreatQ enables analysts to use GreyNoise Enterprise for automated enrichment and investigations.

The action bundle provides the following actions:

• GreyNoise - Find Similar IPs - locates similar IPs to corresponding IPs from the selected data collection.
• GreyNoise - RIOT - check to see if IPs within a data collection are in GreyNoise’s RIOT dataset (known good services).
• GreyNoise - IP Quick Check - performs a quick noise check on the IPs of the selected data collection.
• GreyNoise - CVE Enrichment - enriches selected CVEs with GreyNoise data.
• GreyNoise - IP Context - enriches select IPs with GreyNoise’s full contextual data. 

The integration is both compatible with and returns IP Address type indicators. Additionally, the GreyNoise - CVE Enrichment action is also compatible and enriches CVE type indicators and vulnerabilities.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.