Every week, GreyNoise publishes a threat intelligence brief called At The Edge. This covers what attackers are doing on the internet, including which products are drawing exploitation traffic, which vulnerabilities are being exploited, and what changed from the previous week. Each brief is built on primary-source data from our global sensor network and analyzed by our research team into named findings, IOCs, and recommended actions.

The Threat Brief Library is now available in the GreyNoise Visualizer. You can browse, search, filter, and download every brief available to your account as a PDF. Community users can access every At The Edge Clear edition, while customers get the full library.

What's in the library

The library includes three report types:

  • At The Edge: GreyNoise’s weekly intelligence brief covering exploitation activity observed across the edge during the previous week. Each edition includes analysis, IOCs, and recommended actions by role.
  • Executive Situation Reports: Event-driven briefs focused on a single campaign or vulnerability under active exploitation. Each report includes key judgments, vulnerability and campaign context, attacker infrastructure, observed tradecraft, implications, recommended actions, and the supporting activity data.
  • At The Edge Clear: The public edition of the weekly At The Edge brief, covering the week’s headline activity and key findings.

Inside a full At The Edge brief

Each brief is built on primary-source data from the GreyNoise Global Observation Grid, our global network of sensors that emulate the edge infrastructure attackers target. The sensors record all the exploitation attempts and our research team correlates them into named campaigns, confirms the CVEs involved, attributes the hosting infrastructure behind them, and writes the detection and remediation guidance.

A full At The Edge brief includes:

  • Bottom Line Up Front: the week's most significant activity and what to do about it
  • Recommended actions by role for for security leadership, SOC, vulnerability management, network security, threat hunting, and IAM teams
  • Named findings: the products, CVEs, CISA KEV status, campaigns, traffic volumes, and host classifications driving activity
  • Infrastructure attribution: the ASNs, hosting fleets, and network ranges behind the activity
  • Target assessments, IOCs, and detection guidance based on request patterns and client fingerprints that persist as source addresses rotate
  • Persistent activity updates on threats that remain active from previous weeks

Want to see what a week looks like? Read the latest At The Edge Clear edition.

Where to find it

Log in to the GreyNoise Visualizer, click your name on the top right, and open the Threat Brief Library. You can search by title or description, filter by category, and download any brief you have access to as a PDF. The newest briefs appear first. Briefs are also available through the API and an RSS feed, so you can pull them directly into your own tools or subscribe to new briefs as they publish.

The library is available to all GreyNoise users. Community users can read every At The Edge Clear edition, while GreyNoise customers get the full library, including weekly At The Edge briefs and Executive Situation Reports. Read the Threat Briefs documentation to learn more.

Contact us to get access to the full library.

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account