Our IP details page on our Visualizer displays the rich GreyNoise context we’ve collected about IPs. If we’ve seen it, it’s been observed by our sensor network scanning the internet- or it belongs to a common business service. We provide that context to you so you can make good decisions when investigating alerts and logs, ruling out benign activity, or deprioritizing noise to find targeted attacks.
Based off the types of activity we’ve observed, we assign an intent: Malicious, Benign, or Unknown, so you can make a good decision when you see this IP address in your alerts.
See enrichments we apply (such as rDNS), plus attributes we collect & analyze (like HTTP user agents, ports scanned), so that you can verify our conclusions.