Our IP details page on our Visualizer displays the rich GreyNoise context we’ve collected about IPs. If we’ve seen it, it’s been observed by our sensor network scanning the internet- or it belongs to a common business service. We provide that context to you so you can make good decisions when investigating alerts and logs, ruling out benign activity, or deprioritizing noise to find targeted attacks.
We tag each IP with the behavior we detected, associated CVEs, and actors. You can explore other IPs related to this behavior.
Based off the types of activity we’ve observed, we assign an intent: Malicious, Benign, or Unknown, so you can make a good decision when you see this IP address in your alerts.
See enrichments we apply (such as rDNS), plus attributes we collect & analyze (like HTTP user agents, ports scanned), so that you can verify our conclusions.
A tutorial on how to use the GreyNoise visualizer to analyze a file or a list of IPs, including details on how to read the visualizer output and filter results.
GreyNoise produces two datasets of IP information that can be used for threat enrichment. The following article provides a basic overview of each dataset, and where it is best used.
A classification indicator is included in both the GreyNoise Visualizer and the GreyNoise Context API endpoint for each IP address in our collection.
By The GreyNoise Team
GreyNoise tags are described in the documentation as “a signature-based detection method used to capture patterns and create subsets in our data.”
By Daniel Grant
Figuring out if a security product is right for you is hard. Beyond the technical problem it solves, you have to make a business case for why those with purchasing power in your company should buy your favorite security tool vs. putting the money to another use.
By Andrew Askins
Giving back to the cyber security community will always be a key part of the GreyNoise mission, so our free plan isn’t going anywhere. But there are a lot of benefits to a paid plan that may not be immediately obvious.