Rich IP intelligence at a glance

Our IP details page on our Visualizer displays the rich GreyNoise context we’ve collected about IPs. If we’ve seen it, it’s been observed by our sensor network scanning the internet- or it belongs to a common business service. We provide that context to you so you can make good decisions when investigating alerts and logs, ruling out benign activity, or deprioritizing noise to find targeted attacks.

A screenshot of the IP Details view in the GreyNoise Visualizer. The IP shown is, which is classified with malicious intent.
A screenshot of the Tags list on the IP Details view. This examples shows tags including "Generic IoT Bruteforce Attempt", "Mirai", "Telnet Bot", and "Web Crawler".

See tags

We tag each IP with the behavior we detected, associated CVEs, and actors. You can explore other IPs related to this behavior.

Understand intent

Based off the types of activity we’ve observed, we assign an intent: Malicious, Benign, or Unknown, so you can make a good decision when you see this IP address in your alerts.

A screenshot of the IP Details view in the GreyNoise Visualizer for the IP
A screenshot of the "Observed Activity" section of the IP Details view. This shows Ports Scanned, Web Requests, and other scan activity that GreyNoise has observed from a given IP.

Examine the evidence

See enrichments we apply (such as rDNS), plus attributes we collect & analyze (like HTTP user agents, ports scanned), so that you can verify our conclusions.


Documentation guides

Featured content