GreyNoise provides powerful ways to search and explore our data. It’s as simple as pasting an IP address into our search bar, or use our GreyNoise Query Language (GNQL) to construct more advanced searches against our tags and other attributes we’ve observed.
Checkout what’s under the hood!
Some researchers scan in good faith to help uncover vulnerabilities for defense. Others scan and exploit with malicious intent. GreyNoise collects and labels this activity.
RIOT labels activity associated with common business services like Google and Slack, so defenders can quickly identify this traffic in their events, speeding up investigation and incident response.
The easy button for the answer to: Is this noise? Simply enter an IP address into our search bar to see if it is associated with common business service activity, or was seen by GreyNoise performing internet-wide scan, or attack.
Want to dig in more? Use our powerful GreyNoise Query Language (GNQL) to explore our data set for activity associated with specific attacks, CVEs, and more.
Click a query below to try it at in the Visualizer.
Return all compromised devices that are geographically located in Belgium.
Returns all devices crawling the Internet with a matching client JA3 TLS/SSL fingerprint.
Need to analyze a bunch of IPs all at once? Use our Bulk Analysis tool! Copy and paste an entire page of data containing IPs, or upload a file of structured data, and GreyNoise will return analysis for all IPs discovered within our dataset, plus statistics on what we found including tags, regions and classifications.
A tutorial on how to use the GreyNoise visualizer to analyze a file or a list of IPs, including details on how to read the visualizer output and filter results.
This page explains how to integrate GreyNoise data into your security analysis workflow by using the GreyNoise API and provides examples of different use cases.
The GreyNoise Query Language (GNQL) provides users with a powerful tool to search the GreyNoise data set to help analysts, threat hunters, researchers, etc find emerging threats, compromised devices, and other interesting trends.
By Matthew Remacle
One of the most valuable attributes of GreyNoise is the ability to increase Security Operations Center efficiency by providing context, which allows the relevant security personnel to prioritize alerts.
By The GreyNoise Team
We discuss on various strategies for reducing alert fatigue in Security Operations Centers (SOCs) and highlights the importance of context, automation, and prioritization in effective alert management.
The GreyNoise University - Product Overview training series covering the Analysis feature, and how you use it to enrich IPs in bulk.