Core Intelligence

Core Intelligence

What It Is

Core Intelligence is the basic package that empowers SOC, CTI, and Threat Hunting teams to enrich their security tools with new observations and additional context on opportunistic internet scanning and common business services. GreyNoise Core streamlines operations, eliminates noise, and isolates new threats with unique, first-hand intelligence.

Who It Is For

For Cybersecurity teams at organizations of all sizes looking to reduce false positives, filter through data faster and track emerging threats by leveraging insights from the GreyNoise global sensor network.

What's Included

GreyNoise Core Intelligence allows users to access GreyNoise Internet Scanner (Noise) and Common Business Service (RIOT) enrichment services via the Visualizer and GreyNoise Enterprise API.

GreyNoise Alerts allow users to monitor IP space, trending tags, and vulnerabilities.  Alerts notify users daily when internet scanning for a defined alert has been observed, such as compromised devices on their IP space.

GreyNoise Blocklists allow users to proactively block internet scanning activity on their perimeter to prevent exploitation by malicious actors and new vulnerabilities, using GreyNoise block-grade tagging.

What Can I Add?

Helps investigate, hunt, and perform incident response confidently, giving up to 90 days of history for IPs observed scanning and exploiting the internet

Use cases:

SOC Triage and Response, and CTI Enrichment

Get a list of IPs displaying similar activity to identify common scanning infrastructure, and drive hypothesis development or pivot points for in-depth threat hunting

Use cases:

Threat Hunting and Research

Indicator Feed

Download a list of daily internet scanner IPs to incorporate into TIPs and other platforms for indicator enrichment and large search volume correlation

Use cases:

SOC Triage and Response, and CTI Enrichment

Bulk Data

Download indicators from the Noise and/or RIOT datasets for use in large search volume correlation or offline hunting and enrichment

Use cases:

SOC Triage and Response, CTI Enrichment, and Threat Hunting and Research

On-Premise API

Leverage the GreyNoise Enterprise API in Air-Gapped Environments

Use cases:

SOC Triage and Response, CTI Enrichment, and Threat Hunting and Research

Sample Core Packages

The packages shown below are just examples. Each GreyNoise engagement can be fully customized based on customer requirements, technical environment, and usage.

For a small SOC Team that is looking to enrich Internet Scanner IPs in their TIP and SOAR platforms to provide additional context and automated closure perimeter alerts triggered by common external scanning, they might consider:

  • GreyNoise Core with 1,000 Searches/Day
  • IP Timeline Addon
  • Benign Feed Addon

For a large research institution that is assessing opportunistic internet scanning for several different projects in an offline environment, while also leveraging the Visualizer and API for ad-hoc research and validation, they might consider:

  • GreyNoise Core with 25,000 Searches/Day
  • GreyNoise Noise Bulk Data
Talk to our sales team