PLANS & PACKAGING

Real-Time Intelligence.
On Your Terms.

Pick your platform tier. Layer in the intelligence modules you need.

Talk to us about pricing
Platform Tiers
Free
Show plan details
+
-
DATA
Data Freshness
(Triage, Investigate, Hunt, Vuln)
Every 8 hours
Data Freshness
(Business Services)
Monthly
Recall (Historical Lookback)
Up to 10 days*
features
Alerts
3
Feeds
Blocklists
IP Timeline
Services & Support
Availability
8hr ET x 5d
SLA
None
Channels
Slack
Usage & Integrations
Searches
Up to 50 / week*
API
Community
Visualizer
Integrations
Users
Sign Up
Standard
Show plan details
+
-
DATA
Data Freshness
(Triage, Investigate, Hunt, Vuln)
Every 4 hours
Data Freshness
(Business Services)
Weekly
Recall (Historical Lookback)
10 days
features
Alerts
10
Feeds
Blocklists
3
IP Timeline
Services & Support
Availability
8hr ET x 5d
SLA
1 business day
Channels
Slack, Email
Usage & Integrations
Searches
Unlimited
API
Enterprise + GNQL
Visualizer
Integrations
All
Users
Unlimited
Contact Sales
most popular
Advanced
Show plan details
+
-
DATA
Data Freshness
(Triage, Investigate, Hunt, Vuln)
Every 2 hours
Data Freshness
(Business Services)
Daily
Recall (Historical Lookback)
30 days
features
Alerts
25
Feeds
Blocklists
10
IP Timeline
Services & Support
Availability
8hr ET x 5d
SLA
8 hours
Channels
Slack, Email, Phone
Usage & Integrations
Searches
Unlimited
API
Enterprise + GNQL
Visualizer
Integrations
All
Users
Unlimited
Contact Sales
Elite
Show plan details
+
-
DATA
Data Freshness
(Triage, Investigate, Hunt, Vuln)
Every hour
Data Freshness
(Business Services)
Every 4 hours
Recall (Historical Lookback)
90 days
features
Alerts
Unlimited
Feeds
Blocklists
Unlimited
IP Timeline
Services & Support
Availability
12hr ET x 5d
SLA
4 hours
Channels
Slack, Email, Phone
Usage & Integrations
Searches
Unlimited
API
Enterprise + GNQL
Visualizer
Integrations
All
Users
Unlimited
Contact Sales

*Some functionality may require verified Business Email

Intelligence Modules

Pick the intelligence modules your team needs.

Core Intelligence Modules — Choose One

Triage

Enrich alerts with IP context to cut through noise and accelerate triage.

See what's included →

Triage

Triage Includes:
Activity Monitoring
Behavior Insights (bot, Tor, VPN)
Evasion Detection
Mobile Network Detection
Geographical Origin Insights & Enrichment
Ownership & Registration Details
Geographical Destination Insights
Intent Enrichment

Investigate

Monitor emerging CVEs and investigate active exploitation to accelerate response.

See what's included →

Investigate

Everything in Triage, plus:
In-Depth Activity Analysis
First Seen date
Geographical Coordinates
Geographical Destination Enrichment
Interaction Details (ports, protocols, bytes)
Vulnerability & IP Linkage
CVE Intelligence (CVSS, EPSS, KEV)
Trend Monitoring (IP timeline)
Most Popular

Hunt

Full-depth intelligence to validate threat hypotheses and get maximum context for campaigns.

See what's included →

Hunt

Everything in Investigate, plus:
Protocol Behavior Analysis (TLS, SSH, TCP)
Fingerprinting (JA3, JA4, JA4H, HASSH)
TLS Cipher Suites
SSH Public Keys
Web Traffic Insights (HTTP paths, headers, UA)
Database Interaction Monitoring
OS Identification & Statistics
Bulk data delivery available
Add-On Modules — Extend Your Coverage
Most Popular
Add-On

C2 Detection

Detect compromised devices by identifying outbound connections to known command-and-control infrastructure.

See what's included →

C2 Detection

C2 Detection INcludes:
Callback IP intelligence (confirmed C2 destinations)
3-stage classification (Unconfirmed / Stage 1 / Stage 2)
Scanner-to-callback cross-reference
Malware family attribution
File hashes + VirusTotal detection ratios
New Callback IP Feed
Add-On

Business Services

Filter out known-good business infrastructure from investigations.

See what's included →

Business Services

Business services Includes:
59M+ verified business IPs
Operational Context (category, description)
Service Identification (provider, logo)
Trust Levels (Level 1: high confidence / Level 2: shared infra)
CDNs, SaaS, public DNS, NTP, update servers
* Also available in bulk data delivery format
Add-On

Vulnerability Prioritization

Prioritize what to patch based on real-world exploitation activity, not just severity scores.

See what's included →

Vulnerability Prioritization

VPI Includes:
Exploit Detection & Exploit Analysis
Vulnerability Monitoring & Analysis
CISA KEV integration (compliance-ready)
EPSS score
Vulnerability timeline (pub dates, first exploit, KEV date)
Threat actor & botnet exploitation counts
Active IP counts (1d / 10d / 30d)
CVE-specific dynamic blocklists
FAQ

Frequently asked questions.

How does GreyNoise pricing work?
+
-

GreyNoise customers purchase one platform license (Standard, Advanced, or Elite) plus at least one intelligence module (Triage, Investigate, or Hunt). The platform tier controls freshness, lookback, and alerting. The module determines which fields your team has access to. Add-on modules like C2 Detection, Vulnerability Prioritization, and Business Services extend coverage into specialized use cases.

Which platform tier is right for my team?
+
-

Standard fits teams establishing a foundation for faster detection and response at the edge. Advanced adds Event Feeds and expanded alerting for mid-sized SOCs. Elite is built for threat hunters and mature programs that need near-real-time data, 90-day Recall, and unlimited automation.

Which intelligence module do I start with?
+
-

If your primary goal is automating basic SIEM triage, start with Triage. Investigate unlocks vital CVE data and deeper threat context, making it the clear choice for early warning on emerging exploits and active alert investigation. For proactive threat hunters, Hunt unlocks fingerprinting, web-traffic insights, and deep protocol analysis. Modules nest: Hunt includes everything in Investigate, which includes everything in Triage.

How do add-on modules work?
+
-

Add-on modules are separately licensed and attach to any paid platform tier. C2 Detection confirms compromised devices by matching outbound traffic to known attacker callback infrastructure. Vulnerability Prioritization surfaces real-world exploitation data. Business Services filters known-good infrastructure out of investigations.

Can I try GreyNoise before I commit?
+
-

Yes. Start with the free community tier for basic IP lookups, or request a full-feature trial on a paid platform tier with the modules most relevant to your workflow.

Are there limits on users or integrations?
+
-

Every paid tier includes access to all GreyNoise integrations (SIEM, SOAR, TIP, firewall) with no per-user licensing.

Ready to start?

Who's hitting your edge?

Talk to us about pricing
Start a free trial
Products
Partners
Resources
Company
©
2026
GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo