Fully configurable, real-time blocklists to stop attackers in their tracks

Start BlockingBuy GreyNoise Block
90 reviews
A diagram showing GreyNoise Blocklists blocking malicious IPs and only allowing benign IPs into your network.

Trusted by the world's most important organizations

80,000+

Users

400+

Global government agencies

60%

Of the Fortune 1000

FLEXIBLE CONFIGURATIONS

Build Custom Blocklists

Build custom lists from scratch through the GreyNoise Query Language (GNQL) using any logical combination of:

Dates

First seen, last seen

Source Country

Geographic filtering

Spoofable

Whether the IP address completed a TCP connection

Associated CVEs

Target specific vulnerabilities

Classification

Malicious, suspicious, benign, unknown

Associated Tags

Custom categorization

Actor

Identify specific threat actors

Pre-built Configurations

Use PreDefined Blocklists

Make use of our fully configurable block list templates. Compatible with all major firewalls through External Dynamic Lists (EDL).

All-Inclusive Malicious Traffic Lists

Block all identified malicious traffic

Targeted Lists

Focus on specific geographies and technology vendors

Continuous Updates

All lists refreshed in real-time from the GreyNoise Global Observation Grid

Primary-Source Intelligence

Lists based exclusively on data collected directly from GreyNoise sensors

Integrations

Use the GreyNoise Blocklists
with Any Firewall

GreyNoise Blocklists integrate with a large number of tools, making your security ecosystem more powerful and efficient.

View integrations

Splunk logoPalo Alto logoTines logoAzure Sentinel logoGoogle SecOps logo

How GreyNoise Block Helps Your Security

Keep Pace with Emerging Threats
Lower Risk of Overblocking
Buy Time for Remediation
Reduce Alert Noise
Security operations

Not all alerts are created equal

GreyNoise makes it easy to distinguish between benign and malicious traffic so you can focus on the real threats.

Learn more
HOW GREYNOISE BLOCK HELPS

Lower Risk of Overblocking

Real-time lists built from observed attack traffic, not stale third-party feeds. Tune aggressiveness by how recently malicious activity was seen.

Learn more
Vulnerability Management

Is it really cRiTiCaL?

GreyNoise monitors internet scan activity in real-time to provide you with the best signal on the likelihood of exploitation of the vulnerabilities you care about.

Learn more
Threat Hunting

Needle in the haystack. Found.

Use GreyNoise to accelerate your threat hunting. We tag everything we see, you can query against any tag. This means looking for any anomaly or correlation is just a few queries away.

Learn more
GREYNOISE BLOCKLISTS

Predefined Blocklists

Use these pre-defined lists either as-is or as a starting point for configuring your own customized blocklists using the GreyNoise Query Language.

Source Country - North Korea
Traffic coming from North Korea
Source Country - Russia
Traffic coming from Russia
Source Country - Iran
Traffic coming from Iran
Threats: 2025 CVEs
Any IPs engaged in recon/attack activity for any CVE issued in 2025.
Threats: All CVE
Any IPs engaged in recon/attack activity for any CVE.
GreyNoise All
Anything that talked to our Global Observatioin Grid. Note that this is the most aggressive blocklist.
GreyNoise Non-Benign
Anything that talked to our Global Observatioin Grid and isn't a known Benign organization. Note that this would be a very aggressive blocklist.
GreyNoise Unknown
Anything that has been seen by our Global Observation Grid but without any intention. Note that this would be a very agressive blocklist.
GreyNoise Bad Intentions
Anything with either malicious or suspicious activity in the last day.
GreyNoise Suspicious
Anything seen in the last day that sent suspicious traffic.
GreyNoise Malicious
Anything seen in the last day that sent malicious traffic.

Stop mass exploitation for good

Start BlockingBuy GreyNoise Block
Products
Partners
Resources
Company
© 2025 GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo