Alert REDUCTION

Not all alerts are created equal

Filter out noisy, low priority and false-positive alerts from mass internet scanners

Get a Demo

Overview

The internet is noisy. Thousands of mass scanners scan the internet every minute, some for legitimate reasons, others to build victim pipelines. Advanced threat actors intentionally create noise to obfuscate more targeted attacks. This creates an unprecedented flood of alerts for your security team.

GreyNoise reduces alert fatigue by classifying IPs as benign, malicious, or suspicious. This instantly separates noise from real threats. Benign traffic can be deprioritized, malicious and suspicious activity escalated for investigation.

How GreyNoise Helps
Reduce Noise in Your SOC

Reduce Alert Fatigue

By classifying benign sources, GreyNoise eliminates noise from the alert triage queue, preventing wasted analyst time.

Escalate Confirmed Threats

Alerts tied to IPs classified as malicious—such as active exploitation, malware distribution, or botnet activity—can be automatically prioritized.

Smarter Automation

SOC playbooks can use GreyNoise classifications and tags to automate alert routing.

Block Unsolicited Scan Traffic

Use GreyNoise query-based, dynamic IP blocklists to block unsolicited scanning and reduce SOC noise.

How it Works

Explore Available Fields

Filter by category & search available IP fields and their uses with GreyNoise.
Categories
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
NAME
Description & Use
ASN
Autonomous System Number routing the IP. Helps group malicious infrastructure.
Actor
Known or attributed owner/operator of the IP (e.g., research org, ISP, hosting provider). Useful for attribution.
Actor Count
Aggregated count of IPs per actor. Supports statistical analysis of actors.
Bot
Flags whether the IP is part of known botnet activity. Helps detect automated scanning or malware distribution.
CVEs
CVEs tied to the tag behavior. Critical for identifying exploitation of known vulnerabilities.
Category
High-level network type (e.g., hosting, ISP, enterprise).
Category Count
Aggregated count of IPs per category (hosting, ISP, etc.). Highlights infrastructure trends.
City
Registered city of the IP. Useful for geolocation context and pivoting.
Classification
GreyNoise’s judgment of the IP’s intent: benign, malicious, suspicious, or unknown. Most useful filter for triage.
Classification Count
Aggregated count of IPs per classification. Useful for threat landscape analysis.
Created At
Date the tag was first added. Indicates when this behavior was first observed.
Description
Human-readable explanation of what the tag represents. Adds analyst context.
Destination Countries
Countries where GreyNoise sensors saw this IP scanning. Indicates target geography.
Destination Countries Count
Count of IPs targeting specific countries. Supports geo-threat monitoring.
Destination Country Codes
ISO codes for countries targeted by scanning. Supports correlation with geo-based IOCs.
Domain
Domain tied to the ASN owner. Provides higher-level ownership context.
ASN
Autonomous System Number routing the IP. Helps group malicious infrastructure.
Actor
Known or attributed owner/operator of the IP (e.g., research org, ISP, hosting provider). Useful for attribution.
Actor Count
Aggregated count of IPs per actor. Supports statistical analysis of actors.
Bot
Flags whether the IP is part of known botnet activity. Helps detect automated scanning or malware distribution.
CVEs
CVEs tied to the tag behavior. Critical for identifying exploitation of known vulnerabilities.
Category
High-level network type (e.g., hosting, ISP, enterprise).
Category Count
Aggregated count of IPs per category (hosting, ISP, etc.). Highlights infrastructure trends.
City
Registered city of the IP. Useful for geolocation context and pivoting.
Classification
GreyNoise’s judgment of the IP’s intent: benign, malicious, suspicious, or unknown. Most useful filter for triage.
Classification Count
Aggregated count of IPs per classification. Useful for threat landscape analysis.
Created At
Date the tag was first added. Indicates when this behavior was first observed.
Description
Human-readable explanation of what the tag represents. Adds analyst context.
Destination Countries
Countries where GreyNoise sensors saw this IP scanning. Indicates target geography.
Destination Countries Count
Count of IPs targeting specific countries. Supports geo-threat monitoring.
Destination Country Codes
ISO codes for countries targeted by scanning. Supports correlation with geo-based IOCs.
Domain
Domain tied to the ASN owner. Provides higher-level ownership context.

Reclaim Your SOC

Get a demo
Search for free
Products
Partners
Resources
Company
© 2025 GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo