Threat Hunting

Needle in the haystack. Found

Quickly identify anomalous behavior and catch targeted threats

Get a Demo

Overview

Effective threat hunting isn't just about finding more data, it’s about finding the right data. GreyNoise empowers your hunt team to adopt the PEAK Framework by correlating your internal traffic against our real-time map of internet-wide mass scanning.

By using GreyNoise to filter out opportunistic probes, benign scanners, and botnet noise, you reveal the statistically significant anomalies that represent targeted attacks. Stop chasing false positives and focus on the signals that actually threaten your perimeter.

How GreyNoise
Helps You Hunt Smarter

Focus effort on highest risks

Eliminate time-consuming research of benign and opportunistic scanning, allowing hunters to focus on infrastructure actually used by threat actors.

Supports threat research and hypothesis development

Hunters can use GreyNoise to conduct threat research, validate assumptions, and explore attack vectors in order to develop hypotheses.

Correlate isolated incidents

GreyNoise helps threat hunters link isolated incidents to larger campaigns by mapping attacker infrastructure and patterns, connecting logged IPs to those exploiting relevant vulnerabilities.

How GreyNoise Maps to the PEAK Hunting Framework

Explore Available Fields

Filter by category & search available IP fields and their uses with GreyNoise.
Categories
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
NAME
Description & Use
Destination Countries
Countries where GreyNoise sensors saw this IP scanning. Indicates target geography.
Destination Countries Count
Count of IPs targeting specific countries. Supports geo-threat monitoring.
Destination Country Codes
ISO codes for countries targeted by scanning. Supports correlation with geo-based IOCs.
Details
Basic CVE details, including CVSS score (Common Vulnerability Scoring System), associated products & vendors, and NIST CVE recognition status. Provides context on the vulnerability itself.
Details CVE CVSS Score
CVSS score assigned to the CVE. Commonly used in risk scoring but should be weighed alongside exploitation activity.
Details Product
The product affected by the vulnerability (e.g., Apache HTTP Server). Used to match against an organization’s asset inventory for prioritization.
Details Published to NIST NVD
Indicates if the vulnerability is published in the NIST National Vulnerability Database. Confirms official recognition and ensures compatibility with standard risk feeds.
Details Vendor
The vendor or developer responsible for the affected product. Helps map vulnerabilities to vendor patch advisories and SLAs.
Details Vulnerability Description
Summary of what the vulnerability is and how it works. Helps analysts understand potential impact and determine exploitability in their environment.
Details Vulnerability Name
Human-readable name of the vulnerability. Practitioners use this for quick recognition when scanning advisories.
Domain
Domain tied to the ASN owner. Provides higher-level ownership context.
Exploitation Activity
Observed IPs scanning or exploiting the vulnerability today, in the last 10 days, and the last 30 days.
Exploitation Activity Benign IP Count (10d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days.
Exploitation Activity Benign IP Count (1d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability today.
Exploitation Activity Benign IP Count (30d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days.
Exploitation Activity Seen
Whether GreyNoise has observed activity related to this CVE.
Destination Countries
Countries where GreyNoise sensors saw this IP scanning. Indicates target geography.
Destination Countries Count
Count of IPs targeting specific countries. Supports geo-threat monitoring.
Destination Country Codes
ISO codes for countries targeted by scanning. Supports correlation with geo-based IOCs.
Details
Basic CVE details, including CVSS score (Common Vulnerability Scoring System), associated products & vendors, and NIST CVE recognition status. Provides context on the vulnerability itself.
Details CVE CVSS Score
CVSS score assigned to the CVE. Commonly used in risk scoring but should be weighed alongside exploitation activity.
Details Product
The product affected by the vulnerability (e.g., Apache HTTP Server). Used to match against an organization’s asset inventory for prioritization.
Details Published to NIST NVD
Indicates if the vulnerability is published in the NIST National Vulnerability Database. Confirms official recognition and ensures compatibility with standard risk feeds.
Details Vendor
The vendor or developer responsible for the affected product. Helps map vulnerabilities to vendor patch advisories and SLAs.
Details Vulnerability Description
Summary of what the vulnerability is and how it works. Helps analysts understand potential impact and determine exploitability in their environment.
Details Vulnerability Name
Human-readable name of the vulnerability. Practitioners use this for quick recognition when scanning advisories.
Domain
Domain tied to the ASN owner. Provides higher-level ownership context.
Exploitation Activity
Observed IPs scanning or exploiting the vulnerability today, in the last 10 days, and the last 30 days.
Exploitation Activity Benign IP Count (10d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 10 days.
Exploitation Activity Benign IP Count (1d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability today.
Exploitation Activity Benign IP Count (30d)
Total number of benign IPs GreyNoise observed scanning or exploiting this vulnerability in the last 30 days.
Exploitation Activity Seen
Whether GreyNoise has observed activity related to this CVE.

Find your needle.

Get a demo
Search for free
Products
Partners
Resources
Company
© 2025 GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo