Just Released! Β Β GreyNoise 2026 State Of The Edge Report
February was anything but quiet in the GreyNoise universe. From digging into where edge attacks really concentrate in our 2026 State of the Edge Report to gearing up for a packed March with eCrime & Cybersecurity Congress, secIT, and GreyNoise University LIVE, weβve been busy separating real threats from, wellβ¦ the noise. Below, youβll find our favorite blogs, from weird strings that exposed full-on operations to new twists in Ivanti and BeyondTrust exploitation...plus plenty of chances to nerd out with us live next month.
β
VP of Data Science + Research, Bob Rudis, creatively gives his thoughts, hot-takes, and whatever else he feels like.
β
.png)
New GreyNoise research reveals where attackers really target edge infrastructure and where defenses fall short. Based on 162 days of internet-scale data, we surface surprising RCE patterns, legacy CVE abuse, and residential botnet growth, then show how behavioral detection and clustering turn noisy edge traffic into a few high-impact blocking decisions. Download the report today + join us March 17 at 2pm for a live webinar with Andrew Morris, Shawn Smagh, and Bob Rudis to break it all down.
GreyNoise Intelligence Is Available Across the CrowdStrike Falcon Platform
GreyNoise intelligence is now available natively across three CrowdStrike Falcon surfaces β Next-Gen SIEM, Falcon Fusion SOAR, and Charlotte AI. The GreyNoise Foundry App, available on the CrowdStrike Marketplace, delivers IP classification, behavioral tags, and CVE exploitation context directly into Falcon workflows. Whether your team is building correlation rules in Next-Gen SIEM, automating response playbooks in Fusion SOAR, or exploring agentic triage with Charlotte AI, GreyNoise classification data is there.
Read the full post >>
Feature Release: Additional JA4+ Fields Now Supported in GNQL
GreyNoise Hunt customers can now query four new JA4+ fingerprinting fields in GNQL β JA4H (HTTP), JA4T (TCP), JA4SSH (SSH), and JA4L (Latency). These fields let you pivot on behavioral fingerprints instead of just IP reputation, even when traffic is encrypted or User-Agent strings are spoofed. Cluster attacker infrastructure, identify shared tooling, detect VPN/proxy masking, and build higher-confidence investigations across multiple protocol layers.
β
β
At the Edge Clear offers the public a preview of GreyNoiseβs weekly At the Edge intelligence brief, featuring select insights distilled from internet activity observed across the GreyNoise Global Observation Grid. View report >>
β
β
β
*Have a joke you want included in the next NoiseLetter? Submit Your Joke >>
.jpg)
February was anything but quiet in the GreyNoise universe. From digging into where edge attacks really concentrate in our 2026 State of the Edge Report to gearing up for a packed March with eCrime & Cybersecurity Congress, secIT, and GreyNoise University LIVE, weβve been busy separating real threats from, wellβ¦ the noise. Below, youβll find our favorite blogs, from weird strings that exposed full-on operations to new twists in Ivanti and BeyondTrust exploitation...plus plenty of chances to nerd out with us live next month.
β
VP of Data Science + Research, Bob Rudis, creatively gives his thoughts, hot-takes, and whatever else he feels like.
β
New GreyNoise research reveals where attackers really target edge infrastructure and where defenses fall short. Based on 162 days of internet-scale data, we surface surprising RCE patterns, legacy CVE abuse, and residential botnet growth, then show how behavioral detection and clustering turn noisy edge traffic into a few high-impact blocking decisions. Download the report today + join us March 17 at 2pm for a live webinar with Andrew Morris, Shawn Smagh, and Bob Rudis to break it all down.
GreyNoise Intelligence Is Available Across the CrowdStrike Falcon Platform
GreyNoise intelligence is now available natively across three CrowdStrike Falcon surfaces β Next-Gen SIEM, Falcon Fusion SOAR, and Charlotte AI. The GreyNoise Foundry App, available on the CrowdStrike Marketplace, delivers IP classification, behavioral tags, and CVE exploitation context directly into Falcon workflows. Whether your team is building correlation rules in Next-Gen SIEM, automating response playbooks in Fusion SOAR, or exploring agentic triage with Charlotte AI, GreyNoise classification data is there.
Read the full post >>
Feature Release: Additional JA4+ Fields Now Supported in GNQL
GreyNoise Hunt customers can now query four new JA4+ fingerprinting fields in GNQL β JA4H (HTTP), JA4T (TCP), JA4SSH (SSH), and JA4L (Latency). These fields let you pivot on behavioral fingerprints instead of just IP reputation, even when traffic is encrypted or User-Agent strings are spoofed. Cluster attacker infrastructure, identify shared tooling, detect VPN/proxy masking, and build higher-confidence investigations across multiple protocol layers.
β
β
At the Edge Clear offers the public a preview of GreyNoiseβs weekly At the Edge intelligence brief, featuring select insights distilled from internet activity observed across the GreyNoise Global Observation Grid. View report >>
β
β
β
*Have a joke you want included in the next NoiseLetter? Submit Your Joke >>
