Demo - Cortex XSOAR / GreyNoise Integration

Summary

GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. Cortex™ XSOAR is a comprehensive security orchestration, automation and response (SOAR) platform that unifies case management, automation, real-time collaboration and threat intel management to serve security teams across the incident lifecycle.

This integration with Cortex XSOAR and GreyNoise allows users to enrich alerts in XSOAR with GreyNoise data, filter false-positives, identify compromised devices, and track emerging threats. The full integration code for the GreyNoise Integration Pack can be found here on GitHub.

What does the GreyNoise Pack do?The playbooks and actions in this pack help you to reduce Internet-background noise and benign services from your Incident Response work.They also help automate repetitive tasks associated with routable IPv4 addresses:

  • Query an IP to determine if it is Internet-Background Noise
  • Query an IP to determine if it is a Benign Service
  • Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
  • Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
  • Calculate the severity of the incident using GreyNoise IP reputation data

This Pack Contains two Integrations:

  • GreyNoise - this integration is intended for those users that have a Paid GreyNoise subscription
  • GreyNoise Community - this integration is intended for those users that use the free GreyNoise Community API

GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. Cortex™ XSOAR is a comprehensive security orchestration, automation and response (SOAR) platform that unifies case management, automation, real-time collaboration and threat intel management to serve security teams across the incident lifecycle.

This integration with Cortex XSOAR and GreyNoise allows users to enrich alerts in XSOAR with GreyNoise data, filter false-positives, identify compromised devices, and track emerging threats. The full integration code for the GreyNoise Integration Pack can be found here on GitHub.

What does the GreyNoise Pack do?The playbooks and actions in this pack help you to reduce Internet-background noise and benign services from your Incident Response work.They also help automate repetitive tasks associated with routable IPv4 addresses:

  • Query an IP to determine if it is Internet-Background Noise
  • Query an IP to determine if it is a Benign Service
  • Query the GreyNoise data set for common trends by looking for CVEs, paths, ports or fingerprints
  • Pull stats from the GreyNoise data set for threat hunting and identifying emerging threats
  • Calculate the severity of the incident using GreyNoise IP reputation data

This Pack Contains two Integrations:

  • GreyNoise - this integration is intended for those users that have a Paid GreyNoise subscription
  • GreyNoise Community - this integration is intended for those users that use the free GreyNoise Community API
Read the transcript