GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic. Cortex™ XSOAR is a comprehensive security orchestration, automation and response (SOAR) platform that unifies case management, automation, real-time collaboration and threat intel management to serve security teams across the incident lifecycle.
This integration with Cortex XSOAR and GreyNoise allows users to enrich alerts in XSOAR with GreyNoise data, filter false-positives, identify compromised devices, and track emerging threats. The full integration code for the GreyNoise Integration Pack can be found here on GitHub.
What does the GreyNoise Pack do?The playbooks and actions in this pack help you to reduce Internet-background noise and benign services from your Incident Response work.They also help automate repetitive tasks associated with routable IPv4 addresses:
This Pack Contains two Integrations: