improved
2021-06-28: API Update - v2 RIOT Additional Key
almost 3 years ago by Brad Chiappetta
Update to v2 RIOT API Endpoint
An update has been pushed to the v2 RIOT endpoint to now include a string response for "trust_level" in addition to the existing keys. The updated response from the endpoint is now:
{
"category": "public_dns",
"description": "Google's global domain name system (DNS) resolution service.",
"explanation": "Public DNS services are used as alternatives to ISP's name servers. You may see devices on your network communicating with Google Public DNS over port 53/TCP or 53/UDP to resolve DNS lookups.",
"ip": "8.8.8.8",
"last_updated": "2021-06-28T13:55:46Z",
"logo_url": "https://www.gstatic.com/devrel-devsite/prod/v9d82702993bc22f782b7874a0f933b5e39c1f0889acab7d1fce0d6deb8e0f63d/cloud/images/cloud-logo.svg",
"name": "Google Public DNS",
"reference": "https://developers.google.com/speed/public-dns/docs/isp#alternative",
"riot": true,
"trust_level": "1"
}
Trust Levels help to indicate benign confidence.
trust_level 1:
The RIOT data resource is conclusive. GreyNoise has high confidence the data extracted by RIOT data resource is reliable and a confident attribution to the target entity.
Examples:
- Zoom: Directly declared as being required to use Zoom
- Google: Google clearly owns and operates this such that data coming from these IPs are attributable to Google
trust_level 2:
The RIOT data resource may not have a direct attribution to the internet actor. A trust_level 2 is given to a subset of a data resource that is known to lease their IPs to other entities.
Examples:
- Cloudflare: While necessary for large portions of the internet to function properly, these are not easily attributable. This is something, as an admin, you may not have a choice to block because it will prevent a significant portion of normal internet usage