Discussions

I'd be grateful if someone could clarify if, when I set up an alert for my public IP address space. Does this notify for traffic matching the alert criteria originating from my IP space outbound towards the internet, for traffic matching the alert criteria destined for my IP space originating from the internet, or does it alert in both directions?

Does GreyNoise have a feed that I can use in GuardDuty for alerting?

How often is the Bad IP list for Greynoise updated? Every 24 hours?

Is it possible to use the greynoise API to return a list of all CVEs that are observed to be exploited? That is, to track observed (not successful) exploitation over time?

Received an alert for one of our addresses - realise it could be spoofed but would like to check our logs against the known GreyNoise IPs to rule the alert out..

In the Philippines, there are two major ISP's: PLDT and Globe. There's also a new kid on the block called Dito. PLDT is the biggest of the three, but GreyNoise has data on only 3 (!) IP addresses belonging to PLDT. https://www.greynoise.io/viz/query/?gnql=metadata.organization%3APLDT Meanwhile, Globe has over 7,000 and Dito has over 170. https://www.greynoise.io/viz/query/?gnql=metadata.organization%3AGlobe https://www.greynoise.io/viz/query/?gnql=metadata.organization%3ADito So I'm just wondering what is going on here. Where are you guys getting your data for Philippine IP's?

Searching for metadata.rdns:research-scanner.com does not find 157.245.176.143 It has 19 results excluding 157.245.176.143 Please advise.

Does greynoise ip-context api supports querying ipv6 addresses also?

Hi, How can we query the RIOT database using the API? Is it only through IP lookup, or can we query it via tags, like the GNQL queries? Thank you.