Alerting - direction of travel
I'd be grateful if someone could clarify if, when I set up an alert for my public IP address space. Does this notify for traffic matching the alert criteria originating from my IP space outbound towards the internet, for traffic matching the alert criteria destined for my IP space originating from the internet, or does it alert in both directions?
Posted by Jambo 6 months ago
GreyNoise threat intel feed into GuardDuty
Does GreyNoise have a feed that I can use in GuardDuty for alerting?
Posted by andrewschmidt about 1 year ago
Bad IP list updated
How often is the Bad IP list for Greynoise updated? Every 24 hours?
Posted by Naveen Prabhu over 1 year ago
Tracking vulnerability exploitation
Is it possible to use the greynoise API to return a list of all CVEs that are observed to be exploited? That is, to track observed (not successful) exploitation over time?
Posted by Sasha Romanosky over 1 year ago
What IP addresses does GreyNoise listen on
Received an alert for one of our addresses - realise it could be spoofed but would like to check our logs against the known GreyNoise IPs to rule the alert out..
Posted by Mark over 1 year ago
Very limited data on one of the two major ISP's in the Philippines
In the Philippines, there are two major ISP's: PLDT and Globe. There's also a new kid on the block called Dito. PLDT is the biggest of the three, but GreyNoise has data on only 3 (!) IP addresses belonging to PLDT. https://www.greynoise.io/viz/query/?gnql=metadata.organization%3APLDT Meanwhile, Globe has over 7,000 and Dito has over 170. https://www.greynoise.io/viz/query/?gnql=metadata.organization%3AGlobe https://www.greynoise.io/viz/query/?gnql=metadata.organization%3ADito So I'm just wondering what is going on here. Where are you guys getting your data for Philippine IP's?
Posted by Lambert about 2 years ago
metadata.rdns does not find a certain IP address
Searching for metadata.rdns:research-scanner.com does not find 184.108.40.206 It has 19 results excluding 220.127.116.11 Please advise.
Posted by Viktor Szépe about 2 years ago
Supports querying of IPv6
Does greynoise ip-context api supports querying ipv6 addresses also?
Posted by Lil Thapa over 2 years ago
Hi, How can we query the RIOT database using the API? Is it only through IP lookup, or can we query it via tags, like the GNQL queries? Thank you.
Posted by Ashley over 2 years ago
How many API hits allowed per second or day with a greynoise subscription account?
Posted by Haseeb over 2 years ago