Data Module: Internet Scanner - Triage Intelligence Module
Data Dictionary: Internet Scanner - Triage Intelligence Module Entitlements
This outlines the field types associated with the IP and Query endpoint responses that are entitled based on purchasing the Internet Scanner - Triage Intelligence Module.
| Field Name | Field Type | Example | Description | Query Sample |
|---|---|---|---|---|
| actor | string | unknown | Confirmed owner or operator of the IP address. | Sample |
| bot | boolean | false | Indicates whether the IP is associated with known bot activity. | Sample |
| classification | string | unknown | Classification of the IP address. Possible values: benign, unknown, malicious, suspicious. | Sample |
| ip | string | 1.2.3.4 | IP address observed on the GreyNoise sensor network. | |
| last_seen | date | 2021-12-31 | Date when the IP was most recently observed on the GreyNoise sensor network (YYYY-MM-DD format). | Sample |
| metadata | object | { 'asn': 'AS18881', 'city': 'Brasília', 'organization': 'Acme Inc', 'category': 'isp', 'mobile': True, 'tor': False, 'rdns': 'scanner.acme.inc', 'region': 'Federal District', 'source_country': 'Brazil', 'source_country_code': 'BR' } | Additional metadata about the IP address. | |
| metadata.asn | string | AS37963 | ASN (Autonomous System Number) associated with the IP address. | Sample |
| metadata.category | string | hosting | Category of the IP address such as hosting or ISP. | Sample |
| metadata.city | string | Miami | City where the IP address is registered or operates. | Sample |
| metadata.mobile | boolean | true | Defines if the IP is part of a known cellular network. | Sample |
| metadata.organization | string | FranTech Solutions | Organization associated with the IP address. | Sample |
| metadata.source_country | string | United States | Country where the IP address is registered or operates. | Sample |
| metadata.source_country_code | string | US | Country code of the IP address based on ISO 3166-1 alpha-2. | Sample |
| metadata.rdns | string | miamitor4.us | rDNS (reverse DNS lookup) value for the IP address. | Sample |
| metadata.region | string | Florida | Region (state or province) where the IP address is registered or operates. | Sample |
| metadata.tor | boolean | true | Indicates whether the IP is a known Tor exit node. | Sample |
| seen/noise | boolean | true | Indicates if the IP was observed scanning the GreyNoise sensor network. Also referred to as 'noise'. | |
| spoofable | boolean | false | Indicates whether the IP completed a three-way handshake with the GreyNoise sensor network. If false, the traffic may be spoofed. | Sample |
| tags | string list | [ "Carries HTTP Referer", "Cobalt Strike SSH Client", "Follows HTTP Redirects" ] | Tags describing the observed scanning behavior of the IP address. | Sample |
| vpn | boolean | false | Indicates if the IP is associated with a known VPN service. | Sample |
| vpn_service | string | PIA_VPN | Name of the VPN service associated with the IP (if applicable). | Sample |
Updated 6 days ago