Alerts

What is GreyNoise Alerts?

The GreyNoise Alerts feature notifies analysts when a query they care about has results in our data. An Alert can be anything searchable via GNQL query such as, specific IP (and other IP data), asn (and other metadata fields), scan.port (and other Raw Data fields). You can string any of these fields together to make your search more specific to your interests. The GNQL cheat sheet lists all the searchable fields

Creating an Alert

Alerts are configured within the GreyNoise Visualizer alerts interface. Alerts from GreyNoise can be ingested into an appropriate platform so that an incident investigation can be started. To create an alert, select the "Alerts" tab in the hearder.

While on the Alert creation page, select "Create Alert" and fill in the criteria requested.

After saving the Alert, you can monitor it, along with other active Alerts, to make any edits or disable.

You will receive an email from [email protected] with any daily results that match the inputed query.