Analyst Integration Overview: Maltego

GreyNoise currently supports two different Transform Sets within Maltego

GreyNoise Community

Available with all versions of Maltego

Transform List

IP Lookup [GreyNoise Community]

• Description: Provides GreyNoise intel data based on the input using the GreyNoise Community API, which is free to use.
• Inputs: maltego.IPv4Address

GreyNoise Enterprise

Requires a Paid version of Maltego

Transform List

To All Details [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated details.
• Inputs: maltego.IPv4Address

To Actor [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated actor information, if available.
• Inputs: maltego.IPv4Address

To Scanned CVEs [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated CVEs that the IP was observed scanning for.
• Inputs: maltego.IPv4Address

To Organization [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated organization information based of IP ownership.
• Inputs: maltego.IPv4Address

To Scanned Ports [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated ports the IP was scanning.
• Inputs: maltego.IPv4Address

To Tags [GreyNoise]

• Description: This transform takes an IPv4 address and checks whether it is part of the GreyNoise internet scanner database. If the IP is found in the dataset, it returns the associated GreyNoise tags attached to the IP.
• Inputs: maltego.IPv4Address

Find Scanning IPs By Actor [GreyNoise]

• Description: This transform takes an actor's name and checks whether it is part of the GreyNoise internet scanner database. If the actor is found in the dataset, it returns the associated IP addresses that have been observed scanning.
• Inputs: maltego.Person

Find Scanning IPs By ASN [GreyNoise]

• Description: This transform takes an ASN and checks whether it is part of the GreyNoise internet scanner database. If the ASN is found in the dataset, it returns the associated IP addresses that have been observed scanning.
• Inputs: maltego.AS

Find Scanning IPs By CVE [GreyNoise]

• Description: This transform takes a CVE and checks whether it is part of the GreyNoise internet scanner database. If the CVE is found in the dataset, it returns the associated IP addresses that have been observed scanning.
• Inputs: maltego.CVE

Find Scanning IPs By Tag [GreyNoise]

• Description: This transform takes a GreyNoise Tag name it returns the associated IP addresses that have been observed scanning.
• Inputs: maltego.Phrase

IP RIOT Lookup [GreyNoise]

• Description: This transform takes an IP Address and checks whether it is part of the GreyNoise common business service (RIOT) database. If the IP is found in the dataset, it returns the associated details.
• Inputs: maltego.IPv4Address

To Similar Scanning IPs [GreyNoise] - NEW

• Description: This transform leverages the GreyNoise IP Similarity tool to identify IP addresses within the GreyNoise internet scanner data set that share a common set of scanning attributes. More information about IP Similarity can be found here: https://docs.greynoise.io/docs/greynoise-ip-similarity
• Inputs: maltego.IPv4Address