SOAR Integration Overview: Chronicle SOAR (Siemplify)
Install From MarketPlace
To install the GreyNoise Integration within Siemplify, navigate to the Siemplify Marketplace, search for GreyNoise then select Install from the Integration Information window.
Searching for GreyNoise in Siemplify Marketplace
Configure an Instance of the GreyNoise Integration
To begin using the GreyNoise integration, browse to Integrations -> Select the Environment -> Then Click the + and choose GreyNoise to add it.
Adding a new Instance of GreyNoise to Siemplify
Once the Integration Instance is added, select the Gear Icon to modify the parameter for the integration and enter a GreyNoise API Key. Use the Test button to confirm the integration setup is working.
Adding the GreyNoise API key and testing
Performing an On-Demand IP Lookup
From a Case, using the Manual Action button, select GreyNoise from the installed integrations, then select which Lookup to perform.
Choose the Instance, Alert and Entities settings, then Execute the Lookup:
GreyNoise Manual Action Fire - Context Lookup
To see the results, check the Case Wall for details:
Navigate to the Playground War Room to see the results of the lookup:
GreyNoise Quick Lookup Result
Also, look for Entity Insights that Provide overview details based on the Lookup Performed:
GreyNoise Entity Insight from Context Lookup
GreyNoise Entity Insight from RIOT Lookup
Playbooks
GreyNoise Actions can also be added to any playbook and used to provide context and modify a case, based on desired workflow and results of the lookup.
Updated about 1 year ago