SOAR Integration Overview: Splunk SOAR (Phantom)
Download App from Splunkbase
Find the latest version here: https://splunkbase.splunk.com/app/6347/.
The GreyNoise App download from SplunkBase
Install From Splunk SOAR Apps
From within Splunk SOAR, in the Apps UI, click the Install App button
Click the Install App button
Select the downloaded GreyNoise App bundle and click Install
Installing the GreyNoise App
GreyNoise App details
Configure an Instance of the GreyNoise Integration
The GreyNoise App will appear under the Unconfigured Apps menu. Select the Configure New Asset button. Give the asset a name and description.
Creating a new GreyNoise Asset
Under the Asset Settings section, add a GreyNoise API key and configure a GNQL to use for the On Poll action.
Adding the GreyNoise API Key
Performing an On-Demand IP Lookup
A variety of actions can be run on-demand, including IP Reputation (Noise), RIOT Lookup and Community API Lookup.
IP Reputation (Noise) Lookup results
RIOT IP Lookup results
Community IP Lookup results
Playbooks
In addition to the App, GreyNoise has also published playbooks that can help with common tasks. The playbooks can be downloaded from my.phantom.us and uploaded to your local phantom instance.
GreyNoise Update Severity from IP Reputation
GreyNoise On Poll Set Severity
Updated about 1 year ago