Integration Overview: Splunk Phantom
Download App from My Phantom
From https://my.phantom.us, browse to the Apps for Phantom section, locate the GreyNoise app and download a copy (the latest version is v2.1.1).
The GreyNoise App download from Phantom App store
Install From Phantom Apps
From within Phantom, in the Apps UI, click the Install App button
Click the Install App button
Select the downloaded GreyNoise App bundle and click Install
Installing the GreyNoise App
GreyNoise App details
Configure an Instance of the GreyNoise Integration
The GreyNoise App will appear under the Unconfigured Apps menu. Select the Configure New Asset button. Give the asset a name and description.
Creating a new GreyNoise Asset
Under the Asset Settings section, add a GreyNoise API key and configure a GNQL to use for the On Poll action.
Adding the GreyNoise API Key
Performing an On-Demand IP Lookup
A variety of actions can be run on-demand, including IP Reputation (Noise), RIOT Lookup and Community API Lookup.
IP Reputation (Noise) Lookup results
RIOT IP Lookup results
Community IP Lookup results
Playbooks
In addition to the App, GreyNoise has also published playbooks that can help with common tasks. The playbooks can be downloaded from my.phantom.us and uploaded to your local phantom instance.
GreyNoise Update Severity from IP Reputation
GreyNoise On Poll Set Severity
Updated about 1 month ago