GreyNoise

Integration Overview: Splunk SOAR

Suggest Edits

Download App from Splunkbase

Find the latest version here: https://splunkbase.splunk.com/app/6347/.

The GreyNoise App download from SplunkBaseThe GreyNoise App download from SplunkBase

The GreyNoise App download from SplunkBase

Install From Splunk SOAR Apps

From within Splunk SOAR, in the Apps UI, click the Install App button

Click the Install App buttonClick the Install App button

Click the Install App button

Select the downloaded GreyNoise App bundle and click Install

Installing the GreyNoise AppInstalling the GreyNoise App

Installing the GreyNoise App

GreyNoise App detailsGreyNoise App details

GreyNoise App details

Configure an Instance of the GreyNoise Integration

The GreyNoise App will appear under the Unconfigured Apps menu. Select the Configure New Asset button. Give the asset a name and description.

Creating a new GreyNoise AssetCreating a new GreyNoise Asset

Creating a new GreyNoise Asset

Under the Asset Settings section, add a GreyNoise API key and configure a GNQL to use for the On Poll action.

Adding the GreyNoise API KeyAdding the GreyNoise API Key

Adding the GreyNoise API Key

Performing an On-Demand IP Lookup

A variety of actions can be run on-demand, including IP Reputation (Noise), RIOT Lookup and Community API Lookup.

IP Reputation (Noise) Lookup resultsIP Reputation (Noise) Lookup results

IP Reputation (Noise) Lookup results

RIOT IP Lookup resultsRIOT IP Lookup results

RIOT IP Lookup results

Community IP Lookup resultsCommunity IP Lookup results

Community IP Lookup results

Playbooks

In addition to the App, GreyNoise has also published playbooks that can help with common tasks. The playbooks can be downloaded from my.phantom.us and uploaded to your local phantom instance.

GreyNoise GNQL Enrichment

GreyNoise Update Severity from IP Reputation

GreyNoise IP Enrichment

GreyNoise On Poll Set Severity

Updated 4 months ago

Did this page help you?