GreyNoise

Integration Overview: Splunk SOAR

Suggest Edits

Download App from Splunkbase

Find the latest version here: https://splunkbase.splunk.com/app/6347/.

1221

The GreyNoise App download from SplunkBase

Install From Splunk SOAR Apps

From within Splunk SOAR, in the Apps UI, click the Install App button

1491

Click the Install App button

Select the downloaded GreyNoise App bundle and click Install

1470

Installing the GreyNoise App

2112

GreyNoise App details

Configure an Instance of the GreyNoise Integration

The GreyNoise App will appear under the Unconfigured Apps menu. Select the Configure New Asset button. Give the asset a name and description.

1186

Creating a new GreyNoise Asset

Under the Asset Settings section, add a GreyNoise API key and configure a GNQL to use for the On Poll action.

1756

Adding the GreyNoise API Key

Performing an On-Demand IP Lookup

A variety of actions can be run on-demand, including IP Reputation (Noise), RIOT Lookup and Community API Lookup.

2648

IP Reputation (Noise) Lookup results

2648

RIOT IP Lookup results

2160

Community IP Lookup results

Playbooks

In addition to the App, GreyNoise has also published playbooks that can help with common tasks. The playbooks can be downloaded from my.phantom.us and uploaded to your local phantom instance.

GreyNoise GNQL Enrichment

2110

GreyNoise Update Severity from IP Reputation

3370

GreyNoise IP Enrichment

1538

GreyNoise On Poll Set Severity

2024

Updated about 1 year ago