SOAR Integration Overview: Tines

Add GreyNoise API Key to Credentials

From the Your Teams Menu, expand the Team you want to add your API key to, then select Credentials. Click the New Credential button, and create a credential named "greynoise". Enter your GreyNoise API key in the "value" box, select the Access level and Save the credential.

875

Adding your GreyNoise API key as a Tines credential

730

GreyNoise credential details.

Add GreyNoise Action to your Story

One or more actions can be pulled from the Tines Public Template library from the GreyNoise folder to integrate GreyNoise into your Stories.

279

Searching for GreyNoise actions in the Public Templates

Once the action is added to your Story and connected to a source action, configure the GreyNoise action to pull the IP value to be queried from the previous step (for example, {{ .receive_alerts.body.ip }}) and ensure the credential value matches the one included in the credential store.

314

Adding GreyNoise IP Lookups to a Story

669

Updating a GreyNoise action to pull the appropriate IP value from a previous action.

Once the lookup is completed, triggers can be added to pivot the work based on the GreyNoise response. For example, checking to see if the riot field is true or false from the RIOT IP Lookup action.

588

Adding a trigger to pivot on the "RIOT" key in the RIOT IP Lookup action.