SOAR Integration Overview: Tines
Add GreyNoise API Key to Credentials
From the Your Teams Menu, expand the Team you want to add your API key to, then select Credentials. Click the New Credential button, and create a credential named "greynoise". Enter your GreyNoise API key in the "value" box, select the Access level and Save the credential.
Adding your GreyNoise API key as a Tines credential
GreyNoise credential details.
Add GreyNoise Action to your Story
One or more actions can be pulled from the Tines Public Template library from the GreyNoise folder to integrate GreyNoise into your Stories.
Searching for GreyNoise actions in the Public Templates
Once the action is added to your Story and connected to a source action, configure the GreyNoise action to pull the IP value to be queried from the previous step (for example, {{ .receive_alerts.body.ip }}) and ensure the credential value matches the one included in the credential store.
Adding GreyNoise IP Lookups to a Story
Updating a GreyNoise action to pull the appropriate IP value from a previous action.
Once the lookup is completed, triggers can be added to pivot the work based on the GreyNoise response. For example, checking to see if the riot field is true or false from the RIOT IP Lookup action.
Adding a trigger to pivot on the "RIOT" key in the RIOT IP Lookup action.
Updated about 1 month ago