SOAR Integration Overview: XSOAR (Demisto)
Install From MarketPlace
To install the GreyNoise Content Pack within XSOAR, navigate to the Marketplace, search for GreyNoise
then select Install from the Contact Pack Details page.
![Picture1.png 780](https://files.readme.io/223c0e9-Picture1.png)
Searching for GreyNoise in XSOAR Marketplace
![Picture2.png 780](https://files.readme.io/b3482b2-Picture2.png)
Installing GreyNoise Content Pack
Configure an Instance of the GreyNoise Integration
To begin using the GreyNoise integration, browse to Integrations -> Servers & Services and search for GreyNoise within XSOAR. On the GreyNoise Integration item, click the Add Instance link then Enter a GreyNoise API key and test the connection.
![Picture4.png 780](https://files.readme.io/05bdc29-Picture4.png)
Adding a new Instance of GreyNoise to XSOAR
![Picture5.png 780](https://files.readme.io/469ec04-Picture5.png)
Adding the GreyNoise API key and testing
Performing an On-Demand IP Lookup
From the XSOAR Playground, start by typing:
!greynoise
As list of available commands will be displayed. Select the greynoise-ip-quick-check option then enter the ip=
input follow by one or more IPs to query:
![Picture6.png 780](https://files.readme.io/7768075-Picture6.png)
GreyNoise command context window
![Picture7.png 780](https://files.readme.io/07145c8-Picture7.png)
GreyNoise Quick Lookup command
Navigate to the Playground War Room to see the results of the lookup:
![Picture8.png 780](https://files.readme.io/b851233-Picture8.png)
GreyNoise Quick Lookup Result
To do a full GreyNoise Context lookup, modify the command to be:
!greynoise !ip ip=x.x.x.x
![Screen Shot 2021-02-22 at 3.32.16 PM.png 1917](https://files.readme.io/7def8c3-Screen_Shot_2021-02-22_at_3.32.16_PM.png)
GreyNoise Context lookup result
To do a perform IP Timeline lookup, run a command similar to the following:
!greynoise-timeline ip="45.164.214.212" days="90" maximum_results="10"
![GreyNoise IP Timeline result](https://files.readme.io/9aa2495-Screenshot_2023-06-08_at_1.57.24_PM.png)
GreyNoise IP Timeline result
To perform an IP Similarity search, run a command similar to the following:
!greynoise-similarity ip="59.88.225.2" minimum_score="95" maximum_results="10"
![GreyNoise Similarity result](https://files.readme.io/54763d2-Screenshot_2023-06-08_at_1.59.28_PM.png)
GreyNoise Similarity result
Playbooks
The XSOAR integration also includes some basic playbooks that can be used in conjunction with the GreyNoise lookup data. Here are some examples:
Calculate Severity for Egress Traffic - Can be used when determining severity of a Destination IP
![Cal_Sev_Egress_Traffic.png 1740](https://files.readme.io/5e3161a-Cal_Sev_Egress_Traffic.png)
GreyNoise Calculate Severity for Egress Traffic Playbook
Calculate Severity for Ingress Traffic- Can be used when determining severity of a Source IP
![Cal_Sav_Ingress_Traffic.png 2130](https://files.readme.io/f8638c8-Cal_Sav_Ingress_Traffic.png)
GreyNoise Calculate Severity for Ingress Traffic Playbook
Calculate Severity - Includes flag for Ingress vs Egress to Trigger Above Workflows
![Calculate_Severity_-_GreyNoise_Wed_Feb_24_2021.png 2448](https://files.readme.io/cb347e1-Calculate_Severity_-_GreyNoise_Wed_Feb_24_2021.png)
GreyNoise Calculate Severity for Egress or Ingress with Flag Traffic Playbook
Generic IP Enrichment Workflow
![IP_Reputation-GreyNoise.png 910](https://files.readme.io/e76fbfd-IP_Reputation-GreyNoise.png)
GreyNoise IP Reputation using GreyNoise Data
Updated 10 months ago