Noise Response
Data Dictionary: Noise Response
This outlines the field types associated with the Noise IP Lookup and Multi-Lookup Endpoints and the Individual IP responses in the GNQL Endpoint.
Field Name | Field Type | Example | Description |
|---|---|---|---|
actor | string | unknown | The confirmed owner/operator of this IP address. |
bot | boolean | false | Data Enrichment - IP is associated with known bot activity. |
classification | string | unknown | IP Classification - possible options: benign, unknown, malicious |
cve | string list | [ | List of CVEs the IP has been observed scanning for or exploiting |
first_seen | date | 2021-11-23 | Date of first observed behavior on the GreyNoise Sensor network (format: YYYY-MM-DD) |
ip | string | 1.2.3.4 | IP address that information is about |
last_seen | date | 2021-12-31 | Date of last observed behavior on the GreyNoise Sensor network (format: YYYY-MM-DD) |
metadata | object | { | Data Enrichment - Additional IP metadata |
metadata.asn | string | AS37963 | Data Enrichment - IPs attached ASN |
metadata.category | string | hosting | Data Enrichment - IPs attached category |
metadata.city | string | Miami | Data Enrichment - IPs attached city |
metadata.country OR metadata.source_country | string | United States | Data Enrichment - IPs attached country |
metadata.country_code OR metada.source_country_code | string | US | Data Enrichment - IPs attached county code |
metadata.destination_countries | string list | ['Belarus'] | List of Countries where Sensors that received scanning traffic are located |
metadata.destination_country_codes | string list | ['BY'] | List of Country Codes where Sensors that received scanning traffic are located |
metadata.organization | string | FranTech Solutions | Data Enrichment - IPs attached organization |
metadata.os | string | Linux 2.2-3.x | Data Enrichment - IPs attached operating system |
metadata.sensor_hits | int | 210 | Number of scanning events observed |
metadata.sensor_count | int | 20 | Number of sensor events were observed on |
metadata.rdns | string | miamitor4.us | Data Enrichment - rDNS lookup for IP |
metadata.region | string | Florida | Data Enrichment - IPs attached region |
metadata.tor | boolean | true | Data Enrichment - IP is a known tor exit node |
raw_data | object | { | Observed Activity captured by the GreyNoise sensor network |
raw_data.hassh | object list | [ | Observed HAASH activity |
raw_data.hassh.fingerprint | string | a7a87fbe86774c2e40cc4a7ea2ab1b3c | HASSH Fingerprint captured |
raw_data.hassh.port | string | 22 | Port observed activity occurred on |
raw_data.ja3 | object list | [ | Observed JA3 activity |
raw_data.ja3.fingerprint | string | 19e29534fd49dd27d09234e639c4057e | JA3 Fingerprint captured |
raw_data.ja3.port | int | 8443 | Port observed activity occurred on |
raw_data.scan | object list | [ | |
raw_data.scan.port | int | 22 | Port observed activity occurred on |
raw_data.scan.protocol | string | TCP | Protocol observed activity occurred on |
raw_data.web | object | { | Observed scanning activity occurred with these web objects |
raw_data.web.paths | string list | [ | Observed scanning activity traversed this web path |
raw_data.web.useragents | string list | [ | Observed scanning activity used these user agents |
seen | boolean | true | This IP was observed scanning the GreyNoise sensor network. May also be referenced as "noise" but serves the same purpose. |
spoofable | boolean | false | Did this IP complete a three-way handshake with the GreyNoise sensor network? If false, indicates that traffic may be spoofed. |
tags | string list | [ | List of GreyNoise tags associated with the observed scanning behavior performed by this IP |
vpn | boolean | false | Data Enrichment - IP is a known VPN service IP |
vpn_service | string | PIA_VPN | If IP is a known VPN, the name of the associated VPN Service |
Updated 26 days ago