Understanding Business Services Intelligence (formerly RIOT)
What is Business Services Intelligence (formerly RIOT)?
Business Services Intelligence is a dataset GreyNoise offers that provides context to users about IP addresses tied to common business services. Business Services Intelligence helps add identification information to IP addresses and enables practitioners to make decisions about IPs based on the business service infrastructure they use. These decisions can include filtering out known IPs from logs, identifying outbound connections to unidentified services, validating IP addresses before they are added to firewall blocklists, and providing general context to help analysts make decisions faster.
How did we create Business Services Intelligence?
Business Services Intelligence tracks the IP space for common business services, including CDNs, update servers, public DNS and NTP services, SaaS APIs, and cloud security products. Our engineering and research teams have implemented several tactics and methods to acquire, track, curate, and age off RIOT data over time. The data is refreshed regularly to ensure the list contains the most up-to-date information for each provider in the dataset.
What Business Services Intelligence is not?
Business Services Intelligence is not a safe list or allow list and should not be used as a network Access Control List. It does not provide insight into activities associated with specific IP addresses or their classifications. Business Services Intelligence is not an IP enrichment service that aims to provide geolocation or organizational ownership.
Business Services Intelligence Trust Levels
Business Services Intelligence data is separated into three trust levels: Level 1, Level 2, and Level 3. Trust Levels within the GreyNoise Business Services Intelligence dataset provide analysts with context about how much they can trust an IP address, given which business service it belongs to. You can read more details here.
Business Services Intelligence Responses in API
Enterprise Business Services Intelligence API
{
"ip": "8.8.8.8",
"riot": true,
"category": "public_dns",
"name": "Google Public DNS",
"description": "Google's global domain name system (DNS) resolution service.",
"explanation": "Public DNS services are used as alternatives to ISP's name servers. You may see devices on your network communicating with Google Public DNS over port 53/TCP or 53/UDP to resolve DNS lookups.",
"last_updated": "2024-12-12T13:11:04Z",
"reference": "https://developers.google.com/speed/public-dns/docs/isp#alternative",
"trust_level": "1"
}Community API
{
"ip": "8.8.8.8",
"noise": true,
"riot": true,
"classification": "unknown",
"link": "https://viz.greynoise.io/ip/8.8.8.8",
"last_seen": "2024-12-08",
"message": "Success"
}%Sources + Examples
We have 150 million IPs currently in our Business Services Intelligence dataset. (As of May 2026)
Examples
Google Public DNS - https://viz.greynoise.io/ip/8.8.8.8
Github - https://viz.greynoise.io/ip/18.213.123.130
Pingdom - https://viz.greynoise.io/ip/64.237.55.3
Zscaler - https://viz.greynoise.io/ip/185.46.212.0
Datadog - https://viz.greynoise.io/ip/3.233.144.0
Cloudflare - https://viz.greynoise.io/ip/103.21.244.0
Atlassian - https://viz.greynoise.io/ip/18.136.214.96
Can an IP address exist in both the Internet Scanner Intelligence and Business Services Intelligence datasets?Yes, we do, in some cases observe internet scanning from infrastructure that is tied to a common business service, such as internet scanning come out of infrastructure that is operated by Google or Amazon. In these situations, since the Internet Scanner Intelligence dataset provides insights into observed activity, it should be applied in the analysis and evaluation of an IP first, then the Business Services Intelligence dataset can be used as additional context.
Updated 9 days ago