GreyNoise

GreyNoise Documentation Hub

Welcome to the GreyNoise Documentation Hub. You'll find comprehensive guides and documentation to help you start working with GreyNoise as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    API Reference

Discover Emerging Threats

Use Case: Discover Emerging Threats

Listening to the internet allows GreyNoise to uncover unique behaviors and TTPs. We capture vulnerability lifecycles with our tags to show when scanners are looking for opportunities to exploit recently announced vulnerabilities. For example, when the F5 vulnerability was announced, our team quickly created tags to identify IPs scanning for targets to exploit. Teams can also dynamically research our data using GNQL, the GreyNoise query language.

Another common example is when a new CVE is released, that CVE can be queried each day to see the total number of IPs that are scanning for it, so a team can assist how critical of a threat this is to their organization and if a "break-the-glass" protocol should be enacted.

Scenario 1: Use GreyNoise Visualizer and CLI to Query the GreyNoise dataset

An analyst uses the GreyNoise Visualizer to monitor trends being tracked within GreyNoise and can also do advances queries for the Visualizer and CLI to aid in Threat Hunting or Incident Response.

Querying the GreyNoise Visualizer daily for any new CVE tags/hitsQuerying the GreyNoise Visualizer daily for any new CVE tags/hits

Querying the GreyNoise Visualizer daily for any new CVE tags/hits

Reviewing the GreyNoise trends page for anomalies and trends.Reviewing the GreyNoise trends page for anomalies and trends.

Reviewing the GreyNoise trends page for anomalies and trends.

Using the GreyNoise CLI to view GNQL Stats for CVEs detected in the last dayUsing the GreyNoise CLI to view GNQL Stats for CVEs detected in the last day

Using the GreyNoise CLI to view GNQL Stats for CVEs detected in the last day

Using the GreyNoise CLI to view GNQL IP Context Data for CVEs detected in the last dayUsing the GreyNoise CLI to view GNQL IP Context Data for CVEs detected in the last day

Using the GreyNoise CLI to view GNQL IP Context Data for CVEs detected in the last day

Using the GreyNoise CLI to view GNQL IP Context Data for GN Tag:  F5 BIG-IP TMUI RCEs detected in the last dayUsing the GreyNoise CLI to view GNQL IP Context Data for GN Tag:  F5 BIG-IP TMUI RCEs detected in the last day

Using the GreyNoise CLI to view GNQL IP Context Data for GN Tag: F5 BIG-IP TMUI RCEs detected in the last day

Updated about a month ago


Discover Emerging Threats


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.