What is Project Swarm?

Project Swarm is a GreyNoise research initiative that opens the GreyNoise deception platform to the global security community. By allowing trusted partners to contribute sensors, device profiles, and detection rules, Project Swarm transforms GreyNoise from a proprietary sensor network into a collective intelligence platform.

Project Swarm is a community-driven effort to improve the breadth, diversity, and speed of global internet threat intelligence for all GreyNoise users, both paid and free.

How it Works

Project Swarm is built on three pillars that contributors participate in:

• IP Coverage: Deploy sensors on your own infrastructure to expand the geographic and network diversity of the Global Observation Grid.
• Device Coverage: Bring device profiles for the edge assets you know best — firewalls, routers, VPN gateways — so sensors appear as real, high-value targets to attackers.
• Detection Velocity: Contribute detection rules and tags to identify attacker TTPs faster than GreyNoise can alone.

Capabilities Available to Project Swarm Users

When you deploy a GreyNoise sensor through Project Swarm, the traffic it captures is yours to work with, with the analysis tooling of the full GreyNoise platform behind it.

• Full Session Capture: Every session is recorded with full fidelity: raw PCAPs, payloads, HTTP headers, TLS metadata, and behavioral artifacts. You see exactly what attackers sent and how they behaved, not just that they probed.
• Sensor Traffic Visibility: View all traffic hitting your deployed sensors via the GreyNoise Explorer.
• Query Interface & Packet Inspection: Search across 250+ traffic fields with packet-level inspection.
• Diff Against the Global Baseline: Compare your sensor traffic against the GreyNoise global baseline to identify what's specifically targeting your IP space versus what's hitting the broader internet.
• Realistic Attacker Interaction: Traffic is forwarded to GreyNoise, where 200+ realistic device profiles handle the full attacker interaction, from protocol handshakes to full exploitation, so captures go deeper than a standard honeypot probe.
• Research Access: Use collected traffic for independent security research: reverse-engineer exploit attempts, track scanning campaign evolution, study behavioral patterns, and correlate early-stage recon against CVE disclosures.

Who is Project Swarm for?

Project Swarm is designed for researchers, security practitioners, and organizations that want direct visibility into real-world attack activity and the ability to actively analyze it.

It is used by:

• Security researchers investigating attack patterns, discovering new threats, and publishing findings
• SOC teams, threat hunters, and incident responders seeking targeted threat intelligence specific to their environment
• Enterprise and vendor security teams looking for visibility into how their products or infrastructure are being attacked in the wild
• MSSPs and managed security providers deploying and managing sensor fleets on behalf of clients across diverse environments
• Government and national cybersecurity agencies monitoring threats against critical infrastructure or sovereign IP space
• Academic researchers and honeypot operators studying attack methodologies and large-scale threat behavior

Project Swarm supports varying levels of technical depth, from teams looking for turnkey analysis to advanced practitioners who want raw packet data and flexible investigation workflows.

Who can access Project Swarm?

Project Swarm is available to anyone with a GreyNoise account. If you don't have one, you can create a free account at viz.greynoise.io.