Creating a GreyNoise Custom Enrichment

Overview

GreyNoise collects data on IP addresses, which can help you understand which events can be ignored. This may help to reduce your number of false positive alerts.

In order to create a GreyNoise enrichment, you must be a GreyNoise customer.

Panther has created the following resources to help you set up a GreyNoise enrichment via S3 sync:

A Panther-managed GreyNoise.API.Noise schema
This panther-auxiliary repository. The greynoise_noise directory contains:
- A script to pull GreyNoise data
- A CloudFormation template that defines an IAM role, which Panther will assume to access the S3 data
- A definition for the enrichment table

How to set up a GreyNoise enrichment in Panther

Follow these instructions in the greynoise_noise folder's README.

PreviousCustom Enrichments NextCustom Enrichment Examples

Last updated 17 days ago

Was this helpful?