Creating a GreyNoise Lookup Table


GreyNoise collects data on IP addresses, which can help you understand which events can be ignored. This may help to reduce your number of false positive alerts.

In order to create a GreyNoise Lookup Table, you must be a GreyNoise customer.

Panther has created the following resources to help you set up a GreyNoise Lookup Table via S3 sync:

  • A Panther-managed GreyNoise.API.Noise schema

  • This panther-auxiliary repository. The greynoise_noise directory contains:

    • A script to pull GreyNoise data

    • A CloudFormation template that defines an IAM role, which Panther will assume to access the S3 data

    • A definition for the Lookup Table

How to set up a GreyNoise Lookup Table in Panther

Last updated