Creating a GreyNoise Lookup Table

Overview

GreyNoise collects data on IP addresses, which can help you understand which events can be ignored. This may help to reduce your number of false positive alerts.

In order to create a GreyNoise Lookup Table, you must be a GreyNoise customer.

Panther has created the following resources to help you set up a GreyNoise Lookup Table via S3 sync:

A Panther-managed GreyNoise.API.Noise schema
This panther-auxiliary repository. The greynoise_noise directory contains:
- A script to pull GreyNoise data
- A CloudFormation template that defines an IAM role, which Panther will assume to access the S3 data
- A definition for the Lookup Table

How to set up a GreyNoise Lookup Table in Panther

Follow these instructions in the greynoise_noise folder's README.

PreviousCustom Lookup Tables NextLookup Table Examples

Last updated 2 months ago