# Basic vs. Advanced ### Data Included with GreyNoise Basic Package #### Noise Dataset The following fields are included from the Noise dataset at no extra cost with **GreyNoise Basic**:
Noise Basic Field NameField TypeExampleNoise Basic Field Description
ipstring1.2.3.4IP address that information is about.
actorstringunknownThe confirmed owner/operator of this IP address.
classificationstringunknownIP Classification - possible options: benign, unknown, malicious.
last_seendate2022-09-19Date of last observed behavior on the GreyNoise Sensor network (format: YYYY-MM-DD).
#### RIOT Dataset The following fields are included from the RIOT dataset at no extra cost with **GreyNoise Basic**:
RIOT Basic Field NameField TypeExampleRIOT Basic Field Description
ipstring8.8.8.8IP address that information is about.
namestringGoogle Public DNSThe name of the provider and/or service.
### Data Included with GreyNoise Advanced Package #### Noise Dataset The following fields are included from the Noise dataset with **GreyNoise Advanced**:
Noise Advanced Field NameField TypeExampleNoise Advanced Field Description
actorstringunknownThe confirmed owner/operator of this IP address.
botbooleanfalseData Enrichment - IP is associated with known bot activity.
classificationstringunknownIP Classification - possible options: benign, unknown, malicious.
cvestring list[
"CVE-2021-38645",
"CVE-2021-38647"
]		List of CVEs the IP has been observed scanning for or exploiting
first_seendate2021-11-23Date of first observed behavior on the GreyNoise Sensor network (format: YYYY-MM-DD).
ipstring1.2.3.4IP address that information is about
last_seen_timestampdate2021-12-31Date of last observed behavior on the GreyNoise Sensor network (format: YYYY-MM-DD).
metadataobject

{

"asn": "AS37963",

"category": "hosting",

"city": "Hangzhou",

"country": "China",

"country_code": "CN",

"organization": "Hangzhou Alibaba Advertising Co.,Ltd.",

"os": "Linux 3.11+",

"rdns": "",

"region": "Zhejiang", "tor": false

}

Data Enrichment - Additional IP metadata.
metadata.asnstringAS37963Data Enrichment - IPs attached ASN.
metadata.categorystringhostingData Enrichment - IPs attached category.
metadata.citystringMiamiData Enrichment - IPs attached city.
metadata.countrystringUnited StatesData Enrichment - IPs attached country.
metadata.country_codestringUSData Enrichment - IPs attached country code.
metadata.organizationstringFranTech SolutionsData Enrichment - IPs attached organization.
metadata.osstringLinux 2.2-3.xData Enrichment - IPs attached operating system.
metadata.rdnsstringmiamitor4.usData Enrichment - rDNS lookup for IP.
metadata.regionstringFloridaData Enrichment - IPs attached region.
metadata.torbooleantrueData Enrichment - IP is a known tor exit node.
raw_dataobject{
"hassh": [
{
"fingerprint": "a7a87fbe86774c2e40cc4a7ea2ab1b3c",
"port": 22
}
],
"ja3": [
{
"fingerprint": "19e29534fd49dd27d09234e639c4057e",
"port": 8443
}
],
"scan": [
{
"port": 22,
"protocol": "TCP"
}
],
"web": {
"paths": [
"/favicon.ico"
],
"useragents": [
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
]
}
}		Observed Activity captured by the GreyNoise sensor network.
raw_data.hasshobject list[
{
"fingerprint": "a7a87fbe86774c2e40cc4a7ea2ab1b3c",
"port": 22
}
]		Observed HAASH activity.
raw_data.hassh.fingerprintstringa7a87fbe86774c2e40cc4a7ea2ab1b3cHASSH Fingerprint captured.
raw_data.hassh.portint22Port observed activity occurred on
raw_data.ja3object list[
{
"fingerprint": "19e29534fd49dd27d09234e639c4057e",
"port": 8443
}
]		Observed JA3 activity.
raw_data.ja3.fingerprintstring19e29534fd49dd27d09234e639c4057eJA3 Fingerprint captured
raw_data.ja3.portint8443Port observed activity occurred on.
raw_data.scanobject list[ { "port": 22, "protocol": "TCP" } ]
raw_data.scan.portint22Port observed activity occurred on.
raw_data.scan.protocolstringTCPProtocol observed activity occurred on.
raw_data.webobject{
"paths": [
"/favicon.ico"
],
"useragents": [
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
]
}		Observed scanning activity occurred with these web objects.
raw_data.web.pathsstring list

[

"/favicon.ico"

]

Observed scanning activity traversed this web path.
raw_data.web.useragentsstring list[
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
]		Observed scanning activity used these user agents.
spoofablebooleanfalseDid this IP complete a three-way handshake with the GreyNoise sensor network? If false, indicates that traffic may be spoofed.
tagsstring list[
"Carries HTTP Referer",
"Cobalt Strike SSH Client",
"Follows HTTP Redirects"
]		List of GreyNoise tags associated with the observed scanning behavior performed by this IP.
vpnbooleanfalseData Enrichment - IP is a known VPN service IP.
vpn_servicestringPIA_VPNIf IP is a known VPN, the name of the associated VPN Service.
#### RIOT Dataset The following fields are included from the RIOT dataset with **GreyNoise Advanced**:
RIOT Advanced Field NameField TypeExampleRIOT Advanced Field Description
ipstring8.8.8.8IP address that information is about.
namestringGoogle Public DNSThe name of the provider and/or service.
categorystringpublic_dnsThe RIOT category the provider belongs to identifying the type of service provided.
descriptionstringGoogle's global domain name system (DNS) resolution service.A description of the provider and what they do.
explanationstringPublic DNS services are used as alternatives to ISP's name servers. You may see devices on your network communicating with Google Public DNS over port 53/TCP or 53/UDP to resolve DNS lookups.An explanation of the category type and what may be expected from this provider and category.
last_updateddatetime2021-11-24T11:42:37ZDate and time when this record was last updated from its source (format: YYYY-MM-DDTHH:MM:SSZ).
logo_urlstringhttps[:]//upload.wikimedia.org/wikipedia/
commons/2/2f/Google_2015_logo.svg		URL to a logo for the provider (unused in most cases and generally can be ignored/excluded).
referenceurlhttps[:]//developers.google.com/speed/
public-dns/docs/isp#alternative		Reference URL for information about this provider and/or service.
trust_levelstring1GreyNoise defines the trust level assigned to this IP/provider. Additional information on trust levels can be found here.