GreyNoise
Last updated
Was this helpful?
Last updated
Was this helpful?
Panther has partnered with , a cybersecurity platform that collects and analyzes Internet-wide data, to provide integrated threat intelligence to Panther customers. The GreyNoise integration is an , also known as a Panther-managed Lookup Table.
Use GreyNoise threat intelligence data in your Panther detections to reduce false-positive alerts by:
Ruling out internet background noise from external event sources to ensure you're focused on most critical events first.
Identifying potential opportunistic attacks that may have been allowed into your perimeter.
Identifying emerging threats based on GreyNoise context data and tagging.
The video below shows a demo of the GreyNoise functionality in Panther using the , which is available at no additional cost to all Panther customers.
The Noise dataset features information from GreyNoise’s internet-wide sensor network that passively collects packets from hundreds of thousands of IPs seen scanning the internet every day. GreyNoise analyzes and enriches this data to identify behavior, methods, and intent, giving analysts the context they need to take action.
Noise data is refreshed approximately every hour in Panther.
The RIOT dataset contains IPs used by common business services that are not likely to be used to attack your services. RIOT enables security practitioners to quickly eliminate logs and events generated from common business services from their security telemetry to quickly rule them out.
RIOT data is refreshed approximately every four hours in Panther.
The native GreyNoise integration with Panther includes two different packages options: Basic and Advanced. Both packages include the Noise and RIOT data sets.
Included with the Panther subscription for all customers for unlimited use
Answers the question: “Is this internet background noise or a common business service IP?”
30-day free trial available upon request
Provides full context details from GreyNoise for advanced filtering and hunting
The following diagram visualizes the alert lifecycle in Panther, where native enrichment with GreyNoise and Lookup Tables is supported:
GreyNoise datasets are stored as Panther-managed Lookup Tables in bulk, so there is no need to make API calls to leverage this enrichment in your detection logic or alerts.
GreyNoise helps security analysts save time by revealing which events and alerts they can ignore. They do this by curating data on IPs that saturate security tools with noise. This perspective helps analysts ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats. For more information, please visit .
Both of GreyNoise's Noise and RIOT datasets are available in Panther. Learn more about them in the .
Requires a paid Search Level 6+ subscription tied to your
Alert events are automatically enriched with GreyNoise data (and data) within the p_enrichment field in JSON events.
GreyNoise data can be accessed in detections with (and ).
