Squyre Documentation
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Greynoise

Summary

Data on IP addresses associated with opportunistic internet scanning or common business services, not targeted threats. For more information, check out https://www.greynoise.io/.

This function uses the free community API, so no key is required.

Supports

ipv4

Example Result

Greynoise believes 127.0.0.1 is malicious.

Noise? true
In the RIOT database? false
Last seen 2022-02-06.

More information at: https://viz.greynoise.io/ip/127.0.0.1

Setup

No setup required.

Environment Variables

ONLY_LOG_MATCHES : Set to true (in template.yaml) to only decorate an alert if the indicator was found in Greynoise. Default=false.