GreyNoise Feed

Deployable

Verified

Commercial Threat Intel

Overview

GreyNoise Feed provides threat intelligence by distinguishing between benign internet noise and real threats, reducing false positives. Its integration with OpenCTI enables automatic ingestion of IP threat data, improving threat detection accuracy an

The OpenCTI GreyNoise Feed Connector leverages the GreyNoise API to collect Internet scanner IPs, giving security teams timely awareness of background scanning activity on the public internet. By bringing this feed into your intelligence workflow, analysts can quickly distinguish commodity scanners from higher-risk signals, reduce false positives, and focus on events that truly warrant investigation.

As an OpenCTI connector, it authenticates to GreyNoise, periodically fetches the feed, and ingests records as IPv4 observables and optional indicators with appropriate labels and metadata. The connector deduplicates and updates entries over time so OpenCTI stays aligned with the latest feed contents, enabling correlation with internal telemetry, tagging, and downstream automation across detections and response.

Basic information

Integration documentation and codeGreyNoise Feed

Visit the vendor's page to learn more and get in touchVendor Contact

Type

External import

Product minimum version6.8.13

Shares0