GreyNoise connector
Serverless Stack
The GreyNoise connector communicates with the GreyNoise API to detect and classify Internet scanning noise.
You can create connectors in Stack Management > Connectors. For example:
GreyNoise connectors have the following configuration properties:
- API Key
- The GreyNoise API key for authentication.
You can test connectors as you're creating or editing the connector in Kibana.
The GreyNoise connector has the following actions:
- Get IP Context
-
Get detailed context and classification information about an IP address.
- IP (required): The IPv4 address to look up.
- Quick Lookup
-
Quickly check if an IP is classified as noise.
- IP (required): The IPv4 address to check.
- Get Metadata
-
Retrieve metadata about an IP address including geolocation and ASN.
- IP (required): The IPv4 address.
- RIOT Lookup
-
Check if an IP belongs to a known benign service (Rule It Out).
- IP (required): The IPv4 address.
Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.
To use the GreyNoise connector, you need an API key:
- Go to GreyNoise.
- Sign up for an account or log in.
- Navigate to your Account Settings.
- Find your API Key in the API section.
- Copy the API key to configure the connector.