GreyNoise Full IP Lookup Data Adapter

The following article exclusively pertains to a Graylog Enterprise feature or functionality. To learn more about obtaining an Enterprise license, please contact the Graylog Sales team.

The Greynoise Enterprise data adapter performs an IP context lookup. It retrieves time ranges, IP metadata, associated actors, activity tags, raw port scan, and web request information.

For information on the GreyNoise data adapter for Graylog Open, see GreyNoise Quick IP Lookup Data Adapter.

Warning: The GreyNoise Full IP Lookup and GreyNoise Quick IP Lookup cannot be used with free GreyNoise Community API tokens. Please remove any non-licensed data adapters.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

  • You must have a valid Graylog Enterprise license.

  • You must have a GreyNoise Enterprise subscription.

  • You will need GreyNoise API access. You can obtain API access credentials from GreyNoise. Also, you will need an API key to authenticate your requests.

Configure the Data Adapter

You can create a data adapter during the lookup table creation workflow, or they can be created separately on the Data Adapters tab. The following configuration options are available for this data adapter:

Title

A short and unique title for this data adapter.

Description

Data adapter description.

Name

The name used to refer to this data adapter. This should be something unique and recognizable within your Graylog environment.

Custom Error TTL

Time-to-live for custom error messages in seconds. This controls how long custom error responses are cached. If no value is specified, the default is 5 seconds.

API Token

This token is used to authenticate your requests to the GreyNoise API. It must belong to an account with a GreyNoise Enterprise subscription.

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: