Greynoise and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.
GreyNoise is a cybersecurity company that collects, labels, and analyzes Internet-wide scan and attack data. The data is compiled into a feed of Anti-Threat Intelligence to help your security teams reduce noise and prioritize signal-targeted attacks against your company.
This way, it reduces false positives by filtering Internet background noise.
To that end, GreyNoise produces two IP information datasets used for threat enrichment.
NOISE dataset: GreyNoise’s internet-wide sensor network passively collects packets from hundreds of thousands of IPs seen scanning the internet every day.
GreyNoise analyzes and enriches this data to identify behavior, methods, and purpose, giving analysts the context they need to take action. If some companies scan in good faith to help uncover vulnerabilities for network defense, others do it with potentially malicious intent.
The Noise dataset is best used to enrich log events on perimeter and public, internet-facing devices in your environment. You can use this data to help determine if this activity is happening across the internet or targeted specifically at your organization.
RIOT Dataset provides context to communications between your users and common business applications (e.g. Microsoft O365, Google Workspace, and Slack) or services like CDNs and public DNS servers.
These applications communicate through unpublished or dynamic IPs, making it difficult for security teams to track. Without context, this harmless behavior distracts security teams from investigating actual threats.
The RIOT data set is best used to filter outbound traffic leaving your network. It can be applied to determine which traffic is going to known services to focus on the connections going to unknown IPs.