Categories: ,




Greynoise and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.

Greynoise Overview

GreyNoise is a cybersecurity company that collects, labels, and analyzes Internet-wide scan and attack data. The data is compiled into a feed of Anti-Threat Intelligence to help your security teams reduce noise and prioritize signal-targeted attacks against your company.

This way, it reduces false positives by filtering Internet background noise.

To that end, GreyNoise produces two IP information datasets used for threat enrichment. 

NOISE dataset: GreyNoise’s internet-wide sensor network passively collects packets from hundreds of thousands of IPs seen scanning the internet every day.

GreyNoise analyzes and enriches this data to identify behavior, methods, and purpose, giving analysts the context they need to take action. If some companies scan in good faith to help uncover vulnerabilities for network defense, others do it with potentially malicious intent.

The Noise dataset is best used to enrich log events on perimeter and public, internet-facing devices in your environment. You can use this data to help determine if this activity is happening across the internet or targeted specifically at your organization.

RIOT Dataset provides context to communications between your users and common business applications (e.g. Microsoft O365, Google Workspace, and Slack) or services like CDNs and public DNS servers.

These applications communicate through unpublished or dynamic IPs, making it difficult for security teams to track. Without context, this harmless behavior distracts security teams from investigating actual threats.

The RIOT data set is best used to filter outbound traffic leaving your network. It can be applied to determine which traffic is going to known services to focus on the connections going to unknown IPs.



  • Improve Analyst Efficiency: NOISE and RIOT datasets help analysts minimize resources wasted on investigations into irrelevant events. Events associated with IPs in GreyNoise noise dataset can be deprioritized as they are likely related to opportunistic internet scan and attack traffic, not targeted reconnaissance
  • Identify Compromised Devices: NOISE can help uncover potentially compromised devices. Defenders can leverage this insight to see if IPs are engaging in unapproved internet scanning or attack behavior and be notified when an IP appears in databases
  • Discover Emerging Threats: Listening to the internet allows to discover unique behaviors and TTPs. Your teams can assess how critical this threat is to your organization and if a protocol should be enacted

Automation Through Mindflow

Automation Use Case

Related Integrations