Enricher - GreyNoise API#
Note
This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.
Specification |
|
|---|---|
Enricher name |
GreyNoise |
Input |
Ipv4. |
Output |
Observables and entities surrounding the enriched IP observables. |
API endpoint |
Default: |
Description |
The GreyNoise extension enriches IPv4 observables on EclecticIQ Intelligence Center using by correlating IPv4 addresses to data from these endpoints:
|
Requirements#
GreyNoise subscription with GreyNoise Enterprise API access. Contact customersuccess@greynoise.io for more information about this feature.
GreyNoise API Key
Configure the enricher#
Note
Required fields are marked with an asterisk (*).
Edit the enricher.
Set the Source reliability for this enricher. All objects produced by this enricher inherits this source reliability.
In the Parameters section, set the following fields:
Field name
Description
API URL*
Default:
https://api.greynoise.ioAPI key*
Enter your GreyNoise API key.
SSL verification
Select to enforce SSL verification.
Path to SSL certificate file
Enter the path to a SSL certificate file located on the EclecticIQ Intelligence Center host filesystem.
To use an SSL certificate, it must be:
Accessible on the EclecticIQ Intelligence Center host.
Placed in a location that can be accessed by the
eclecticiquser.Owned by
eclecticiq:eclecticiq.
To make sure that EclecticIQ Intelligence Center can access the SSL certificate:
Upload the SSL certificate to a location on the EclecticIQ Intelligence Center host.
On the EclecticIQ Intelligence Center host, open the terminal.
Change ownership of the SSL certificate by running as root in the terminal:
chown eclecticiq:eclecticiq /path/to/cert.pem
Where
/path/to/cert.pemis the location of the SSL certificate EclecticIQ Intelligence Center needs to access.
Select Save to save your changes.
Supported observable types#
This enricher supports the following observable types:
ipv4