Incoming feed - GreyNoise Noise Incoming Feed#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport type

GreyNoise Noise Incoming Feed

Content type

GreyNoise Noise JSON

Endpoint(s)

https://api.greynoise.io/v2/experimental/gnql

Description

Retrieves IP address objects from the GNQL query endpoint to create Indicator entities.

Requirements#

  • GreyNoise subscription with GreyNoise Enterprise API access and FEED access included in your subscription. Contact customersuccess@greynoise.io for more information about this feature.

  • GreyNoise API Key

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. Under Transport and content, fill in these fields:

    Note

    * Required field.

    Field

    Value

    Transport type*

    Select GreyNoise Noise Incoming Feed from the drop-down menu.

    Content type*

    Select GreyNoise Noise JSON from the drop-down menu.

    API URL*

    Default: https://api.greynoise.io

    API key*

    Enter your GreyNoise API key.

    Start ingesting from*

    Select a date and time. This feed will retrieve objects using GNQL with a last_seen value set to this date and time.

    Classification*

    Include only indicators from GreyNoise that contain these GreyNoise classifications. For a list of possible classifications, see GreyNoise classifications

    Default: Malicious

    SSL verification

    Selected by default. Select this option to enable SSL for this feed.

    Path to your SSL certificate

    Used when connecting to a feed source that uses a custom CA.

    To use an SSL certificate, it must be:

    • Accessible on the EclecticIQ Intelligence Center host.

    • Placed in a location that can be accessed by the eclecticiq user.

    • Owned by eclecticiq:eclecticiq.

    To make sure that EclecticIQ Intelligence Center can access the SSL certificate:

    1. Upload the SSL certificate to a location on the EclecticIQ Intelligence Center host.

    2. On the EclecticIQ Intelligence Center host, open the terminal.

    3. Change ownership of the SSL certificate by running as root in the terminal:

      chown eclecticiq:eclecticiq /path/to/cert.pem

      Where /path/to/cert.pem is the location of the SSL certificate EclecticIQ Intelligence Center needs to access.

  3. To store your changes, click Save; to discard them, click Cancel.