Incoming feed - GreyNoise Noise Incoming Feed#
This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.
GreyNoise Noise Incoming Feed
GreyNoise Noise JSON
Retrieves IP address objects from the GNQL query endpoint to create Indicator entities.
GreyNoise subscription with GreyNoise Enterprise API access and FEED access included in your subscription. Contact firstname.lastname@example.org for more information about this feature.
GreyNoise API Key
Configure the incoming feed#
Create or edit an incoming feed.
Under Transport and content, fill in these fields:
* Required field.
Select GreyNoise Noise Incoming Feed from the drop-down menu.
Select GreyNoise Noise JSON from the drop-down menu.
Enter your GreyNoise API key.
Start ingesting from*
Select a date and time. This feed will retrieve objects using GNQL with a
last_seenvalue set to this date and time.
Include only indicators from GreyNoise that contain these GreyNoise classifications. For a list of possible classifications, see GreyNoise classifications
Selected by default. Select this option to enable SSL for this feed.
Path to your SSL certificate
Used when connecting to a feed source that uses a custom CA.
To use an SSL certificate, it must be:
Accessible on the EclecticIQ Intelligence Center host.
Placed in a location that can be accessed by the
To make sure that EclecticIQ Intelligence Center can access the SSL certificate:
Upload the SSL certificate to a location on the EclecticIQ Intelligence Center host.
On the EclecticIQ Intelligence Center host, open the terminal.
Change ownership of the SSL certificate by running as root in the terminal:
chown eclecticiq:eclecticiq /path/to/cert.pem
/path/to/cert.pemis the location of the SSL certificate EclecticIQ Intelligence Center needs to access.
To store your changes, click Save; to discard them, click Cancel.