All Posts

Reduce false positives with GreyNoise threat intelligence in Panther

Avatar

TL;DR:

We’re excited to announce that our new integration with GreyNoise is available in Panther 1.32! 🎉

Panther is built by security engineers, for security engineers – that means we want to enable our customers to focus on what’s most important to them, without distraction from noisy alerts. With the integration of GreyNoise in Panther, security practitioners can better focus on the most important alerts, without taking on additional overhead to add enrichment in external or downstream platforms.

Why did we build this?

It is increasingly challenging for security teams to sift signal from noise due to the overwhelming amount of security data generated by cloud infrastructure. Additionally, “internet background noise”, or traffic generated from common bots, business services, and security researchers, complicates the picture further and can lead to a storm of false-positive alerts without the intelligence to understand what is truly malicious traffic and what is benign. 

Alert noise and false positives are often the most significant challenges that security teams face with SIEM. With this integration, security teams can stay focused on critical alerts and reduce alert fatigue by ruling out internet background noise in their detection and alerting logic.

GreyNoise is a leader in threat intelligence and helps security analysts save time by revealing which events and alerts they can ignore. They do this by curating data on IPs that saturate security tools with noise. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

How does it work?

GreyNoise data sets are available for use as Panther-managed Lookup Tables, so there is no need to make API calls to leverage this enrichment in your detection logic or alerts. Alert events are automatically enriched with GreyNoise data under the p_enrichment field. GreyNoise data can be used in detections with pre-built Python helpers to access enrichment information.

And, here’s a video tour of the GreyNoise integration in Panther so you can see it in action. 

How can you leverage GreyNoise in Panther?

All Panther customers now have access to GreyNoise enrichment data within the Panther threat detection platform. This integration enables security teams to craft detections using contextual data from GreyNoise to evaluate network behavior and categorize or suppress alerts accordingly.  Additionally, context from GreyNoise can be appended to alerts to provide actionable details to speed incident response.

Two levels of threat intelligence data are available through this integration:

  • Threat intelligence from the Basic GreyNoise package is available to all Panther customers, at no additional cost. 
  • Panther customers who wish to do more advanced filtering and threat hunting can upgrade to an Advanced GreyNoise package. 

Learn more about GreyNoise in Panther in our docs.

Get started today

Not using Panther yet? Request a demo to learn how Panther can help you achieve fast, flexible, and scalable threat detection and response.