GreyNoise Intelligence

Enrich threat intelligence data and reduce false-positive alerts

Request a DemoRead the Docs

App Info

Panther has partnered with GreyNoise Intelligence to provide integrated threat intelligence to Panther customers and to enrich alerts with GreyNoise IP data. All Panther customers are given access to the Basic GreyNoise package at no additional cost, or customers can upgrade to the Advanced GreyNoise package for more filtering tools and threat hunting.

GreyNoise data sets are available for use as Panther-managed Lookup Tables, so there is no need to make API calls to leverage this enrichment in your detection logic or alerts. Alert events are automatically enriched with GreyNoise data under the p_enrichment field. GreyNoise data can be used in detections with pre-built Python helpers (similar to Python libraries) to access enrichment information.

Use Cases

Panther’s GreyNoise threat intelligence integration helps users to:

  1. Increase alert fidelity
  2. Reduce potential alert storms and false positives
  3. Identify emerging threats based on GreyNoise threat intelligence data
  4. Append context to alerts to provide actionable incident response details

How it works

All Panther customers are given access to threat intelligence from the Basic GreyNoise package at no additional cost. For more advanced filtering and threat hunting, customers can upgrade to an Advanced GreyNoise package.

  1. Alert events are automatically enriched with both custom Lookup Tables and native GreyNoise data under the p_enrichment field in JSON events.
  2. GreyNoise data can be used in detections with pre-built Python helpers (and deep_get) to access enrichment information.
  3. GreyNoise data sets are stored as Panther-managed Lookup Tables in bulk, so there is no need to make API calls to leverage this enrichment in your detection logic or alerts.

You can read more about Panther’s partnership with GreyNoise here, or check out our product documentation for more information.