This is a Graylog Operations feature and is only available since Graylog v3.3+. A valid Graylog Operations license is required.

The GreyNoise Data adapter retrieves details about a given IP address and provides time ranges, IP metadata (network owner, ASN, reverse DNS pointer, country), associated actors, activity tags, raw port scan, and web request information.

Warning: With Graylog 5.2, the GreyNoise Community IP Lookup Data Adapter has been deprecated. Existing data adapters will cease to return results. The GreyNoise Full IP Lookup and GreyNoise Quick IP Lookup cannot be used with free GreyNoise Community API tokens. Please remove any non-licensed data adapters.

GreyNoise Quick IP Lookup

The GreyNoise Quick IP Lookup does an IP Quick Context lookup and determines whether a given IP address has been observed taking part in activities (like scanning or attacking devices) or if it just "internet background noise". For additional information, see the Greynoise IP Quick Context lookup page.

GreyNoise Lookup [Operations]

Warning: This is a Graylog Operations feature and is only available since Graylog version 4.1. A valid Graylog Operations license is required.

The Greynoise Operations version does an IP Context lookup. It retrieves time ranges, IP metadata, associated actors, activity tags, raw port scan and web request information.

For additional information, see the Greynoise IP Context lookup page.