Add GreyNoise IPv4 Lookups #88
Comments
|
I dont mind helping to code up, but for repo update will need concurrence from cloudtracer.
Sent from ProtonMail mobile
…-------- Original Message --------
On Aug 27, 2021, 9:57 PM, Brad Chiappetta wrote:
We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io
We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.
Here are links to the API documentation:
Paid API - https://docs.greynoise.io/reference/noisecontextip-1
Free API - https://docs.greynoise.io/reference/get_v3-community-ip
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, [view it on GitHub](#88), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH47RG5ONIFA6YACSWNZXILT66KU7ANCNFSM5C5TLLPQ).
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
|
|
Using community API, below is the integration with GreyNoise Community API. The rest (e.g. Ping Service, IP Lookup, GNQL, Metadata) requires paid API, doable but will need to have a paid API to test out.
[chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlX0lQdjQiLCJsb29rdXBWYXJpYWJsZSI6IkdSRVlOT0lTRV9JUFY0IiwibG9va3VwVHlwZSI6IklQVjQiLCJsb29rdXBVcmwiOiJodHRwczovL2FwaS5ncmV5bm9pc2UuaW8vdjMvY29tbXVuaXR5LyR7UElOQ0guSE9WRVJJVEVNfSIsImh0dHBIZWFkZXJzIjp7ImtleSI6ImJnNXVPMkV2d0FpbTYyREhZOTJ0d0U5WGhFS01CWWl4R2VyN0lkVnNSSEcydjZWcHlBaXpyZFhnVHlJTlZDM1UifSwiaHR0cFR5cGUiOiJHRVQiLCJkYXRhVHlwZSI6IkpTT04iLCJkYXRhU2NoZW1hIjp7IjBfR3JleU5vaXNlX0lQdjQiOnsidGl0bGUiOiJHcmV5Tm9pc2VfSVB2NCIsIm1hcHBpbmciOiIke1BJTkNILkxJTktVUkx9Iiwib3JkZXIiOjAsImxpbmtUaXRsZSI6IiR7UElOQ0guSE9WRVJJVEVNfSIsImxpbmtVcmwiOiJodHRwczovL3d3dy5ncmV5bm9pc2UuaW8vdml6L2lwLyR7UElOQ0guSE9WRVJJVEVNfSJ9LCIxX2lwIjp7InRpdGxlIjoiaXAiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5pcH0iLCJvcmRlciI6MX0sIjJfbm9pc2UiOnsidGl0bGUiOiJub2lzZSIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLm5vaXNlfSIsIm9yZGVyIjoyfSwiM19yaW90Ijp7InRpdGxlIjoicmlvdCIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLnJpb3R9Iiwib3JkZXIiOjN9LCI0X2NsYXNzaWZpY2F0aW9uIjp7InRpdGxlIjoiY2xhc3NpZmljYXRpb24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5jbGFzc2lmaWNhdGlvbn0iLCJvcmRlciI6NH0sIjVfbmFtZSI6eyJ0aXRsZSI6Im5hbWUiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5uYW1lfSIsIm9yZGVyIjo1fSwiNl9sYXN0X3NlZW4iOnsidGl0bGUiOiJsYXN0X3NlZW4iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5sYXN0X3NlZW59Iiwib3JkZXIiOjZ9LCI3X2xpbmsiOnsidGl0bGUiOiJsaW5rIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubGlua30iLCJvcmRlciI6N30sIjhfbWVzc2FnZSI6eyJ0aXRsZSI6Im1lc3NhZ2UiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXNzYWdlfSIsIm9yZGVyIjo4fX0sImRpc2FibGVkIjpmYWxzZSwiaW9jcyI6ZmFsc2UsImF1dGhvcml6YXRpb25UeXBlIjoiREVGQVVMVCIsInJlcXVlc3RHcm91cCI6IklOVEVSTkVUIiwic2FtcGxlIjoiNTkuOTkuNDIuNzgiLCJvcmRlciI6NjJ9]
[image.png]
Raw code:
{
"lookupName": "GreyNoise_IPv4",
"lookupVariable": "GREYNOISE_IPV4",
"lookupType": "IPV4",
"lookupUrl":[https://api.greynoise.io/v3/community/${PINCH.HOVERITEM}](https://api.greynoise.io/v3/community/$%7bPINCH.HOVERITEM%7d),
"httpHeaders": {
"key": "<to be replaced with actual Key value>"
},
"httpType": "GET",
"dataType": "JSON",
"dataSchema": {
"0_GreyNoise_IPv4": {
"title": "GreyNoise_IPv4",
"mapping": "${PINCH.LINKURL}",
"order": 0,
"linkTitle": "${PINCH.HOVERITEM}",
"linkUrl":[https://www.greynoise.io/viz/ip/${PINCH.HOVERITEM}](https://www.greynoise.io/viz/ip/$%7bPINCH.HOVERITEM%7d)
},
"1_ip": {
"title": "ip",
"mapping": "${PINCH.RESPONSE.ip}",
"order": 1
},
"2_noise": {
"title": "noise",
"mapping": "${PINCH.RESPONSE.noise}",
"order": 2
},
"3_riot": {
"title": "riot",
"mapping": "${PINCH.RESPONSE.riot}",
"order": 3
},
"4_classification": {
"title": "classification",
"mapping": "${PINCH.RESPONSE.classification}",
"order": 4
},
"5_name": {
"title": "name",
"mapping": "${PINCH.RESPONSE.name}",
"order": 5
},
"6_last_seen": {
"title": "last_seen",
"mapping": "${PINCH.RESPONSE.last_seen}",
"order": 6
},
"7_link": {
"title": "link",
"mapping": "${PINCH.RESPONSE.link}",
"order": 7
},
"8_message": {
"title": "message",
"mapping": "${PINCH.RESPONSE.message}",
"order": 8
}
},
"disabled": false,
"iocs": false,
"authorizationType": "DEFAULT",
"requestGroup": "INTERNET",
"sample": "59.99.42.78",
"order": 999999
}
Regards,
Cicak Dinding
E: ***@***.***
Sent with [ProtonMail](https://protonmail.com/) Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Friday, August 27th, 2021 at 9:57 PM, Brad Chiappetta ***@***.***> wrote:
We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io
We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.
Here are links to the API documentation:
Paid API - https://docs.greynoise.io/reference/noisecontextip-1
Free API - https://docs.greynoise.io/reference/get_v3-community-ip
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, [view it on GitHub](#88), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH47RG5ONIFA6YACSWNZXILT66KU7ANCNFSM5C5TLLPQ).
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
|
|
@cicakdinding01 : thanks for helping us put this together! In regards to our paid APIs, you can get a free 14-day trial just by creating an account (https://www.greynoise.io/viz/signup). Also, we would only want to include the look with our IP Context Lookup endpoint (https://docs.greynoise.io/reference/noisecontextip-1) as the rest of our endpoints wouldn't really make sense here. Thanks! |
|
chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0IiwibG9va3VwVmFyaWFibGUiOiJHUkVZTk9JU0VfSVBDT05URVhUX0lQVjQiLCJsb29rdXBUeXBlIjoiSVBWNCIsImxvb2t1cFVybCI6Imh0dHBzOi8vYXBpLmdyZXlub2lzZS5pby92Mi9ub2lzZS9jb250ZXh0LyR7UElOQ0guSE9WRVJJVEVNfSIsImh0dHBIZWFkZXJzIjp7ImtleSI6ImJnNXVPMkV2d0FpbTYyREhZOTJ0d0U5WGhFS01CWWl4R2VyN0lkVnNSSEcydjZWcHlBaXpyZFhnVHlJTlZDM1UifSwiaHR0cFR5cGUiOiJHRVQiLCJkYXRhVHlwZSI6IkpTT04iLCJkYXRhU2NoZW1hIjp7IjBfR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0Ijp7InRpdGxlIjoiR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0IiwibWFwcGluZyI6IiR7UElOQ0guTElOS1VSTH0iLCJvcmRlciI6MCwibGlua1RpdGxlIjoiJHtQSU5DSC5IT1ZFUklURU19IiwibGlua1VybCI6Imh0dHBzOi8vYXBpLmdyZXlub2lzZS5pby92Mi9ub2lzZS9jb250ZXh0LyR7UElOQ0guSE9WRVJJVEVNfSJ9LCIxX2ZpcnN0X3NlZW4iOnsidGl0bGUiOiJmaXJzdF9zZWVuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuZmlyc3Rfc2Vlbn0iLCJvcmRlciI6MX0sIjJfbGFzdF9zZWVuIjp7InRpdGxlIjoibGFzdF9zZWVuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubGFzdF9zZWVufSIsIm9yZGVyIjoyfSwiM19zZWVuIjp7InRpdGxlIjoic2VlbiIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLnNlZW59Iiwib3JkZXIiOjN9LCI0X1Z1bG5lcmFiaWxpdHkiOnsidGl0bGUiOiJWdWxuZXJhYmlsaXR5IiwibWFwcGluZyI6IiR7UElOQ0guTE9PUH0iLCJvcmRlciI6NCwianNvbnBhdGgiOiIkLnRhZ3NbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI1X2FjdG9yIjp7InRpdGxlIjoiYWN0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5hY3Rvcn0iLCJvcmRlciI6NX0sIjZfc3Bvb2ZhYmxlIjp7InRpdGxlIjoic3Bvb2ZhYmxlIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0Uuc3Bvb2ZhYmxlfSIsIm9yZGVyIjo2fSwiN19jbGFzc2lmaWNhdGlvbiI6eyJ0aXRsZSI6ImNsYXNzaWZpY2F0aW9uIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuY2xhc3NpZmljYXRpb259Iiwib3JkZXIiOjd9LCI4X1RhZ3MiOnsidGl0bGUiOiJUYWdzIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUH0iLCJvcmRlciI6OCwianNvbnBhdGgiOiIkLmN2ZVs6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjlfYm90Ijp7InRpdGxlIjoiYm90IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuYm90fSIsIm9yZGVyIjo5fSwiMTBfdnBuIjp7InRpdGxlIjoidnBuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UudnBufSIsIm9yZGVyIjoxMH0sIjExX3Zwbl9zZXJ2aWNlIjp7InRpdGxlIjoidnBuX3NlcnZpY2UiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS52cG5fc2VydmljZX0iLCJvcmRlciI6MTF9LCIxMl9hc24iOnsidGl0bGUiOiJhc24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5hc259Iiwib3JkZXIiOjEyfSwiMTNfY2l0eSI6eyJ0aXRsZSI6ImNpdHkiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jaXR5fSIsIm9yZGVyIjoxM30sIjE0X2NvdW50cnkiOnsidGl0bGUiOiJjb3VudHJ5IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubWV0YWRhdGEuY291bnRyeX0iLCJvcmRlciI6MTR9LCIxNV9jb3VudHJ5X2NvZGUiOnsidGl0bGUiOiJjb3VudHJ5X2NvZGUiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jb3VudHJ5X2NvZGV9Iiwib3JkZXIiOjE1fSwiMTZfb3JnYW5pemF0aW9uIjp7InRpdGxlIjoib3JnYW5pemF0aW9uIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubWV0YWRhdGEub3JnYW5pemF0aW9ufSIsIm9yZGVyIjoxNn0sIjE3X2NhdGVnb3J5Ijp7InRpdGxlIjoiY2F0ZWdvcnkiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jYXRlZ29yeX0iLCJvcmRlciI6MTd9LCIxOF90b3IiOnsidGl0bGUiOiJ0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS50b3J9Iiwib3JkZXIiOjE4fSwiMTlfcmRucyI6eyJ0aXRsZSI6InJkbnMiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5yZG5zfSIsIm9yZGVyIjoxOX0sIjIwX29zIjp7InRpdGxlIjoib3MiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5vc30iLCJvcmRlciI6MjB9LCIyMV9yZWdpb24iOnsidGl0bGUiOiJyZWdpb24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5yZWdpb259Iiwib3JkZXIiOjIxfSwiMjJfcG9ydCI6eyJ0aXRsZSI6InBvcnQiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnBvcnR9Iiwib3JkZXIiOjIyLCJqc29ucGF0aCI6IiQucmF3X2RhdGEuc2Nhbls6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn19LCJkaXNhYmxlZCI6ZmFsc2UsImlvY3MiOmZhbHNlLCJhdXRob3JpemF0aW9uVHlwZSI6IkRFRkFVTFQiLCJyZXF1ZXN0R3JvdXAiOiJJTlRFUk5FVCIsInNhbXBsZSI6IjIwMi41MS4xMDkuNjYiLCJvcmRlciI6NjB9
[image.png]
{
"lookupName": "GreyNoise_IPContext_IPV4",
"lookupVariable": "GREYNOISE_IPCONTEXT_IPV4",
"lookupType": "IPV4",
"lookupUrl": "https://api.greynoise.io/v2/noise/context/${PINCH.HOVERITEM}",
"httpHeaders": {
"key": "<to put in key here>"
},
"httpType": "GET",
"dataType": "JSON",
"dataSchema": {
"0_GreyNoise_IPContext_IPV4": {
"title": "GreyNoise_IPContext_IPV4",
"mapping": "${PINCH.LINKURL}",
"order": 0,
"linkTitle": "${PINCH.HOVERITEM}",
"linkUrl": "https://api.greynoise.io/v2/noise/context/${PINCH.HOVERITEM}"
},
"1_first_seen": {
"title": "first_seen",
"mapping": "${PINCH.RESPONSE.first_seen}",
"order": 1
},
"2_last_seen": {
"title": "last_seen",
"mapping": "${PINCH.RESPONSE.last_seen}",
"order": 2
},
"3_seen": {
"title": "seen",
"mapping": "${PINCH.RESPONSE.seen}",
"order": 3
},
"4_Vulnerability": {
"title": "Vulnerability",
"mapping": "${PINCH.LOOP}",
"order": 4,
"jsonpath": "$.tags[:10]",
"jsonpathloop": true,
"condition": "true"
},
"5_actor": {
"title": "actor",
"mapping": "${PINCH.RESPONSE.actor}",
"order": 5
},
"6_spoofable": {
"title": "spoofable",
"mapping": "${PINCH.RESPONSE.spoofable}",
"order": 6
},
"7_classification": {
"title": "classification",
"mapping": "${PINCH.RESPONSE.classification}",
"order": 7
},
"8_Tags": {
"title": "Tags",
"mapping": "${PINCH.LOOP}",
"order": 8,
"jsonpath": "$.cve[:10]",
"jsonpathloop": true,
"condition": "true"
},
"9_bot": {
"title": "bot",
"mapping": "${PINCH.RESPONSE.bot}",
"order": 9
},
"10_vpn": {
"title": "vpn",
"mapping": "${PINCH.RESPONSE.vpn}",
"order": 10
},
"11_vpn_service": {
"title": "vpn_service",
"mapping": "${PINCH.RESPONSE.vpn_service}",
"order": 11
},
"12_asn": {
"title": "asn",
"mapping": "${PINCH.RESPONSE.metadata.asn}",
"order": 12
},
"13_city": {
"title": "city",
"mapping": "${PINCH.RESPONSE.metadata.city}",
"order": 13
},
"14_country": {
"title": "country",
"mapping": "${PINCH.RESPONSE.metadata.country}",
"order": 14
},
"15_country_code": {
"title": "country_code",
"mapping": "${PINCH.RESPONSE.metadata.country_code}",
"order": 15
},
"16_organization": {
"title": "organization",
"mapping": "${PINCH.RESPONSE.metadata.organization}",
"order": 16
},
"17_category": {
"title": "category",
"mapping": "${PINCH.RESPONSE.metadata.category}",
"order": 17
},
"18_tor": {
"title": "tor",
"mapping": "${PINCH.RESPONSE.metadata.tor}",
"order": 18
},
"19_rdns": {
"title": "rdns",
"mapping": "${PINCH.RESPONSE.metadata.rdns}",
"order": 19
},
"20_os": {
"title": "os",
"mapping": "${PINCH.RESPONSE.metadata.os}",
"order": 20
},
"21_region": {
"title": "region",
"mapping": "${PINCH.RESPONSE.metadata.region}",
"order": 21
},
"22_port": {
"title": "port",
"mapping": "${PINCH.LOOP.port}",
"order": 22,
"jsonpath": "$.raw_data.scan[:10]",
"jsonpathloop": true,
"condition": "true"
}
},
"disabled": false,
"iocs": false,
"authorizationType": "DEFAULT",
"requestGroup": "INTERNET",
"sample": "202.51.109.66",
"order": 60
}
Regards,
Cicak Dinding
E: ***@***.***
Sent with [ProtonMail](https://protonmail.com/) Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Tuesday, August 31st, 2021 at 8:51 PM, Brad Chiappetta ***@***.***> wrote:
***@***.***(https://github.com/cicakdinding01) : thanks for helping us put this together! In regards to our paid APIs, you can get a free 14-day trial just by creating an account (https://www.greynoise.io/viz/signup). Also, we would only want to include the look with our IP Context Lookup endpoint (https://docs.greynoise.io/reference/noisecontextip-1) as the rest of our endpoints wouldn't really make sense here. Thanks!
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#88 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AH47RGY3HEPVUF232OTUMFTT7TF4LANCNFSM5C5TLLPQ).
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
|
|
Hi there - if you need developer access to GreyNoise, you can reach out to me [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io
We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.
Here are links to the API documentation:
Paid API - https://docs.greynoise.io/reference/noisecontextip-1
Free API - https://docs.greynoise.io/reference/get_v3-community-ip
The text was updated successfully, but these errors were encountered: