Grey Noise

The GreyNoise Labs team is proud to have hosted the GreyNoise NoiseFest 2023 CTF - who knows if we will do it again, but we had fun, so here’s a walkthrough on how and why we did it.

In this post we break down some of the broader themes from Black Hat and DEF CON 2023 and pull out some recurring themes across each that would cause some consternation for CISOs, CIOs, CEOs, and board members.

The Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) markets continue to face significant challenges in handling a large number of security alerts and vulnerabilities across multiple client environments. In this blog post you'll discover how GreyNoise helps these organizations reduce costs, improve scalability, and beat the adversary.

As we roll through the summer, GreyNoise is back from its July two-week shutdown with a bunch of fresh new improvements, including 63 new tags and a bunch of exciting new data insights for our customers to explore in our Labs API. We’ve also updated our integrations to add support for our IP Similarity and Timeline for our Palo Alto customers. Check out all our product updates for June and July.

Citrix has disclosed CVE-2023-3519, a remote code execution vulnerability, but further scrutiny reveals multiple vulnerabilities.

During our latest webinar we discussed some common use cases using GreyNoise with other SOAR platforms. The main goal of using GreyNoise with other SOAR platforms is to more quickly identify either opportunistic attacks, get better insight into how infrastructure is being used, as well as enriching alerts using RIOT data to IP's associated with common business services.

Artificial Intelligence and Machine Learning can provide extreme value to your product and workflows, but they are not trivial to introduce. With some care and simple guidelines, you can implement these in a way that helps your users without creating additional burden or ambiguity. 

GreyNoise researchers have identified active exploitation for a remote code execution (RCE) vulnerability in Citrix ShareFile (CVE-2023-24489)

GreyNoise researchers have released tags for critical vulnerabilities in Adobe ColdFusion and Citrix software.

In today's world, where networks generate an overwhelming amount of data, security analysts often find themselves struggling to separate the real threats from the noise. Their days are spent in a constant reactive mode, leaving little room for proactive measures due to limited time and resources. In this blog post, we'll delve into how GreyNoise empowers security analysts and transforms their daily work by cutting through the noise and providing invaluable insights

GreyNoise researchers have created a detection for and identified mass-scan attempts for the recent VMWare Aria Operations for Networks (CVE-2023-20887) Vulnerability

In this blog we teach you about text embedding, why it’s useful, and a couple ways to do it yourself to make your pet project just a little bit better or get a new idea off the ground. And a little bit about how we use it at GreyNoise...

In this blog you'll discover powerful and practical ways to leverage GreyNoise data inside your Splunk environment right now.

GreyNoise today announced that it achieved SOC 2 Type 2 compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for Systems and Organizational Controls (SOC). Achieving SOC 2 compliance with unqualified opinion serves as third-party industry validation that companies provide best-in-class enterprise-level security for their customers’ data.

May brought more product enhancements to user workflows, data coverage… and of course, more interesting tags! Twenty four to be exact, as we continue to improve our product to help our customers monitor emerging threats and identify benign actors. We improved our sensor coverage to include coverage in the country of Ghana, plus we made some helpful improvements to our bulk analysis, RIOT dataset, and APIs. 

Introducing the Labs API Playground, a powerful tool designed to provide users quick access to data and an Early-Access/Beta API experience. Whether you’re a seasoned GreyNoise user (welcome back!) or just starting your journey (welcome aboard!), this playground will enable you to explore and interact with our data in new ways.

On May 31st, 2023 Progress issued a security notice to users of MOVEit Transfer regarding a vulnerability that allows for escalated privileges and potential unauthorized access to the environment. There is no CVE for tracking this vulnerability at this time.

Threat hunters spend a significant portion of their time searching through security logs looking for specific Indicators of Compromise (IoCs) or patterns of activity/behavior that indicate compromise.

GreyNoise is built on a strong foundation of mutual respect from our community. With that in mind we wanted to recognize community members that go above and beyond, so we created the GreyNoise Ambassador Program.

See how users search our data with the GreyNoise Query Language (GNQL) and learn tip and tricks to improve your searching skills.