SIEM Integration Overview: Chronicle

Install From GitHub

The GreyNoise integration for Chronicle is a pre-built scrpt that leverages the GreyNoise GNQL Query API to pull GreyNoise indicators and to submit the to the Chronicle SIEM ingestion API.

The code and installation instructions can be found: https://github.com/GreyNoise-Intelligence/greynoise-chronicle-siem

📘
Integration in BETA
Please note that this integraiton is still in BETA testing. We are open to suggestions and improvements for how to improve this integration. Please submit feedback to [email protected]

Configure an Instance of the GreyNoise Integration

Follow the information included on the GitHub page to create and manage the external script.

Internet Scanner Indicators in Chronicle

Each IPv4 internet scanner IP address will exist within Chronicle in Raw Log format with identified UDM fields.

Dashboard

The GitHub repo includes an indicator dashboard that can be imported into Chronicle to help identify the indicators created by the integration.

Install From GitHub

📘Integration in BETA

Configure an Instance of the GreyNoise Integration

Internet Scanner Indicators in Chronicle

Dashboard

📘
Integration in BETA