Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GreyNoise module #55494

Open
wants to merge 6 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@shortstack
Copy link

commented Apr 18, 2019

GreyNoise modules for interacting with the GreyNoise API

SUMMARY

There is 1 new module for interacting with the GreyNoise API, which has made consuming data coming back from GreyNoise API more simplified, allows for parsing/filtering.

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME
  • greynoise
ADDITIONAL INFORMATION

shortstack added some commits Apr 18, 2019

@ansibot

This comment has been minimized.

Copy link
Contributor

commented Apr 18, 2019

@Anthony25 @FragmentedPacket @KellerFuchs @MeganLiu @akostyuk @alcamie101 @amb1s1 @andreaso @brampling @bregman-arie @briceburg @clementtrebuchet @coreywan @drcapulet @ebirn @FragmentedPacket @jpmens @jtyr @krisvasudevan @mgruener @mpdehaan @nbuchwitz @nerzhul @ogenstad @ptux @ravibhure @sganesh-infoblox @sjaiswal

As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add shipit if you would like to see it merged.

click here for bot help

@jpmens

This comment has been minimized.

Copy link
Contributor

commented Apr 18, 2019

The API introduction page says

GreyNoise is a system that collects and analyzes data on Internet-wide scanners. GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.

As a matter of curiosity: what is your use-case for querying such an API from Ansible? What would people generally do with this?

@shortstack

This comment has been minimized.

Copy link
Author

commented Apr 18, 2019

specifically, we will be able to use this in parts of our CI processes that hook into elastalert and the hive. as for general use, i've found it to be helpful when querying the API this way and being able to filter/parse as needed, vs just curling or having to use a web UI.

i think we'll also be using it to generate our lookup tables in graylog.

@ansibot ansibot added the stale_ci label May 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.