GreyNoise Enterprise Solution for Microsoft Sentinel
Solution: GreyNoiseThreatIntelligence
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | GreyNoise |
| Support Tier | Partner |
| Support Link | https://www.greynoise.io/contact/general |
| Categories | domains |
| Version | 3.1.0 |
| Author | JP Bourget jp@bluecycle.net |
| First Published | 2023-09-05 |
| Last Updated | 2026-03-24 |
| Solution Folder | GreyNoiseThreatIntelligence |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The GreyNoise Threat Intelligence solution for Microsoft Sentinel provides context to IP addresses seen in your environment by querying the GreyNoise API. GreyNoise collects, analyzes, and labels data on IPs that scan the internet and saturate security tools with noise. We provides near real time, actionable threat intelligence from our proprietary network of over 3,100 sensors running worldwide. This unique perspective helps analysts spend less time on irrelevant or harmless activity, and more time on targeted and emerging threats. Learn More about GreyNoise Threat Intelligence | GreyNoise Docs
Contents
Data Connectors
This solution provides 1 data connector(s):
Tables Used
This solution uses 4 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
- | Analytics |
DnsEvents |
- | Analytics |
OfficeActivity |
- | Analytics |
ThreatIntelligenceIndicator |
GreyNoise Threat Intelligence | Analytics, Workbooks |
Internal Tables
The following 2 table(s) are used internally by this solution's content items:
| Table | Used By Connectors | Used By Content |
|---|---|---|
SecurityAlert |
- | Workbooks |
SecurityIncident |
- | Workbooks |
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 5 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| GreyNoise TI Map IP Entity to CommonSecurityLog | Medium | CommandAndControl | CommonSecurityLogThreatIntelligenceIndicator |
| GreyNoise TI Map IP Entity to DnsEvents | Medium | CommandAndControl | DnsEventsThreatIntelligenceIndicator |
| GreyNoise TI Map IP Entity to SigninLogs | Medium | CommandAndControl | ThreatIntelligenceIndicator |
| GreyNoise TI map IP entity to Network Session Events (ASIM Network Session schema) | Medium | CommandAndControl | ThreatIntelligenceIndicator |
| GreyNoise TI map IP entity to OfficeActivity | Medium | CommandAndControl | OfficeActivityThreatIntelligenceIndicator |
Workbooks
| Name | Tables Used |
|---|---|
| GreyNoiseOverview | ThreatIntelligenceIndicatorInternal use: SecurityAlertSecurityIncident |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.0 | 12-03-2026 | Updated to use GreyNoise Python SDK v3.0.3, updated Data Connector instructions, Fixed python module mismatches, bumped Az Functions Runtime |
| 3.0.3 | 17-07-2025 | Updated to use GreyNoise Python SDK v3.0.1, use new Threat Intel API, updated requirements.txt, updated Data Connector instructions |
| 3.0.2 | 30-05-2024 | Added missing AMA Data Connector reference in Analytic rules |
| 3.0.1 | 29-11-2023 | Updated the Data Connector Instructions, Fixed a Data Connector bug with Benign Indicator Ingest |
| 3.0.0 | 21-09-2023 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊