|Has index-time operations||false|
|Create an index||false|
The GreyNoise Search Add-on for Splunk allows organizations to easily query the GreyNoise API to obtain intel on IPs seen within their logs. The app includes several custom commands and two adaptive response actions.
Version 1.1.2 is the third release. You must have a valid GreyNoise API key for this app to function.
Version 1.1.2 of the GreyNoise Search Addon for Splunk is compatible with:
|Splunk Enterprise versions||7.0, 7.1, 7.2, 7.3|
|Vendor Products||GreyNoise API|
|Lookup file changes||None|
This app requires a valid GreyNoise API key to function. Search heads without Enterprise Security also require the Splunk Common Information Model (CIM) Add-on to be installed.
|Hours||9AM-5PM EDT Monday-Friday|
|Observed Holidays||Major US Holidays|
GreyNoise Search Addon for Splunk officially supports the following server platforms in the versions supported by Splunk Enterprise:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Install to search head
Install to search head
This app contains compatibility with the Enterprise Security feature Adaptive Response.
Responders can perform a quick check or a context check (single IP only) on IPs seen in alerts.
The following commands are included as part of the add-on:
These commands correspond to specific endpoints in the GreyNoise API. Learn more about each endpoint in the
GreyNoise API documentation.
(https://github.com/requirejs/text) - MIT License
Copyright jQuery Foundation and other contributors, https://jquery.org/
This software consists of voluntary contributions made by many
individuals. For exact contribution history, see the revision history
available at https://github.com/requirejs/text
The following license applies to all parts of this software except as
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Improves error messaging when a multivalued field is passed to the gnmulti command.
#### v 1.1.0
- Refactors the gnmulti command to preserve event information when used
#### v 1.1.1
- Fixed a bug in the gnmulti command that caused an error when over 100 IPs were passed to the API endpoint
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.