Reference¶
Code¶
GreyNoise API client and tools.
greynoise.api¶
GreyNoise API client.
- class greynoise.api.GreyNoise(api_key=None, api_server=None, timeout=None, proxy=None, use_cache=True, integration_name=None, cache_max_size=None, cache_ttl=None, offering=None)[source]¶
GreyNoise API client.
- Parameters
api_key (str) – Key use to access the API.
timeout (int) – API requests timeout in seconds.
proxy (str) – Add URL for proxy to redirect lookups
- _request(endpoint, params=None, json=None, method='get')[source]¶
Handle the requesting of information from the API.
- Parameters
endpoint (str) – Endpoint to send the request to
params – Request parameters
json (dict) – Request’s JSON payload
method (str) – Request method name
- Returns
Response’s JSON payload
- Return type
dict
- Raises
RequestFailure – when HTTP status code is not 2xx
- analyze(text)[source]¶
Aggregate stats related to IP addresses from a given text.
- Parameters
text (file-like | str) – Text input
- Returns
Aggregated stats for all the IP addresses found.
- Return type
dict
- filter(text, noise_only=False, riot_only=False)[source]¶
Filter lines that contain IP addresses from a given text.
- Parameters
text (file-like | str) – Text input
noise_only (bool) – If set, return only lines that contain IP addresses classified as noise, otherwise, return lines that contain IP addresses not classified as noise.
riot_only (bool) – If set, return only lines that contain IP addresses in RIOT, otherwise, return lines that contain IP addresses not in RIOT.
- Returns
Iterator that yields lines in chunks
- Return type
iterable
- interesting(ip_address)[source]¶
Report an IP as “interesting”.
- Parameters
ip_address (str) – IP address to report as “interesting”.
- ip(ip_address)[source]¶
Get context associated with an IP address.
- Parameters
ip_address (str) – IP address to use in the look-up.
- Returns
Context for the IP address.
- Return type
dict
- not_implemented(subcommand_name)[source]¶
Send request for a not implemented CLI subcommand.
- Parameters
subcommand_name (str) – Name of the CLI subcommand
- quick(ip_addresses, include_invalid=False)[source]¶
Get activity associated with one or more IP addresses.
- Parameters
ip_addresses (str | list) – One or more IP addresses to use in the look-up.
include_invalid (bool) – True or False
- Returns
Bulk status information for IP addresses.
- Return type
dict
greynoise.cli¶
GreyNoise command line Interface.
greynoise.cli.formatter¶
Output formatters.
- greynoise.cli.formatter.analyze_formatter(result, verbose)[source]¶
Conver analyze result into human-readable text.
- greynoise.cli.formatter.colored_output(function)[source]¶
Decorator that converts ansi markup into ansi escape sequences.
- Parameters
function (callable) – Function that will return text using ansi markup.
- Returns
Wrapped function that converts markup into escape sequences.
- Return type
callable
- greynoise.cli.formatter.gnql_query_formatter(results, verbose)[source]¶
Convert GNQL query result into human-readable text.
- greynoise.cli.formatter.gnql_stats_formatter(results, verbose)[source]¶
Convert GNQL stats result into human-readable text.
- greynoise.cli.formatter.interesting_formatter(results, verbose)[source]¶
Convert RIOT to human-readable text.
- greynoise.cli.formatter.ip_context_formatter(results, verbose)[source]¶
Convert IP context result into human-readable text.
- greynoise.cli.formatter.ip_quick_check_formatter(results, verbose)[source]¶
Convert IP quick check result into human-readable text.
greynoise.cli.parameter¶
Command line parameter types.
greynoise.cli.subcommand¶
CLI subcommands.
greynoise.util¶
Utility functions.
- greynoise.util.load_config()[source]¶
Load configuration.
- Returns
Current configuration based on configuration file and environment variables.
- Return type
dict
CLI¶
greynoise¶
GreyNoise CLI.
greynoise [OPTIONS] COMMAND [ARGS]...
analyze¶
Analyze the IP addresses in a log file, stdin, etc.
greynoise analyze [OPTIONS]
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
- -v, --verbose¶
Verbose output
filter¶
Filter the noise from a log file, stdin, etc.
greynoise filter [OPTIONS]
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- --noise-only¶
Select lines containing noisy addresses
- --riot-only¶
Select lines containing RIOT addresses
interesting¶
Report one or more IP addresses as “interesting”.
greynoise interesting [OPTIONS] [IP_ADDRESS]...
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -i, --input <input_file>¶
Input file
Arguments
- IP_ADDRESS¶
Optional argument(s)
ip¶
Query GreyNoise for all information on a given IP.
greynoise ip [OPTIONS] [IP_ADDRESS]...
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
- -v, --verbose¶
Verbose output
Arguments
- IP_ADDRESS¶
Optional argument(s)
query¶
Run a GNQL (GreyNoise Query Language) query.
greynoise query [OPTIONS] [QUERY]
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
- -v, --verbose¶
Verbose output
Arguments
- QUERY¶
Optional argument
quick¶
Quickly check whether or not one or many IPs are “noise”.
greynoise quick [OPTIONS] [IP_ADDRESS]...
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
Arguments
- IP_ADDRESS¶
Optional argument(s)
repl¶
Start an interactive shell. All subcommands are available in it.
- param old_ctx
The current Click context.
- param prompt_kwargs
Parameters passed to
prompt_toolkit.shortcuts.prompt()
.
If stdin is not a TTY, no prompt will be printed, but only commands read from stdin.
greynoise repl [OPTIONS]
riot¶
Query GreyNoise IP to see if it is in the RIOT dataset.
greynoise riot [OPTIONS] [IP_ADDRESS]...
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
- -v, --verbose¶
Verbose output
Arguments
- IP_ADDRESS¶
Optional argument(s)
setup¶
Configure API key.
greynoise setup [OPTIONS]
Options
- -k, --api-key <api_key>¶
Required Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -t, --timeout <timeout>¶
API client request timeout
- -s, --api-server <api_server>¶
API server
- -p, --proxy <proxy>¶
Proxy URL
signature¶
Submit an IDS signature to GreyNoise to be deployed to all GreyNoise nodes.
greynoise signature [OPTIONS]
stats¶
Get aggregate stats from a given GNQL query.
greynoise stats [OPTIONS] [QUERY]
Options
- -k, --api-key <api_key>¶
Key to include in API requests
- -O, --offering <offering>¶
Which API offering to use, enterprise or community, defaults to enterprise
- -i, --input <input_file>¶
Input file
- -o, --output <output_file>¶
Output file
- -f, --format <output_format>¶
Output format
- Options
json | txt | xml
- -v, --verbose¶
Verbose output
Arguments
- QUERY¶
Optional argument
version¶
Get version and OS information for your GreyNoise commandline installation.
greynoise version [OPTIONS]