Actions6
- Community Actions
- Enterprise Actions
Overview
The GreyNoise node enables interaction with the GreyNoise API, specifically providing access to enterprise-level query and statistical operations using GNQL (GreyNoise Query Language). The "GNQL Stats" operation allows users to retrieve aggregate statistics about the top organizations, actors, tags, ASNs, countries, classifications, and operating systems from the results of a given GNQL query.
This node is beneficial for security analysts and threat intelligence teams who want to analyze large datasets of internet background noise and attacker activity. For example, it can be used to identify the most common sources or types of scanning activity targeting an organization’s network by querying and aggregating relevant data.
Practical examples:
- Retrieve the top 50 organizations responsible for scanning IP ranges matching a specific GNQL query.
- Get statistics on the most frequent attack classifications or countries involved in suspicious activity detected by GreyNoise.
Properties
| Name | Meaning |
|---|---|
| Query | The GNQL query string to filter and search the GreyNoise dataset. |
| Count | Number of top aggregates to retrieve (e.g., top organizations, tags, ASNs). Default is 50. |
Output
The output JSON contains aggregated statistical data corresponding to the GNQL query provided. This includes top entities such as organizations, actors, tags, ASNs, countries, classifications, and operating systems derived from the query results.
The exact structure depends on the API response but generally includes arrays or objects listing these top categories along with their counts or other metrics.
No binary data output is indicated for this operation.
Dependencies
- Requires access to the GreyNoise Enterprise API endpoint.
- An API authentication token or key credential must be configured in n8n to authorize requests to the GreyNoise API.
- Network connectivity to
https://api.greynoise.iois necessary.
Troubleshooting
- Invalid Query Errors: If the GNQL query syntax is incorrect, the API may return errors. Verify the query string follows GNQL syntax rules.
- Authentication Failures: Ensure that the API key credential is correctly set up and has sufficient permissions.
- Rate Limits: The GreyNoise API may enforce rate limits; if exceeded, requests might fail temporarily.
- Empty Results: If no data matches the query, the output may be empty or contain empty aggregates. Adjust the query or increase the count parameter.
- Count Parameter Limits: The count value must be between 1 and 10,000. Values outside this range will cause errors.