Actions6
- Community Actions
- Enterprise Actions
Overview
This node integrates with the GreyNoise API to provide enriched context and intelligence about IP addresses. Specifically, the "Enterprise" resource's "IP Context" operation allows users to query multiple IP addresses at once to retrieve detailed metadata such as network ownership, ASN, reverse DNS pointers, country information, associated actors, activity tags, and raw port scan and web request data.
This node is beneficial in scenarios where security analysts or threat intelligence teams want to quickly gather comprehensive background information on a list of suspicious or interesting IPs. For example, it can be used to enrich alerts from intrusion detection systems by providing additional context about the IPs involved, helping to prioritize investigation efforts.
Properties
| Name | Meaning |
|---|---|
| IPs | Comma separated list of IP addresses to query for context information. The node sends these IPs in bulk to retrieve their metadata and activity details. |
Output
The output JSON contains detailed contextual information for each queried IP address. This includes:
- Time ranges when the IP was observed
- Metadata such as network owner, ASN (Autonomous System Number), reverse DNS pointer, and country
- Associated actors and activity tags linked to the IP
- Raw port scan results and web request information related to the IP
This rich dataset enables users to understand the behavior and reputation of multiple IPs simultaneously.
The node does not output binary data.
Dependencies
- Requires an API key credential for authenticating requests to the GreyNoise Enterprise API.
- The base URL for API requests is
https://api.greynoise.io. - The node expects the user to configure this API key credential within n8n prior to use.
Troubleshooting
Common issues:
- Invalid or missing API key credential will cause authentication failures.
- Providing improperly formatted IP lists (e.g., missing commas or invalid IP formats) may result in errors or incomplete responses.
- Network connectivity issues to the GreyNoise API endpoint can cause request timeouts or failures.
Error messages:
- HTTP 401 Unauthorized: Indicates missing or invalid API key. Verify that the API key credential is correctly configured.
- HTTP 400 Bad Request: Usually caused by malformed input, such as incorrectly formatted IP strings. Ensure IPs are comma-separated and valid.
- HTTP 429 Too Many Requests: Rate limiting by the GreyNoise API. Consider reducing request frequency or batching fewer IPs per request.
Links and References
- GreyNoise Official Website
- GreyNoise API Documentation
- GreyNoise Query Language (GNQL) (for other operations)