- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Check whether a set of IP addresses are “Internet background noise”, or have been observed scanning or attacking devices across the Internet.
항목
유형
설명
ips [required]
[string]
항목
유형
설명
ipChecks [required]
[object]
The result of the IP checks
isSuccess [required]
boolean
ipContext [required]
object
ip
string
The IP address queried
seen
boolean
Whether or not the IP address has been observed by the GreyNoise sensor network.
classification
enum
The classification of the IP address, either "benign", "malicious", or "unknown", based on the activity observed by GreyNoise.
Allowed enum values: benign,malicious,unknown
first_seen
string
The earliest date GreyNoise observed any activity from this IP.
last_seen
string
The most recent date GreyNoise observed any activity from this IP.
actor
string
The overt actor this IP is associated with.
tags
[string]
A list of activity/malware tags GreyNoise has applied to this IP.
spoofable
boolean
This IP address has been opportunistically scanning the Internet, however has failed to complete a full TCP connection. Any reported activity could be spoofed.
cve
[string]
A list of CVEs associate with this IP.
vpn
boolean
This IP is associated with a VPN service. Activity, malicious or otherwise, should not be attributed to the VPN service provider.
vpn_service
string
Name of associated VPN Service.
metadata
object
country
string
The country where the device is geographically located.
country_code
string
The two-letter (ISO 3166-1 alpha-2) country code where the device is geographically located.
city
string
The city where the device is geographically located.
region
string
The region where the device is geographically located.
organization
string
The name of organization that owns the IP address.
rdns
string
The reverse DNS pointer.
asn
string
The autonomous system identification number.
tor
boolean
Whether or not the device is a known Tor exit node.
category
enum
The subset of network types the IP address belongs to.
Allowed enum values: isp,business,hosting,mobile,education
os
string
An approximate guess of the operating system of the device, based on the TCP stack fingerprint.
raw_data
object
Raw data observed directly by GreyNoise.
scan
[object]
port
number
Port number
protocol
string
Protocol
web
object
paths
[string]
useragents
[string]
ja3
[object]
fingerprint
string
JA3 hash fingerprint string
port
number
TCP port connection that the SSL/TLS communication occurred over
hassh
[object]
fingerprint
string
HASSH hash fingerprint string
port
number
TCP port connection where the HASSH hash was identified