Skip to content

Commit

Permalink
Merge branch 'master' into v-sabiraj-insiderriskmanagement1
Browse files Browse the repository at this point in the history
  • Loading branch information
v-sabiraj committed Oct 11, 2023
2 parents e41c9a5 + 712d290 commit 1bf2bbb
Show file tree
Hide file tree
Showing 110 changed files with 14,573 additions and 4,062 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@
"GCPDNSDataConnector",
"GWorkspaceRAPI",
"GoogleWorkspaceReportsAPI",
"GreyNoise2SentinelAPI",
"IdentityInfo",
"ImpervaWAFCloudAPI",
"ImpervaWAFGateway",
Expand Down
42 changes: 42 additions & 0 deletions Logos/greynoise_logomark_black.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
72 changes: 72 additions & 0 deletions Sample Data/Custom/GreyNoiseEvent.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
[
{
"ip": "1.1.2.2",
"metadata": {
"asn": "AS25000",
"city": "Ta’if",
"country": "Saudi Arabia",
"country_code": "SA",
"organization": "Saudi Telecom Company JSC",
"category": "isp",
"tor": false,
"rdns": "" ,
"os": "Windows 7/8",
"sensor_count": 78,
"sensor_hits": 433,
"region": "Mecca Region",
"destination_countries": [
"Belarus",
"United States",
"Saudi Arabia",
"Bulgaria",
"United Kingdom",
"Israel",
"Australia",
"Indonesia",
"South Korea"
],
"source_country": "Saudi Arabia",
"source_country_code": "SA",
"destination_country_codes": [
"BY",
"US",
"SA",
"BG",
"GB",
"IL",
"AU",
"ID",
"KR"
]
},
"bot": false,
"vpn": false,
"vpn_service": "N/A",
"spoofable": false,
"raw_data": {
"scan": [
{
"port": 445,
"protocol": "TCP"
},
{
"port": 1433,
"protocol": "TCP"
}
],
"web": {},
"ja3": [],
"hassh": []
},
"first_seen": "2023-08-23",
"last_seen": "2023-08-25",
"seen": true,
"tags": [
"MSSQL Bruteforcer",
"SMBv1 Crawler"
],
"actor": "unknown",
"classification": "malicious",
"cve": []
}
]

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
TenantId,"TimeGenerated [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]",SourceSystem,Action,ActivityGroupNames,AdditionalInformation,ApplicationId,AzureTenantId,ConfidenceScore,Description,DiamondModel,ExternalIndicatorId,"ExpirationDateTime [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]",IndicatorId,ThreatType,Active,KillChainActions,KillChainC2,KillChainDelivery,KillChainExploitation,KillChainReconnaissance,KillChainWeaponization,KnownFalsePositives,MalwareNames,PassiveOnly,ThreatSeverity,Tags,TrafficLightProtocolLevel,EmailEncoding,EmailLanguage,EmailRecipient,EmailSenderAddress,EmailSenderName,EmailSourceDomain,EmailSourceIpAddress,EmailSubject,EmailXMailer,"FileCompileDateTime [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]","FileCreatedDateTime [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]",FileHashType,FileHashValue,FileMutexName,FileName,FilePacker,FilePath,FileSize,FileType,DomainName,NetworkIP,NetworkPort,NetworkDestinationAsn,NetworkDestinationCidrBlock,NetworkDestinationIP,NetworkCidrBlock,NetworkDestinationPort,NetworkProtocol,NetworkSourceAsn,NetworkSourceCidrBlock,NetworkSourceIP,NetworkSourcePort,Url,UserAgent,IndicatorProvider,Type,TenantId1,SourceSystem1,MG,ManagementGroupName,"TimeGenerated1 [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]",Computer,RawData,"Action_s","Content_Type_s","Device_s","Domain_s","Response_s","Src_IPv4_s","URL_s",Type1,"_ResourceId",parts,tld,"DNS_TimeGenerated [Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna]"
"f233a343-df06-4d9a-8a18-5b3eb8942c7f","9/19/2023, 5:08:06.351 PM","Recorded Future",alert,,,,"ce7c0437-29b2-4139-8c26-0babf2d3738c",92,"Recorded Future - Domains - Command and Control Activity",,"indicator--027005e3-dfe2-41d2-bd06-e8ac80b9aab8","9/19/2023, 7:07:32.983 PM",8BD4D42FFD595F366EA42C53950192F049B8D0F8E2BADF9A90272D0814364FB0,"malicious-activity",true,,,,,,,,,,,"[""[{\""Rule\"":\""Historically Reported as a Defanged DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New unknownmalware Dom: snfrpmnq[.]org IP: 169[.]50[.]13[.]61 NS: https://t.co/JxUb8f0Cir https://t.co/RCTjQ7czQd. Most recent link (May 5, 2020): https://twitter.com/DGAFeedAlerts/statuses/1257784471450980354\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1588714161000,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Historically Reported in Threat List\"",\""EvidenceString\"":\""Previous sightings on 2 sources: Bambenek Consulting C&C Blocklist, Recently Viewed Integrations Indicators. Observed between Mar 5, 2023, and Mar 8, 2023.\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1695056485635,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Recent C&C DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Bambenek Consulting C&C Blocklist.\"",\""CriticalityLabel\"":\""Very Malicious\"",\""Timestamp\"":1695056485614,\""MitigationString\"":\""\"",\""Criticality\"":4}]""]",unknown,,,,,,,,,,,,,,,,,,,,"snfrpmnq.org",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"f233a343-df06-4d9a-8a18-5b3eb8942c7f",RestAPI,,,"9/19/2023, 5:08:45.466 PM",,,GET,"text/css","Squid_Proxy","snfrpmnq.org","TCP_MISS/200","10.1.4.174","http://snfrpmnq.org/xsqvmdw","Squid_Proxy_Domain_CL",,"[""snfrpmnq"",""org""]",org,"9/19/2023, 5:08:45.466 PM"
"f233a343-df06-4d9a-8a18-5b3eb8942c7f","9/19/2023, 5:08:06.351 PM","Recorded Future",alert,,,,"ce7c0437-29b2-4139-8c26-0babf2d3738c",92,"Recorded Future - Domains - Command and Control Activity",,"indicator--027005e3-dfe2-41d2-bd06-e8ac80b9aab8","9/19/2023, 7:07:32.983 PM",8BD4D42FFD595F366EA42C53950192F049B8D0F8E2BADF9A90272D0814364FB0,"malicious-activity",true,,,,,,,,,,,"[""[{\""Rule\"":\""Historically Reported as a Defanged DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: @DGAFeedAlerts. Most recent tweet: New unknownmalware Dom: snfrpmnq[.]org IP: 169[.]50[.]13[.]61 NS: https://t.co/JxUb8f0Cir https://t.co/RCTjQ7czQd. Most recent link (May 5, 2020): https://twitter.com/DGAFeedAlerts/statuses/1257784471450980354\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1588714161000,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Historically Reported in Threat List\"",\""EvidenceString\"":\""Previous sightings on 2 sources: Bambenek Consulting C&C Blocklist, Recently Viewed Integrations Indicators. Observed between Mar 5, 2023, and Mar 8, 2023.\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1695056485635,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Recent C&C DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Bambenek Consulting C&C Blocklist.\"",\""CriticalityLabel\"":\""Very Malicious\"",\""Timestamp\"":1695056485614,\""MitigationString\"":\""\"",\""Criticality\"":4}]""]",unknown,,,,,,,,,,,,,,,,,,,,"snfrpmnq.org",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"f233a343-df06-4d9a-8a18-5b3eb8942c7f",RestAPI,,,"9/19/2023, 11:20:55.461 AM",,,GET,"text/css","Squid_Proxy","snfrpmnq.org","TCP_MISS/200","10.1.4.174","http://snfrpmnq.org/xsqvmdw","Squid_Proxy_Domain_CL",,"[""snfrpmnq"",""org""]",org,"9/19/2023, 11:20:55.461 AM"
"f233a343-df06-4d9a-8a18-5b3eb8942c7f","9/19/2023, 5:08:06.117 PM","Recorded Future",alert,,,,"ce7c0437-29b2-4139-8c26-0babf2d3738c",92,"Recorded Future - Domains - Command and Control Activity",,"indicator--0fc20b4c-3c37-4321-b991-2eaafc2d744e","9/19/2023, 7:07:36.511 PM",95956A998E54BBE5EFCA1E68B6AE8DE2FF31FA3B286070A6931C18CD8FB19965,"malicious-activity",true,,,,,,,,,,,"[""[{\""Rule\"":\""Historically Reported Botnet Domain\"",\""EvidenceString\"":\""9 sightings on 1 source: External Sensor Data Analysis. nihsxhvkfjwotm.bid is observed to be a botnet domain from which network attacks are launched. Attacks may include SPAM messages, DOS, SQL injections, proxy jacking, and other unsolicited contacts.\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1691544788241,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Historically Reported in Threat List\"",\""EvidenceString\"":\""Previous sightings on 2 sources: Bambenek Consulting C&C Blocklist, Recently Viewed Integrations Indicators. Observed between Mar 5, 2023, and Mar 8, 2023.\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1695104194129,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Recent C&C DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Bambenek Consulting C&C Blocklist.\"",\""CriticalityLabel\"":\""Very Malicious\"",\""Timestamp\"":1695104194092,\""MitigationString\"":\""\"",\""Criticality\"":4}]""]",unknown,,,,,,,,,,,,,,,,,,,,"nihsxhvkfjwotm.bid",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"f233a343-df06-4d9a-8a18-5b3eb8942c7f",RestAPI,,,"9/15/2023, 4:05:12.176 PM",,,GET,"image/webp","Squid_Proxy","nihsxhvkfjwotm.bid","TCP_MISS/304","10.1.147.78","http://nihsxhvkfjwotm.bid/nkavfib","Squid_Proxy_Domain_CL",,"[""nihsxhvkfjwotm"",""bid""]",bid,"9/15/2023, 4:05:12.176 PM"
"f233a343-df06-4d9a-8a18-5b3eb8942c7f","9/19/2023, 5:08:06.343 PM","Recorded Future",alert,,,,"ce7c0437-29b2-4139-8c26-0babf2d3738c",91,"Recorded Future - Domains - Command and Control Activity",,"indicator--78c75a0a-c236-4f67-907f-facde94f5c6d","9/19/2023, 7:07:32.698 PM",7E44E1F99140ED284EF6D4379ED8B40505BCA4A18FDDFECC3818DDA1ABB06581,"malicious-activity",true,,,,,,,,,,,"[""[{\""Rule\"":\""Historically Reported as a Defanged DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Twitter. Most recent link (Jul 5, 2023): https://twitter.com/0xToxin/statuses/1676578018985123841\"",\""CriticalityLabel\"":\""Unusual\"",\""Timestamp\"":1688562323000,\""MitigationString\"":\""\"",\""Criticality\"":1},{\""Rule\"":\""Recent C&C DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Bambenek Consulting C&C Blocklist.\"",\""CriticalityLabel\"":\""Very Malicious\"",\""Timestamp\"":1695051741313,\""MitigationString\"":\""\"",\""Criticality\"":4}]""]",unknown,,,,,,,,,,,,,,,,,,,,"csyeywqwyikqaiim.xyz",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"f233a343-df06-4d9a-8a18-5b3eb8942c7f",RestAPI,,,"9/19/2023, 5:08:25.443 PM",,,GET,"text/css","Squid_Proxy","csyeywqwyikqaiim.xyz","TCP_MISS/304","10.1.203.27","http://csyeywqwyikqaiim.xyz/wixylmz","Squid_Proxy_Domain_CL",,"[""csyeywqwyikqaiim"",""xyz""]",xyz,"9/19/2023, 5:08:25.443 PM"
"f233a343-df06-4d9a-8a18-5b3eb8942c7f","9/19/2023, 5:08:06.074 PM","Recorded Future",alert,,,,"ce7c0437-29b2-4139-8c26-0babf2d3738c",90,"Recorded Future - Domains - Command and Control Activity",,"indicator--b29ed22d-bc66-4ea3-9527-cb1f7d5996de","9/19/2023, 7:07:35.900 PM",4B5338C3FB62BE62671A9C63A9FB11D83CE2B9E9DC70D082C46256A054D65280,"malicious-activity",true,,,,,,,,,,,"[""[{\""Rule\"":\""Recent C&C DNS Name\"",\""EvidenceString\"":\""1 sighting on 1 source: Bambenek Consulting C&C Blocklist.\"",\""CriticalityLabel\"":\""Very Malicious\"",\""Timestamp\"":1695057312382,\""MitigationString\"":\""\"",\""Criticality\"":4}]""]",unknown,,,,,,,,,,,,,,,,,,,,"ikomoouessgqekmc.xyz",,,,,,,,,,,,,,,,ThreatIntelligenceIndicator,"f233a343-df06-4d9a-8a18-5b3eb8942c7f",RestAPI,,,"9/16/2023, 4:05:13.099 PM",,,GET,"text/javascript","Squid_Proxy","ikomoouessgqekmc.xyz","TCP_MISS/200","10.1.70.199","http://ikomoouessgqekmc.xyz/qgdaxsi","Squid_Proxy_Domain_CL",,"[""ikomoouessgqekmc"",""xyz""]",xyz,"9/16/2023, 4:05:13.099 PM"
Loading

0 comments on commit 1bf2bbb

Please sign in to comment.