You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →

greynoise

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

greynoise

Abstraction to interact with GreyNoise API.

2.3.0

PyPI

Maintainers: 3

================ Python GreyNoise

.. image:: https://circleci.com/gh/GreyNoise-Intelligence/pygreynoise.svg?style=shield :target: https://circleci.com/gh/GreyNoise-Intelligence/pygreynoise

.. image:: https://sonarcloud.io/api/project_badges/measure?project=GreyNoise-Intelligence_pygreynoise&metric=coverage :target: https://sonarcloud.io/dashboard?id=GreyNoise-Intelligence_pygreynoise

.. image:: https://readthedocs.org/projects/greynoise/badge/?version=latest :target: http://greynoise.readthedocs.io/en/latest/?badge=latest

.. image:: https://badge.fury.io/py/greynoise.svg :target: https://badge.fury.io/py/greynoise

.. image:: https://img.shields.io/badge/License-MIT-yellow.svg :target: https://opensource.org/licenses/MIT

.. image:: https://quay.io/repository/greynoiseintel/pygreynoise/status :target: https://quay.io/repository/greynoiseintel/pygreynoise

This is an abstract python library built on top of the GreyNoise_ service. It is preferred that users use this library when implementing integrations or plan to use GreyNoise within their code. The library includes a small client to interact with the API.

.. _GreyNoise: https://greynoise.io/

Documentation

Documentation is available here: Documentation_

.. _Documentation: https://developer.greynoise.io/docs/libraries-sample-code

Quick Start

Install the library:

pip install greynoise or python setup.py install

Save your configuration:

greynoise setup --api-key <your-API-key>

Versioning

This python package follows semantic versioning. According to this:

We will NEVER push a breaking change without a major version release.
We will only add new features and/or bug fixes with minor version releases.
We will only do bug fixes for patch version release.

As such, we recommend you pin the dependency on this SDK to only allow minor version changes at most:

# allow patch version increments
greynoise~=1.4.0

# allow minor version increments
greynoise~=1.4

Usage

Usage: greynoise [OPTIONS] COMMAND [ARGS]...

  GreyNoise CLI.

Options:
  -h, --help  Show this message and exit.

Commands:
  account         View information about your GreyNoise account.
  alerts          List, create, delete, and manage your GreyNoise alerts.
  analyze         Analyze the IP addresses in a log file, stdin, etc.
  feedback        Send feedback directly to the GreyNoise team.
  filter          Filter the noise from a log file, stdin, etc.
  help            Show this message and exit.
  interesting     Report one or more IP addresses as "interesting".
  ip              Query GreyNoise for all information on a given IP.
  ip-multi        Perform Context lookup for multiple IPs at once.
  query           Run a GNQL (GreyNoise Query Language) query.
  quick           Quickly check whether or not one or many IPs are "noise".
  repl            Start an interactive shell.
  riot            Query GreyNoise IP to see if it is in the RIOT dataset.
  setup           Configure API key.
  signature       Submit an IDS signature to GreyNoise to be deployed to...
  similar         Query GreyNoise IP to identify Similar IPs.
  stats           Get aggregate stats from a given GNQL query.
  timeline        Query GreyNoise IP to identify Similar IPs.
  timelinehourly  Query GreyNoise IP to identify Similar IPs.
  version         Get version and OS information for your GreyNoise...

========= Changelog

Version `2.3.0`_

Date: July 30, 2024

API client:
- Add cve command to query the CVE lookup API
CLI:
- Add cve command to display result from CVE lookup API
Dependencies:
- Updated cachetools to version 5.4.0

Version `2.2.0`_

Date: June 11, 2024

API client:
- Update analyze command to use analysis endpoint
- Add persona_details command to pull a sensor persona's details based on ID
- Add sensor_list command to pull list of sensors from a users workspace, based on API key used
- Add sensor_activity command to pull sensor activity feed from users workspace
- Add sensor_activity_ips command to pull list of source ips from sensor activity feed
CLI:
- Update analyze output to match that of new endpoint response
- Add persona-details command to display command response
- Add sensor-list command to display command response
- Add sensor-activity command to display command response
Dependencies:
- Updated Clic to version 8.1.7
- Updated ansimarkup to version 2.1.0
- Updated click-repl to version 0.3.0
- Updated dict2xml to version 1.7.5
- Updated jinja2 to version 3.1.4
- Updated more-itertools to version 10.3.0 (for py3.8 and above only)
- Updated requests to version 2.32.3

Version `2.1.0`_

Date: February 07, 2024

API client:
- None
CLI:
- Fixed stats command display to show correct countries
- Fixed similar command to handle non-noise IP response
Dependencies:
- Updated requests to version 2.31.0
- Updated cachetools to version 5.3.1
- Removed ipaddress as a required package

Version `2.0.1`_

Date: April 14, 2023

API client:
- Updated timeline commands to support 90 day lookback period
CLI:
- Updated timeline commands to support 90 day lookback period
Dependencies:
- Updated ansimarkup to version 1.5.0
- Updated dict2xml to version 1.7.3
- Updated itertools to version 9.1.0
- Updated requests to version 2.28.2

Version `2.0.0`_

Date: February 15, 2023

BREAKING CHANGE:
- Removed support for python 3.5
API client:
- Added similar command to support IP Similarity lookups
- Added timeline command to support IP Time Series Single Attribute lookups
- Added timelinehourly command to support IP Time Series Hourly Summary lookups
- Added timelinedaily command to support IP Time Series Daily Summary lookups
- Added exclude_raw parameter to query command to reduce issues with default behavior in integrations
CLI:
- Added similar command to support IP Similarity lookups
- Added timeline command to support IP Time Series Single Attribute lookups
- Added timelinehourly command to support IP Time Series Hourly Summary lookups
- Added timelinedaily command to support IP Time Series Hourly Summary lookups
Dependencies:
- Updated dict2xml to version 1.7.2
- Updated colorama to version 0.4.6
- Updated cachetools to version 5.3.0

Version `1.3.0`_

Date: September 07, 2022

API client:
- Rework logging to remove structlog predefined logging to follow best practices
- Update the quick command to use a POST API request instead of a GET API request
- Fix bug with ip_multi preventing lists of more than 1000 entries from returning correct data
- Fix bug with ip_multi when cache is disabled not returning correct values
- Fix bug with ip_multi where include_invalid parameter was not working
CLI:
- None
Dependencies:
- Updated Click to 8.1.3
- Updated colorama to 0.4.5
- Updated jinja2 to 3.1.2
- Updated more-itertools to 8.14.0
- Update requests to 2.28.1
- Removed structlog

Version `1.2.1`_

Date: June 03, 2022

API client:
- None
CLI:
- Add missing HASSH values to output for IP and QUERY commands
- Remove unused PCAP command
Dependencies:
- Update jinja to 3.1.0
- Update dict2xml to 1.7.1
- Update Click to 8.1.2
- Update more-itertools to 8.13.0
- Update cachetools to 5.2.0

Version `1.2.0`_

Date: September 03, 2021

API client:
- Add ip_multi command to support bulk IP Context lookups
- Fix issue with "include_invalid" option on quick command failing with "riot" key missing
CLI:
- Add ip-multi command to support bulk IP Context lookups
- Add support for comma separated IP lists for ip-multi and quick commands
- Add size and scroll arguments for query and stats command
- Update quick command to not error completely when non-routable IP is passed as an input in a list
Dependencies:
- Added colorama dependency
- Update Click to 8.0.3
- Updated cachetools to 5.0.0
- Updated jinja to 3.0.3
- Updated more-itertools to 8.12.0
- Updated requests to 2.27.1
- Updated structlog to 21.5.0

Version `1.1.0`_

Date: June 23, 2021

API client:
- Update filter command to use new quick endpoint with noise/riot updates
- Update analyze command to use new quick endpoint with noise/riot updates
CLI:
- Update quick command to handle quick endpoint noise/riot updates
- Add support for RIOT trust_level output
Dependencies:
- Updated Click to 8.0.1

Version `1.0.0`_

Date: June 02, 2021

*** Removed Support for Python2 - BREAKING CHANGE ***

API client:
- Fixed error handling for both error and message responses
- Implemented ipaddress package for IP validation to prevent non-routable IP addresses from being sent for query to the API
CLI:
- Updated warning messages to help identify invalid vs non-routable IPs
Dependencies:
- Updated cachetools to 4.2.2
- Updated six to 1.16.0
- Updated jinja2 to 3.0.1 for py36 and py37
- Updated click-repl to 0.2.0
- Updated more-itertools to 8.8.0

Version `0.9.1`_

Date: May 05, 2021

CLI:
- #465: Fixed error handling on expired API key
Dependencies:
- Updated cachetools to 4.2.2

Version `0.9.0`_

Date: April 21, 2021

API client:
- Removed rouge debug statement from analysis command
CLI:
- Fixed query command to display text output for queries with more than 10k results
  - Query now limits results to 10 on the text output

Version `0.8.0`_

Date: March 26, 2021

API client:
- Added support for Community API
- Added information about "integration_name" parameter to docs
- BREAKING CHANGE Updated test_connection() to use /ping endpoint and return API response message and exception instead of string values
CLI:
- Added support for Community API
- Updated Analyze command to include RIOT
- Changed default behavior to no longer use query. Invalid commands return error now
Dependencies:
- Updated cachetools to 4.2.1
- Updated jinja2 to 2.11.3
- Updated more-itertools to 8.7.0
- Update structlog to 21.1.0

Version `0.7.0`_

Date: January 07, 2021

API client:
- Add "include_invalid" option to QUICK lookup to return invalid IPs as part of the JSON response
- Added support for new /riot endpoint
- Updated logic in quick to better handle non-list format input ('ip_1,ip_2')instead of ['ip_1','ip_2']
- Added ability to configure CACHE TTL and CACHE MAX SIZE instead of only using hardcoded defaults
CLI:
- Added support for new riot command
- Updated json_formatter for query commands to return data only as New Line Delimited JSON
Dependencies:
- Updated sphinx to 3.4.0
- Updated structlog to 20.2.0 for python 3.6 and 3.7

Version `0.6.0`_

Date: December 21, 2020

API client:
- Added test_connection method to allow for integrations to validate connection and API key
CLI:
- Added spoofable and CVE outputs where possible
Both API client and CLI:
- Fix IP_Validation method bug which was preventing valid IPs from being submitted

Version `0.5.0`_

Date: December 16, 2020

API client:
- add metadata method.
- replace dicttoxml with dict2xml for license-compatibility.
Both API client and CLI:
- Update dependencies to the latest version
- Add support for PROXY usage
- Update the IP validator to ensure better validation

Version `0.4.1`_

Date: January 3, 2020

API client:
- add spoofable field.

Version `0.4.0`_

Date: November 18, 2019

API client:
- add interesting method.
- add filter method.
- add analyze method.
- add scroll and size parameters to query method.
- add api_server and integration_name parameters to __init__ method.
CLI:
- add interesting subcommand.
- add filter subcommand.
- add analyze subcommand.
- add api_server option to setup subcommand.
Both API client and CLI:
- use structlog logging library.

Version `0.3.0`_

Date: September 06, 2019

API client:
- rename API client methods to match CLI command names.
- use LRU cache for IP context and quick check calls.
CLI:
- add help, repl and version subcommands.
- global options moved to those subcommands where they apply.
- make request timeout configurable.

Version `0.2.2`_

Date: August 28, 2019

CLI:
- fix setup subcommand when configuration directory doesn't exist.

Version `0.2.1`_

Date: August 28, 2019

API client
- Version sent in User-Agent header.
- Raise RateLimitError on 429 response.
CLI
- Colored output.
- Add -i / --input option.

Version `0.2.0`_

Date: August 21, 2019

Complete codebase refactoring.

Keywords

FAQs

What is greynoise?

Is greynoise well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

greynoise

================ Python GreyNoise

Documentation

Quick Start

Versioning

Usage

========= Changelog

Version 2.3.0_

Version 2.2.0_

Version 2.1.0_

Version 2.0.1_

Version 2.0.0_

Version 1.3.0_

Version 1.2.1_

Version 1.2.0_

Version 1.1.0_

Version 1.0.0_

Version 0.9.1_

Version 0.9.0_

Version 0.8.0_

Version 0.7.0_

Version 0.6.0_

Version 0.5.0_

Version 0.4.1_

Version 0.4.0_

Version 0.3.0_

Version 0.2.2_

Version 0.2.1_

Version 0.2.0_

Keywords

Related posts

The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks

PyTorch Lightning Exposes Users to Remote Code Execution via Deserialization Vulnerabilities

Version `2.3.0`_

Version `2.2.0`_

Version `2.1.0`_

Version `2.0.1`_

Version `2.0.0`_

Version `1.3.0`_

Version `1.2.1`_

Version `1.2.0`_

Version `1.1.0`_

Version `1.0.0`_

Version `0.9.1`_

Version `0.9.0`_

Version `0.8.0`_

Version `0.7.0`_

Version `0.6.0`_

Version `0.5.0`_

Version `0.4.1`_

Version `0.4.0`_

Version `0.3.0`_

Version `0.2.2`_

Version `0.2.1`_

Version `0.2.0`_