Skip to main content

Abstraction to interact with GreyNoise API.

Project description

Python GreyNoise

https://circleci.com/gh/GreyNoise-Intelligence/pygreynoise.svg?style=shield https://sonarcloud.io/api/project_badges/measure?project=GreyNoise-Intelligence_pygreynoise&metric=coverage https://readthedocs.org/projects/greynoise/badge/?version=latest https://badge.fury.io/py/greynoise.svg Updates https://img.shields.io/badge/License-MIT-yellow.svg https://quay.io/repository/greynoiseintel/pygreynoise/status

This is an abstract python library built on top of the GreyNoise service. It is preferred that users use this library when implementing integrations or plan to use GreyNoise within their code. The library includes a small client to interact with the API.

Documentation

Documentation is available here: Documentation

Quick Start

Install the library:

pip install greynoise or python setup.py install

Save your configuration:

greynoise setup --api-key <your-API-key>

Versioning

This python package follows semantic versioning. According to this:

  • We will NEVER push a breaking change without a major version release.

  • We will only add new features and/or bug fixes with minor version releases.

  • We will only do bug fixes for patch version release.

As such, we recommend you pin the dependency on this SDK to only allow minor version changes at most:

# allow patch version increments
greynoise~=1.4.0

# allow minor version increments
greynoise~=1.4

Usage

Usage: greynoise [OPTIONS] COMMAND [ARGS]...

  GreyNoise CLI.

Options:
  -h, --help  Show this message and exit.

Commands:
  query*       Run a GNQL (GreyNoise Query Language) query.
  account      View information about your GreyNoise account.
  alerts       List, create, delete, and manage your GreyNoise alerts.
  analyze      Analyze the IP addresses in a log file, stdin, etc.
  feedback     Send feedback directly to the GreyNoise team.
  filter       "Filter the noise from a log file, stdin, etc.
  help         Show this message and exit.
  interesting  Report an IP as "interesting".
  ip           Query GreyNoise for all information on a given IP.
  pcap         Get PCAP for a given IP address.
  quick        Quickly check whether or not one or many IPs are "noise".
  repl         Start an interactive shell.
  setup        Configure API key.
  signature    Submit an IDS signature to GreyNoise to be deployed to all...
  stats        Get aggregate stats from a given GNQL query.
  version      Get version and OS information for your GreyNoise
               commandline...

Changelog

Version 1.2.0

Date: September 03, 2021

  • API client:

    • Add ip_multi command to support bulk IP Context lookups

    • Fix issue with “include_invalid” option on quick command failing with “riot” key missing

  • CLI:

    • Add ip-multi command to support bulk IP Context lookups

    • Add support for comma separated IP lists for ip-multi and quick commands

    • Add size and scroll arguments for query and stats command

    • Update quick command to not error completely when non-routable IP is passed as an input in a list

  • Dependencies:

    • Added colorama dependency

    • Update Click to 8.0.3

    • Updated cachetools to 5.0.0

    • Updated jinja to 3.0.3

    • Updated more-itertools to 8.12.0

    • Updated requests to 2.27.1

    • Updated structlog to 21.5.0

Version 1.1.0

Date: June 23, 2021

  • API client:

    • Update filter command to use new quick endpoint with noise/riot updates

    • Update analyze command to use new quick endpoint with noise/riot updates

  • CLI:

    • Update quick command to handle quick endpoint noise/riot updates

    • Add support for RIOT trust_level output

  • Dependencies:

    • Updated Click to 8.0.1

Version 1.0.0

Date: June 02, 2021

* Removed Support for Python2 - BREAKING CHANGE *

  • API client:

    • Fixed error handling for both error and message responses

    • Implemented ipaddress package for IP validation to prevent non-routable IP addresses from being sent for query to the API

  • CLI:

    • Updated warning messages to help identify invalid vs non-routable IPs

  • Dependencies:

    • Updated cachetools to 4.2.2

    • Updated six to 1.16.0

    • Updated jinja2 to 3.0.1 for py36 and py37

    • Updated click-repl to 0.2.0

    • Updated more-itertools to 8.8.0

Version 0.9.1

Date: May 05, 2021

  • CLI:

    • #465: Fixed error handling on expired API key

  • Dependencies:

    • Updated cachetools to 4.2.2

Version 0.9.0

Date: April 21, 2021

  • API client:

    • Removed rouge debug statement from analysis command

  • CLI:

    • Fixed query command to display text output for queries with more than 10k results * Query now limits results to 10 on the text output

Version 0.8.0

Date: March 26, 2021

  • API client:

    • Added support for Community API

    • Added information about “integration_name” parameter to docs

    • BREAKING CHANGE Updated test_connection() to use /ping endpoint and return API response message and exception instead of string values

  • CLI:

    • Added support for Community API

    • Updated Analyze command to include RIOT

    • Changed default behavior to no longer use query. Invalid commands return error now

  • Dependencies:

    • Updated cachetools to 4.2.1

    • Updated jinja2 to 2.11.3

    • Updated more-itertools to 8.7.0

    • Update structlog to 21.1.0

Version 0.7.0

Date: January 07, 2021

  • API client:

    • Add “include_invalid” option to QUICK lookup to return invalid IPs as part of the JSON response

    • Added support for new /riot endpoint

    • Updated logic in quick to better handle non-list format input (‘ip_1,ip_2’)instead of [‘ip_1’,’ip_2’]

    • Added ability to configure CACHE TTL and CACHE MAX SIZE instead of only using hardcoded defaults

  • CLI:

    • Added support for new riot command

    • Updated json_formatter for query commands to return data only as New Line Delimited JSON

  • Dependencies:

    • Updated sphinx to 3.4.0

    • Updated structlog to 20.2.0 for python 3.6 and 3.7

Version 0.6.0

Date: December 21, 2020

  • API client:

    • Added test_connection method to allow for integrations to validate connection and API key

  • CLI:

    • Added spoofable and CVE outputs where possible

  • Both API client and CLI:

    • Fix IP_Validation method bug which was preventing valid IPs from being submitted

Version 0.5.0

Date: December 16, 2020

  • API client:

    • add metadata method.

    • replace dicttoxml with dict2xml for license-compatibility.

  • Both API client and CLI:

    • Update dependencies to the latest version

    • Add support for PROXY usage

    • Update the IP validator to ensure better validation

Version 0.4.1

Date: January 3, 2020

  • API client:

    • add spoofable field.

Version 0.4.0

Date: November 18, 2019

  • API client:

    • add interesting method.

    • add filter method.

    • add analyze method.

    • add scroll and size parameters to query method.

    • add api_server and integration_name parameters to __init__ method.

  • CLI:

    • add interesting subcommand.

    • add filter subcommand.

    • add analyze subcommand.

    • add api_server option to setup subcommand.

  • Both API client and CLI: * use structlog logging library.

Version 0.3.0

Date: September 06, 2019

  • API client:

    • rename API client methods to match CLI command names.

    • use LRU cache for IP context and quick check calls.

  • CLI:

    • add help, repl and version subcommands.

    • global options moved to those subcommands where they apply.

    • make request timeout configurable.

Version 0.2.2

Date: August 28, 2019

  • CLI:

    • fix setup subcommand when configuration directory doesn’t exist.

Version 0.2.1

Date: August 28, 2019

  • API client

    • Version sent in User-Agent header.

    • Raise RateLimitError on 429 response.

  • CLI

    • Colored output.

    • Add -i / --input option.

Version 0.2.0

Date: August 21, 2019

  • Complete codebase refactoring.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

greynoise-1.2.0.tar.gz (26.0 kB view hashes)

Uploaded Source

Built Distribution

greynoise-1.2.0-py3-none-any.whl (31.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page