analyzer: greynoise
query: ...
api_key: ...
| Name | Type | Required? | Default | Desc. |
|---|---|---|---|---|
| query | String | Yes | Search query | |
| api_key | String | No | ENV[ā€¯GREYNOISE_API_KEY"] | API key |
The analyzer uses GreyNoise API and [<https://api.greynoise.io/v2/experimental/gnql>](<https://api.greynoise.io/v2/experimental/gnql>) API endpoint to search.
IP addresses matched with a query are treated as artifacts.
This rule outputs the following type of artifacts.
Mihari loads your API key via environment variable GREYNOISE_API_KEY by default.