Introducing the Labs API Playground, a powerful tool designed to provide users quick access to data and an Early-Access/Beta API experience. Whether you’re a seasoned GreyNoise user (welcome back!) or just starting your journey (welcome aboard!), this playground will enable you to explore and interact with our data in new ways.

Accessing the Playground

To enter the Labs API Playground, visit https://api.labs.greynoise.io. It’s that easy! Who can access this playground? Anyone with a GreyNoise Account! And if you’re already a proud member of our GreyNoise community, you’re just a few clicks away from unlocking this API experience. Don't have a GreyNoise account yet? Create your free account here.

Rules of Engagement on Labs API

Before you dive straight into the Labs API, let’s familiarize ourselves with a few essential guidelines:

  1. Intended Use: The Labs API is a data source derived from the GreyNoise sensors and platform specifically designed to uncover insights our users may find intriguing and to facilitate exciting data explorations related to emerging threats; however, the Labs API is not for production use in user environments.
  2. Partial Data: The data sets available through the Labs API represent only a fraction (1%-10%) of the complete data. Users may be interested in accessing the entire set, but bulk data delivery is unavailable during the beta phase. If you have use cases that require access to the complete data set, we encourage you to contact us to schedule a discussion with our sales and product team.
  3. Support: If you encounter connectivity issues beyond verifying your GreyNoise account and accessing the Labs API Playground, please email labs@greynoise.io.
  4. Uptime and Downtime: We strive to maintain optimal uptime for the Labs API service; however, GreyNoise will only address downtime incidents during regular business hours.

Explore the Power of Labs API Queries

Now that you’re familiar with the playground’s rules and feedback process, it’s time to get hyped about the exciting world of Labs API queries! Here are a few notable ones to get you started:

topC2s

  • Access the top 1% of possible Command and Control (C2) IP addresses, ranked by their pervasiveness, observed by GreyNoise over the previous 24 hours. 
  • Use this query to identify second-stage IP addresses that might be involved in malicious activities following the reconnaissance and initial access stages. 
  • Please note that the data may be up to 4.5 hours old. 

topHTTPRequests

  • Access the top 1% of HTTP requests, ranked by their pervasiveness, observed by GreyNoise over the last seven days. Gain insights into the background radiation of the internet, exploring the patterns and trends of HTTP requests. 
  • Please note that the data may be up to 4.5 hours old. 

topPopularIPs

  • Access the top 1% of IPs searched in GreyNoise, ordered by the number of users observed searching over the last 7 days. Understand commonalities in how users search within GreyNoise, gaining insights into popular IPs and their associated activities. 
  • This query uses a minimum number of IP submissions and users to build consensus before an IP can be considered available in this dataset.
  • The data provided may be up to 4.5 hours old, and the “/” path has been removed as it is generally less valuable in most contexts. 

noiseRank

  • Access the top 1% of IPs by their noise score for the last 7 days. This score is determined by comparing the pervasiveness of the number of sensors and countries that observed packets from the IP, the request rate, and the diversity of payloads and ports for which the packets were observed. 
  • This query is intended to help rank the top noise makers compared to the quiet single-hit scanners.
  • Please note that the data may be up to 4.5 hours old. 

Share Your Discoveries

The Labs API Playground is intended to drive exploration and data-driven insights. Let curiosity guide you as you uncover hidden patterns, emerging threats, and connections within the vast landscape of internet noise.

This article is a summary of the full, in-depth version on the GreyNoise Labs blog.
Read the full report
GreyNoise Labs logo
Link to GreyNoise Twitter account
Link to GreyNoise Twitter account