Webinar Series - GreyNoise Tags Deep Dive

About this Webinar Series

What is a GreyNoise tag? 

GreyNoise tags are a signature-based detection method used to identify actors, tools, and CVEs in our data. Tags provide key contextual understanding of the activity/behaviors observed from a particular IP address, offering insight into the intention of the activity originating from it. This helps in threat detection, response, and overall cybersecurity analysis. Understanding tag activity patterns will also help enhance threat assessment exercises and defense plans.

Why should I learn more about GreyNoise tags?

GreyNoise tags can be used for enhanced enrichment, threat hunting, and protecting your perimeter from mass exploitation. Learning more about how they are crafted, curated, and monitored will help inform threat response decisions and provide insight that will enable your organization to become more effective at detection engineering and developing more robust incident response plans.

Tags 101: GreyNoise Detection Engineering: Introduction To "Tags"

View Replay

• What are "tags"
• How they differ from / are similar to traditional "detections"
• Survey of the GreyNoise Tag Ecosystem
• Benign / Malicious / Unknown
• Using our tags for both active and passive defense

Tags 201: GreyNoise Detection Engineering: Under The Hood

View Replay

• How a tag is built with examples:
• Building a Benign Actor Tag
• Detection engineering a malicious CVE into a Malicious Activity Tag
• Making the hard call: flipping the "malicious" switch on a tag

Tags 301: GreyNoise Detection Engineering AI: Leave No Interaction Untagged

View Replay

• Using language models and "AI" on our quest to Tag. Every. Interaction.
• The GreyNoise Sift workflow
• The future of Tagging at GreyNoise

‍