Skip to main content
Panther Knowledge Base

How do I resolve "PantherGreyNoiseException('This account is configured with a basic GreyNoise Subscription...'"?

  1. Last updated
  2. Save as PDF

Issue

I am seeing the following error in Panther:

PantherGreyNoiseException ('This account is configured with a basic GreyNoise Subscription. Please use GreyNoiseBasic and GreyNoiseRIOTBasic ')

Resolution

To resolve this issue:

  • Replace any instances of GetGreyNoiseObject with GreyNoiseAdvanced in your detection.  
  • Continue to pass in the event as the only parameter.

Cause

The occurrence of this error is due to an assumption in the GetGreyNoiseObject  function within the panther_greynoise_helpers helper.  It assumes the presence of a greynoise_noise_advanced key in the p_enrichment field when the GreyNoise advanced enrichment provider is active. However, this assumption is not always correct. The GreyNoise advanced lookup table might be enabled, but if there's no match for a specific IP address, the greynoise_noise_advanced key is not added.

We are actively working on improving this behavior. In the meantime, if you encounter this error, the provided workaround should enable you to proceed with the enrichment process.