QUESTION

How long is GreyNoise enrichment data retained in Panther?

ANSWER

 GreyNoise dataset has a 90-day cliff. 

If you notice enrichment data missing, it is likely that the 90 day age-off occurred. For example: You saw an IP classified as malicious in your enrichment context a few weeks ago. After checking GreyNoise, it is not categorized as malicious and there is no historic context that it was tagged as malicious. This could happen if, between the last time you looked for the IP and the most recent time you looked for it, the 90-day age-off occurred with no new scanning activity.