I am seeing the following error in Panther:
PantherGreyNoiseException ('This account is configured with a basic GreyNoise Subscription. Please use GreyNoiseBasic and GreyNoiseRIOTBasic ')
To resolve this issue:
Replace any instances of GetGreyNoiseObject
with GreyNoiseAdvanced
in your detection.
Continue to pass in the event as the only parameter.
The occurrence of this error is due to an assumption in the GetGreyNoiseObject
function within the panther_greynoise_helpers
helper. It assumes the presence of agreynoise_noise_advanced
key in the p_enrichment
field when the GreyNoise advanced enrichment provider is active. However, this assumption is not always correct. The GreyNoise advanced lookup table might be enabled, but if there's no match for a specific IP address, the greynoise_noise_advanced
key is not added.
We are actively working on improving this behavior. In the meantime, if you encounter this error, the provided workaround should enable you to proceed with the enrichment process.