When using the GreyNoise Community API integration in EvidenceHub, you may encounter various error messages. This guide explains these error messages, their meanings, and how to resolve them.

Error Overview

HTTP Status Code	Description	Solution
400	Invalid IP Address	Check IP format
404	IP Not Found	Verify IP or check data freshness
429	Rate Limit Exceeded	Wait or upgrade plan
500	Internal Server Error	Retry later or contact support

Detailed Explanations

400 - Bad Request (Invalid IP Address)

Description: This error occurs when the IP address provided in the query is not a valid, routable IPv4 address.

Resolution:

• Ensure the IP address you're querying is a valid IPv4 address.
• Check that the IP address is routable (not a private or reserved IP).

Steps to Take:

1. Review the IP address you're trying to query.
2. Ensure it's in the correct IPv4 format (e.g., 192.168.1.1).
3. Verify that it's not a private IP address (e.g., 10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x).
4. Use an IP address validator tool to check its validity and routability.
5. Correct any formatting issues and try your query again.

404 - Not Found

Description: This error indicates that GreyNoise doesn't have any record of the queried IP address in its database.

Resolution:

• Verify that the IP address is correct.
• Understand that this is not necessarily an error, but rather an indication that GreyNoise has no data on this IP.

Steps to Take:

1. Double-check the IP address for accuracy.
2. If the IP is correct, understand that it may not have been observed in malicious activities by GreyNoise.
3. Consider checking other threat intelligence sources for information about this IP.
4. If you believe this IP should be in GreyNoise's database, consider submitting it for review through their platform.

429 - Too Many Requests

Description: This error occurs when you've exceeded the rate limit for queries to the GreyNoise Community API.

Resolution:

• Wait until your rate limit resets (typically daily).
• Consider upgrading to a paid plan for higher query limits.

Steps to Take:

1. Stop sending queries to the GreyNoise API immediately.
2. Check the error message for your current plan and rate limit.
3. Wait until your rate limit resets (usually at the start of the next day).
4. Consider creating a free account or upgrading your plan for higher limits.
5. Implement rate limiting in your integration to avoid hitting this limit in the future.

500 - Internal Server Error

Description: This error indicates an unexpected problem on GreyNoise's server side.

Resolution:

• This issue is typically temporary and resolves on its own.
• If the problem persists, it may require attention from GreyNoise's support team.

Steps to Take:

1. Wait a few minutes and try your query again.
2. If the error continues, check GreyNoise's status page or social media for any announced issues.
3. If the problem persists for an extended period, contact GreyNoise support.

General Troubleshooting Tips for GreyNoise Integration

1. API Usage:
   • Remember that each query to the Community API consumes one Search from your daily limit.
   • Monitor your usage to avoid unexpectedly hitting rate limits.
2. IP Validation:
   • Implement IP validation in your integration to catch invalid IPs before sending queries.
   • Use libraries or functions that can verify if an IP is valid and routable.
3. Rate Limiting:
   • Implement client-side rate limiting to stay within GreyNoise's limits.
   • Consider spreading out your queries over time if you're approaching your daily limit.
4. Error Handling:
   • Implement robust error handling in your integration to catch and respond to all potential error codes.
   • For 429 errors, ensure your system stops sending queries and waits for the rate limit to reset.
5. Logging:
   • Keep detailed logs of your queries and any errors encountered.
   • This information can be valuable for troubleshooting and optimizing your use of the GreyNoise API.

For additional assistance or if you encounter errors not listed here, please contact EvidenceHub support or consult the GreyNoise API documentation.

Additional Resources

• GreyNoise Community API Documentation
• GreyNoise Pricing Plans
• IPv4 Address Format Guide

Remember to always use GreyNoise and other threat intelligence services responsibly and in compliance with all applicable laws and regulations.