Case Study: Hurricane Labs reduces noisy alerts by 25% and frees analyst capacity with GreyNoise

Hurricane Labs Reduces Noisy Alerts Using GreyNoise

Hurricane Labs, a Splunk ES and Phantom‑focused MSSP, was seeing alert volumes grow as they added detections and customers, with much of the noise coming from internet background scanners and dynamic cloud IPs that weren’t actionable. To address this, Hurricane Labs evaluated and adopted GreyNoise’s anti‑threat intelligence, deploying turnkey GreyNoise–Splunk and GreyNoise–Phantom integrations to help distinguish benign internet noise from true threats.

GreyNoise was integrated into Splunk correlation searches to exclude matched noise and used to enrich Phantom alerts so analysts can confidently short‑circuit investigations when an IP is marked as noise. The result was a 25% reduction in alerts triggered, the equivalent of freeing 1–1.5 analysts per day, and scalable triage across customers—improving SOC efficiency and analyst satisfaction. GreyNoise enabled Hurricane Labs to cut investigation load without increasing security risk.

Hurricane Labs

Steve McMaster

Director of Managed Services