Case Study: Large Hospitality and Food Service Company reduces noisy XSOAR alerts and saves 40 analyst hours/month with GreyNoise

Using GreyNoise to Reduce Noisy Alerts in XSOAR

Large Hospitality and Food Service Company ran a small Tier 2+ SOC and was overwhelmed by noisy IDS/IPS alerts, time-consuming manual investigations, and difficulty distinguishing opportunistic internet-wide scanners from targeted attacks. They began using GreyNoise (initially the Community edition) alongside their homegrown tools and later selected Cortex XSOAR as their SOAR platform, making GreyNoise a natural integration to help triage and deprioritize irrelevant alerts.

GreyNoise was integrated into XSOAR playbooks to automatically enrich alerts, filter out known legitimate “internet background noise,” and close or deprioritize exploit-scan events based on contextual logic. As a result, GreyNoise helped the team save about one hour per vulnerability-scan investigation, freed roughly 40 analyst hours per month, reduced research strain on ad hoc investigations, and enabled automation of routine decisioning.