GreyNoise Block is a threat intelligence platform that detects attacks on network edge systems by identifying malicious scanning and exploitation activity in real-time. The platform operates a global deception network (honeypots) to collect and analyze internet-wide scanning behavior. The service provides verifiable intelligence on threat actors targeting edge infrastructure including VPNs, firewalls, and other perimeter systems. GreyNoise tracks exploitation attempts for known vulnerabilities (CVEs) and monitors credential-based attacks against enterprise authentication systems. The platform offers configurable blocklists that can be generated from custom queries and integrated into firewalls, SOAR platforms, and other security enforcement points. Users can search and analyze IP addresses to determine if they are associated with malicious activity, benign scanning, or legitimate services. GreyNoise maintains a database of internet scanning activity and provides context on IP behavior patterns, including automated scanners, vulnerability exploitation campaigns, and coordinated attack infrastructure. The platform tracks emerging threats and publishes research on active exploitation campaigns, attack patterns, and threat actor infrastructure. The service includes a web-based visualization interface for searching and analyzing threat data, with API access for programmatic integration into security workflows.