GreyMatter
Overview
Section titled “Overview”With real-time, asynchronous data flow, this integration automatically syncs GreyMatter incidents to your Adversarial Incident Register.
- Source: SIEM
- Opened By: “Greymatter Integration”
The integration can be enabled directly from your Adversarial tenant via Settings > Integrations. The API Key Access needs to have read permissions for incidents.
Data Flow
Section titled “Data Flow”This is a one-way, ingest-only integration:
- To account for deduplication, Incidents marked as “New” in GreyMatter are not created in Adversarial.
- Records will be created with no severity assigned. Users must AI Score or manually assign severity.
- Changes in Adversarial do not impact GreyMatter.
- Field changes in GreyMatter will be mapped directly to Adversarial.
Status Mapping
Section titled “Status Mapping”Once the GreyMatter AI reviews and accepts a new incident, a record is created in Adversarial with Status = “New”. Occurred Date and Detected Date are brought over from GreyMatter. The user can populate Contained and Responded Dates and create Risk Register Referral records.
| GreyMatter State | Adversarial Status | Notes |
|---|---|---|
NEW | Not imported | Excluded from sync — incidents may disappear due to deduplication |
IN_PROGRESS | In Progress | Occurred Date and Detected Date carried over |
RESOLVED | Review | If the Contained Date equivalent is populated in GreyMatter, the Adversarial Contained Date will reflect accordingly |
CLOSED | Closed |
Fields
Section titled “Fields”The following additional fields are synced from GreyMatter:
| GreyMatter Field | Adversarial Field | Notes |
|---|---|---|
| closeCode | Close Code | Populated when the incident is resolved in GreyMatter. Captures the resolution category. |
| closeNote | Close Note | Populated when the incident is resolved in GreyMatter. Contains the analyst’s resolution notes. |
These fields appear in the incident detail view and are read-only in Adversarial.