Skip to content

f0r3ns1cat0r/yeti

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,669 Commits

.github

.github

 
 

.vscode

.vscode

 
 

contrib

contrib

 
 

core

core

 
 

doc

doc

 
 

extras

extras

 
 

helpers

helpers

 
 

plugins

plugins

 
 

tests

tests

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.pylintrc

.pylintrc

 
 

.style.yapf

.style.yapf

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

Pipfile

Pipfile

 
 

README.md

README.md

 
 

SUMMARY.md

SUMMARY.md

 
 

Vagrantfile

Vagrantfile

 
 

package.json

package.json

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

yarn.lock

yarn.lock

 
 

yeti.conf.sample

yeti.conf.sample

 
 

yeti.py

yeti.py

 
 

Repository files navigation

DEPRECATION NOTICE

This version of Yeti is deprecated. We're working hard on a new version, which you can check out by following instructions at

https://github.com/yeti-platform/yeti-docker

(or on the fastapi branch here)

Yeti - Your everyday threat intelligence

What is Yeti?

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it.

Yeti was born out of frustration of having to answer the question "where have I seen this artifact before?" or Googling shady domains to tie them to a malware family.

In a nutshell, Yeti allows you to:

  • Submit observables and get a pretty good guess on the nature of the threat.
  • Inversely, focus on a threat and quickly list all TTPs, Observables, and associated malware.
  • Let responders skip the "Google the artifact" stage of incident response.
  • Let analysts focus on adding intelligence rather than worrying about machine-readable export formats.
  • Visualize relationship graphs between different threats.

This is done by:

  • Collecting and processing observables from a wide array of different sources (MISP instances, malware trackers, XML feeds, JSON feeds...)
  • Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
  • Export the data in user-defined formats so that they can be ingested by third-party applications (think blocklists, SIEM).

Installation

Yeti has a docker-compose script to get up and running even faster; this is useful for testing or even running production instances of Yeti should your infrastructure support it. Full instructions here, but in a nutshell:

Download in release page the lastest version of yeti https://github.com/yeti-platform/yeti/releases

To install docker and docker-compose follow the instructions on the official documentation https://docs.docker.com/compose/install/

    gunzip yeti-<version>.zip
    cd yeti/extras/docker/dev
    docker-compose up

The docker-compose will start the following containers

Useful links

About

Your Everyday Threat Intelligence

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Python 98.3%
  • Shell 1.5%
  • Other 0.2%