GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → yeti-platform → pyeti

yeti-platform / pyeti

Licence: Apache-2.0 license
Python bindings for Yeti's API

Programming Languages

python
139335 projects - #7 most used programming language

Labels

apiintelligenceenrichmentinfosecthreat-huntingthreat-sharingthreatintel

Projects that are alternatives of or similar to pyeti

Yeti
Your Everyday Threat Intelligence
Stars: ✭ 1,037 (+6813.33%)
Mutual labels:  intelligence, infosec, threat-hunting, threatintel
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+23133.33%)
Mutual labels:  intelligence, threat-hunting, threat-sharing, threatintel
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (+46.67%)
Mutual labels:  intelligence, threat-hunting, threatintel
ThreatIntelligence
Tracking APT IOCs
Stars: ✭ 23 (+53.33%)
Mutual labels:  threat-hunting, threat-sharing, threatintel
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+360%)
Mutual labels:  infosec, threat-hunting, threatintel
csirtg-smrt-v1
the fastest way to consume threat intelligence.
Stars: ✭ 27 (+80%)
Mutual labels:  threat-hunting, threat-sharing, threatintel
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+1606.67%)
Mutual labels:  infosec, threat-hunting, threatintel
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+13993.33%)
Mutual labels:  enrichment, threat-hunting, threatintel
Rpot
Real-time Packet Observation Tool
Stars: ✭ 38 (+153.33%)
Mutual labels:  intelligence, threat-hunting
Iky
OSINT Project
Stars: ✭ 203 (+1253.33%)
Mutual labels:  intelligence, infosec
mail to misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+306.67%)
Mutual labels:  threat-hunting, threatintel
Vendor-Threat-Triage-Lookup
Lookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
Stars: ✭ 17 (+13.33%)
Mutual labels:  intelligence, threat-hunting
ioc-fanger
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (+213.33%)
Mutual labels:  threat-sharing, threatintel
TIGMINT
TIGMINT: OSINT (Open Source Intelligence) GUI software framework
Stars: ✭ 195 (+1200%)
Mutual labels:  intelligence, infosec
evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (+713.33%)
Mutual labels:  infosec, threat-hunting
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (+93.33%)
Mutual labels:  threat-hunting, threatintel
MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+426.67%)
Mutual labels:  infosec, threatintel
awesome-malware-analysis
Defund the Police.
Stars: ✭ 9,181 (+61106.67%)
Mutual labels:  threat-sharing, threatintel
Chatter
internet monitoring osint telegram bot for windows
Stars: ✭ 123 (+720%)
Mutual labels:  infosec, threatintel
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+326.67%)
Mutual labels:  threat-hunting, threatintel
View All Similar Projects ➔

pyeti-python3

Pyeti-Python (pyeti) is the bundle uses to interface with the YETI API. This is the new package that can be installed directly with pip. Pyeti-python allows you to extract data from YETI such as specific observables (malware, IP, domains...). It can be used to plug in your own tool and enrich your Threat Intelligence feed with Yeti.

Getting Started

To install it you can clone the repo and run the following command:

$ python3 setup.py install

You can also install it with pip:

$ pip3 install pyeti-python3

Once installed the first thing to do is to get your API key from the Yeti interface.

Then you can configure your script with the following information to test the connection:

server="<IPofYETI>"
key="<APIKEY>"
tag="<NameoftheObservable>" # example: 'lokibot'

api = pyeti.YetiApi("http://%s:5000/api/" % server, api_key=key)
request = api.observable_search(tags=tag, count=50)

Testing

You can run tests from the root directory by running:

$ pip3 install nose
$ python3 setup.py test

Note that most tests require a full running install of Yeti on localhost:5000

Use cases

First thing is to import the library and instantiate a client.

import pyeti, json    # json is only used for pretty printing in the examples below 
api = pyetix.YetiApi("http://localhost:5000/api/")

If you are using a self signed cert on your yeti instance you can set the verify_ssl parameter to True to ignore warnings. Otherwise all ssl connections are verified by default.

import pyeti, json    # json is only used for pretty printing in the examples below 
api = pyeti.YetiApi("http://localhost:5000/api/", verify_ssl=False)

Adding observables

results = api.observable_add("google.com", ['google'])
print(json.dumps(results, indent=4, sort_keys=True))

Bulk add

results = api.observable_bulk_add(["google.com", "bing.com", "yahoo.com"])
print(len(results))
3
print(json.dumps(results[1], indent=4, sort_keys=True))

Get a single observable

results = api.observable_add("google.com")
print(results['id'])
info = api.observable_details(results['id'])
print(json.dumps(info, indent=4, sort_keys=True))

Search for observables

api.observable_add("search-domain.com")
result = api.observable_search(value="search-dom[a-z]+", regex=True)
print(json.dumps(result, indent=4, sort_keys=True))

Add observables

result = api.observable_file_add("/tmp/hello.txt", tags=['benign'])
print(json.dumps(result, indent=4, sort_keys=True))
# Get file contents
api.observable_file_contents(objectid="594fff86bf365e6270f8914b")
'Hello!\n'
api.observable_file_contents(filehash="e134ced312b3511d88943d57ccd70c83") # you can also use any hash computed above
'Hello!\n'

License

This project is licensed under the Apache License - see the LICENSE.md file for details

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].