GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → yeti-platform → Yeti

yeti-platform / Yeti

Licence: apache-2.0
Your Everyday Threat Intelligence

Programming Languages

python
139335 projects - #7 most used programming language

Labels

infosecdfirthreat-huntingthreatintelintelligence

Projects that are alternatives of or similar to Yeti

pyeti
Python bindings for Yeti's API
Stars: ✭ 15 (-98.55%)
Mutual labels:  intelligence, infosec, threat-hunting, threatintel
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-57.67%)
Mutual labels:  dfir, threat-hunting, threatintel
Threatpinchlookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Stars: ✭ 257 (-75.22%)
Mutual labels:  dfir, threat-hunting, threatintel
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (-75.31%)
Mutual labels:  infosec, threat-hunting, threatintel
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+236.07%)
Mutual labels:  threat-hunting, threatintel, intelligence
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-93.35%)
Mutual labels:  infosec, threat-hunting, threatintel
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-97.88%)
Mutual labels:  intelligence, threat-hunting, threatintel
Open-source-tools-for-CTI
Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers
Stars: ✭ 91 (-91.22%)
Mutual labels:  infosec, threatintel
pybinaryedge
Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-98.46%)
Mutual labels:  threat-hunting, threatintel
Rpot
Real-time Packet Observation Tool
Stars: ✭ 38 (-96.34%)
Mutual labels:  threat-hunting, intelligence
Detectionlabelk
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (-73.67%)
Mutual labels:  dfir, threat-hunting
Threat-Intel-Slack-Bot
Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack
Stars: ✭ 26 (-97.49%)
Mutual labels:  infosec, threatintel
rhq
Recon Hunt Queries
Stars: ✭ 66 (-93.64%)
Mutual labels:  dfir, threat-hunting
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (-51.01%)
Mutual labels:  threat-hunting, threatintel
Attackdatamap
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Stars: ✭ 264 (-74.54%)
Mutual labels:  dfir, threat-hunting
Malcom
Malcom - Malware Communications Analyzer
Stars: ✭ 988 (-4.73%)
Mutual labels:  dfir, infosec
Sysmon Config
Sysmon configuration file template with default high-quality event tracing
Stars: ✭ 3,287 (+216.97%)
Mutual labels:  threat-hunting, threatintel
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+563.65%)
Mutual labels:  infosec, threatintel
Beagle
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
Stars: ✭ 976 (-5.88%)
Mutual labels:  dfir, threat-hunting
IronNetTR
Threat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-96.53%)
Mutual labels:  threat-hunting, threatintel
View All Similar Projects ➔

Yeti - Your everyday threat intelligence

What is Yeti?

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it.

Yeti was born out of frustration of having to answer the question "where have I seen this artifact before?" or Googling shady domains to tie them to a malware family.

In a nutshell, Yeti allows you to:

  • Submit observables and get a pretty good guess on the nature of the threat.
  • Inversely, focus on a threat and quickly list all TTPs, Observables, and associated malware.
  • Let responders skip the "Google the artifact" stage of incident response.
  • Let analysts focus on adding intelligence rather than worrying about machine-readable export formats.
  • Visualize relationship graphs between different threats.

This is done by:

  • Collecting and processing observables from a wide array of different sources (MISP instances, malware trackers, XML feeds, JSON feeds...)
  • Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
  • Export the data in user-defined formats so that they can be ingested by third-party applications (think blocklists, SIEM).

Installation

There's are a few handy bootstrap scripts in /extras that you can use to install a production instance of Yeti.

If you're really in a hurry, you can curl | bash them.

$ curl https://raw.githubusercontent.com/yeti-platform/yeti/master/extras/ubuntu_bootstrap.sh | sudo /bin/bash

Please refer to the full documentation for more detailed steps.

Docker images

Yeti has a docker-compose script to get up and running even faster; this is useful for testing or even running production instances of Yeti should your infrastructure support it. Full instructions here, but in a nutshell:

$ git clone https://github.com/yeti-platform/yeti.git
$ cd yeti/extras/docker/dev
$ docker-compose up

Useful links

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].