0

yeti

Your Everyday Threat Intelligence

官方网站
Github 资源库
主要指标

Github星跟踪图

Yeti - Your everyday threat intelligence

What is Yeti?

Yeti is a platform meant to organize observables, indicators of compromise,
TTPs, and knowledge on threats in a single, unified repository. Yeti will also
automatically enrich observables (e.g. resolve domains, geolocate IPs) so that
you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based
UI) and one for machines (web API) so that your other tools can talk nicely to
it.

Yeti was born out of frustration of having to answer the question "where have
I seen this artifact before?" or Googling shady domains to tie them to a
malware family.

In a nutshell, Yeti allows you to:

  • Submit observables and get a pretty good guess on the nature of the threat.
  • Inversely, focus on a threat and quickly list all TTPs, Observables, and
    associated malware.
  • Let responders skip the "Google the artifact" stage of incident response.
  • Let analysts focus on adding intelligence rather than worrying about
    machine-readable export formats.
  • Visualize relationship graphs between different threats.

This is done by:

  • Collecting and processing observables from a wide array of different sources
    (MISP instances, malware trackers, XML feeds, JSON feeds...)
  • Providing a web API to automate queries (think incident management platform)
    and enrichment (think malware sandbox).
  • Export the data in user-defined formats so that they can be ingested by
    third-party applications (think blocklists, SIEM).

Installation

There's are a few handy bootstrap scripts in /extras that you can use to install a production instance of Yeti.

If you're really in a hurry, you can curl, bash them.

$ curl https://raw.githubusercontent.com/yeti-platform/yeti/master/extras/ubuntu_bootstrap.sh, sudo /bin/bash

Please refer to the full documentation for more detailed steps.

Docker images

Yeti has a docker-compose script to get up and running even faster; this is useful for testing or even running production instances of Yeti should your infrastructure support it. Full instructions here, but in a nutshell:

$ git clone https://github.com/yeti-platform/yeti.git
$ cd yeti/extras/docker
$ docker-compose up

主要指标

概览
名称与所有者yeti-platform/yeti
主编程语言Python
编程语言Python (语言数: 3)
平台
许可证Apache License 2.0
所有者活动
创建于2015-12-13 16:54:26
推送于2025-08-18 09:04:19
最后一次提交
发布数46
最新版本名称2.5.0 (发布于 )
第一版名称1.0.0 (发布于 )
用户参与
星数1.9k
关注者数103
派生数308
提交数3.4k
已启用问题?
问题数601
打开的问题数34
拉请求数548
打开的拉请求数5
关闭的拉请求数86
项目设置
已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?