Yeti: Open, distributed, threat intelligence repository
Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort.
With its user-friendly interface built on Bootstrap and a machine-friendly web API, Yeti ensures smooth interaction for both individuals and integrated tools.
Yeti allows you to:
- Submit observables and estimate the nature of the threat.
- Focus on a threat and quickly list all TTPs, observables, and associated malware.
- Let responders skip the “Google the artifact” stage of incident response.
- Let analysts focus on adding intelligence rather than worrying about machine-readable export formats.
- Visualize relationship graphs between different threats.
This is done by:
- Collecting and processing observables from various sources (MISP instances, malware trackers, XML feeds, JSON feeds).
- Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
- Export the data in user-defined formats so that they can be ingested by third-party applications (think blocklists, SIEM).
Yeti is available for free on GitHub.
More open-source tools to consider:
- Mosint: Open-source automated email OSINT tool
- AWS Kill Switch: Open-source incident response tool
- PolarDNS: Open-source DNS server tailored for security evaluations
- k0smotron: Open-source Kubernetes cluster management
- Kubescape 3.0 elevates open-source Kubernetes security
- Logging Made Easy: Free log management solution from CISA
- GOAD: Vulnerable Active Directory environment for practicing attack techniques
- Wazuh: Free and open-source XDR and SIEM
- BinDiff: Open-source comparison tool for binary files
- LLM Guard: Open-source toolkit for securing Large Language Models
- Velociraptor: Open-source digital forensics and incident response