Yeti: Open, distributed, threat intelligence repository

Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort.

With its user-friendly interface built on Bootstrap and a machine-friendly web API, Yeti ensures smooth interaction for both individuals and integrated tools.

Yeti allows you to:

• Submit observables and estimate the nature of the threat.
• Focus on a threat and quickly list all TTPs, observables, and associated malware.
• Let responders skip the “Google the artifact” stage of incident response.
• Let analysts focus on adding intelligence rather than worrying about machine-readable export formats.
• Visualize relationship graphs between different threats.

This is done by:

• Collecting and processing observables from various sources (MISP instances, malware trackers, XML feeds, JSON feeds).
• Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
• Export the data in user-defined formats so that they can be ingested by third-party applications (think blocklists, SIEM).

Yeti is available for free on GitHub.

Must read: 15 open-source cybersecurity tools you’ll wish you’d known earlier

Must read:

• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time