Yeti: Open, distributed, threat intelligence repository


Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort.

With its user-friendly interface built on Bootstrap and a machine-friendly web API, Yeti ensures smooth interaction for both individuals and integrated tools.

Yeti allows you to:

  • Submit observables and estimate the nature of the threat.
  • Focus on a threat and quickly list all TTPs, observables, and associated malware.
  • Let responders skip the “Google the artifact” stage of incident response.
  • Let analysts focus on adding intelligence rather than worrying about machine-readable export formats.
  • Visualize relationship graphs between different threats.

This is done by:

  • Collecting and processing observables from various sources (MISP instances, malware trackers, XML feeds, JSON feeds).
  • Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
  • Export the data in user-defined formats so that they can be ingested by third-party applications (think blocklists, SIEM).

Yeti is available for free on GitHub.



Source link