Primary Use Case

Yeti is designed for CTI analysts and DFIR teams to efficiently search, correlate, and analyze threat intelligence and forensic artifacts. It helps answer questions like where an artifact has been seen before and provides a backend for DFIR queries, making it ideal for incident response and threat hunting workflows.

Key Features

Bulk search of observables to identify threat nature and system locations

Focus on specific threats to list related TTPs, malware, and DFIR artifacts

Storage of technical and tactical CTI including observables, TTPs, and campaigns

Backend support for DFIR queries including Yara signatures, Sigma rules, and DFIQ

Web API for automation of queries and enrichment

Export data in user-defined formats for integration with SIEM and DFIR platforms

Easy incorporation of custom data sources, analytics, and logic

Insights & Recommendations

Yeti is primarily a backend platform with a web API and web interface; users should refer to the official documentation for detailed setup and integration instructions. It is best used in environments where CTI and DFIR workflows intersect, and users should consider integrating it with existing SIEM and incident management tools.

Smart Usage Notes

Integrate Yeti with SIEM platforms to automate enrichment and correlation of threat intelligence for faster incident detection.Leverage the web API to build custom automation workflows for incident response and threat hunting teams.Use Yeti’s capability to incorporate custom data sources and analytics to tailor threat intelligence to your organizational environment.Employ Yeti as a central repository for CTI and DFIR artifacts to improve collaboration between CTI analysts and DFIR responders.Combine Yeti with Sigma and Yara rules to enhance detection capabilities and automate forensic investigations.

OpenSec Atlas

yeti

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like