YETI Analytics Plugin for SecurityTrails
Reading time: 2 minutesWe've written about past integrations with our powerful API before, most recently about our latest R language integration.
Today we're excited to show you a new SecurityTrails API integration. This time it's one written by Manabu Niseki, and it's specifically a plugin for the YETI platform.
But before jumping into the plugin information let's explore what YETI is, in case you're not familiar with it.
What is YETI?
YETI stands for Your Everyday Threat Intelligence. This platform was created with a single goal in mind: to help incident responders organize reconnaissance data, TTPs, indicators of compromise, etc., in one single centralized repository.
YETI aims to be your open, distributed, machine and analyst-friendly infosec platform, making threat intelligence management quick, efficient and easy.
This software offers two interfaces to interact with: one with a friendly web-based interface, and another one that allows automatic integrations with programming languages (API).
In summary, YETI allows you to submit observables and guess about the nature of the submitted threat. Apart from that, it can also help you list TTPs, observables and malware, as well as create relationship graphs between the reported threats.
Other cool features include the ability to organize indicators of compromise, and boost observables by performing automated domain resolution, IP geolocation and more.
How can I install the SecurityTrails YETI Analytics plugin?
Installing this plugin is pretty easy (it only requires you to have YETI installed), all you need is to run two simple commands as root:
git clone https://github.com/ninoseki/yeti-securitytrails
ln -s ./yeti-securitytrails/securitytrails.py /opt/yeti/plugins/analytics/private/
In order to access the plugin from YETI, follow these steps:
- Login to your Yeti web-based interface at
http://localhost:50000 - Once you are there, click on Settings, and then on Analytics.
- From there you will see the list of options provided by the SecurityTrails YETI analytics plugin
Remember, these are the supported API endpoints for this particular integration:
And that's it! Now you can start using the new analytics plugin to query our powerful API interface, for any of your infosec investigations.
Here's example of the results obtained by interacting with our API, using this plugin:
Every day, more and more developers are integrating their tools and apps with our threat intelligence platform.
What about you? Are you a developer working on infosec tools? Start integrating our intelligence API with your apps — open your free account today.
Or go even further: book a SurfaceBrowser™ demo with our sales team to learn how you can boost your threat intelligence and passive reconnaissance tasks.
