MCPcopy
hub / github.com/yeti-platform/yeti

github.com/yeti-platform/yeti @2.5.1 sqlite

repository ↗ · DeepWiki ↗ · release 2.5.1 ↗
1,990 symbols 8,788 edges 302 files 442 documented · 22%
README

Yeti Platform

Yeti aims to bridge the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline for DFIR teams. It was born out of frustration of having to answer the question "where have I seen this artifact before?" or "how do I search for IOCs related to this threat (or all threats?) in my timeline?"

Documentation links:

What is Yeti?

In a nutshell, Yeti allows you to:

  • Bulk search observables and get a pretty good guess on the nature of the threat, and how to find it on a system.
  • Inversely, focus on a threat and quickly list all TTPs, malware, and related DFIR artifacts.
  • Let CTI analysts focus on adding intelligence rather than worrying about machine-readable export formats.
  • Incorporate your own data sources, analytics, and logic very easily.

This is done by:

  • Storing technical and tactical CTI (observables, TTPs, campagins, etc.) from internal or external systems.
  • Being a backend for DFIR-related queries: Yara signatures, Sigma rules, DFIQ.
  • Providing a web API to automate queries (think incident management platform) and enrichment (think malware sandbox).
  • Export the data in user-defined formats so that they can be ingested by third-party applications (SIEM, DFIR platforms).

Some screenshots

Core symbols most depended-on inside this repo

save
called by 624
core/schemas/dfiq.py
get
called by 269
core/config/config.py
get
called by 238
plugins/analytics/public/passive_total.py
tag
called by 232
core/schemas/model.py
add_context
called by 212
core/schemas/model.py
link_to
called by 190
core/interfaces.py
find
called by 148
core/schemas/template.py
register_task
called by 131
core/taskmanager.py

Shape

Method 1,166
Class 460
Function 221
Route 143

Languages

Python100%

Modules by API surface

tests/schemas/observable.py79 symbols
core/web/apiv2/observables.py45 symbols
core/database_arango.py40 symbols
contrib/feeds/proofpoint/proofpoint.py39 symbols
plugins/analytics/deprecated/onyphe.py36 symbols
tests/apiv2/observables.py35 symbols
core/web/apiv2/users.py34 symbols
tests/core_tests/tasks.py33 symbols
core/web/apiv2/indicators.py33 symbols
core/schemas/task.py33 symbols
tests/apiv2/graph.py30 symbols
core/web/apiv2/dfiq.py30 symbols

Dependencies from manifests, versioned

celery5.3.4 · 1×
fastapi0.115 · 1×
ivre0.9.13 · 1×
python-arango8.1.2 · 1×
uvicorn0.34 · 1×
validators0.34.0 · 1×

For agents

$ claude mcp add yeti \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact