Open rraj1996 opened 5 years ago
threathive
commented
5 years ago The examples in the read me all work. Is there something more you are looking for as far as examples ? There is also documentation here that might help https://yeti-platform.readthedocs.io/en/latest/api.html
tomchop
commented
5 years ago Yup @rraj1996 please let us know what you're trying to achieve specifically - I'm happy to add examples for these in the documentation if the ones already there aren't enough.
rraj1996
commented
5 years ago First of all I would like to thank you guyz for replying on my post.
What is Yeti according to me?
According to my information gathering Yeti is a central TI source which stores in it TI feeds from different TI source so that managing of feeds and integration with different softwares would be easier.
What I want from yeti?
I want list of all Malicious IP's and Malicious url stored in Yeti's db.For more clarification I want to pull data from all the dataflows shown in the image.
What is the better way to get this data?Making API call would be better or pulling data from mongo would be better?
Please provide solution with an example.
threathive
commented
5 years ago Well you can use the API to lookup data about a specific domain or IP. If you want to just dump raw lists of domains or really anything you could do this via an export in the exports tab you have in your screen shot. An example of this can be found in the documentation as well: https://yeti-platform.readthedocs.io/en/latest/use-cases.html#creating-a-blocklist. A really broad rule to get a CSV formatted export would be to do something like this.. go create a new template :
value,created
{%for obs in elements%}{{obs.value}},{{obs.created}}
{%endfor%}Then you create a new export with that template. In this case I am dumping all active urls in the system. You could do the same for IP type as well. However it will continue to get huge so keep that in mind. It is much better to filter down the results by apply filters on the export including tags or exclusion rules.
You end up with something like this in the end.
value,created
hxxps:/\/\onedrive.live.com/\redir?resid=355EB95EAF7742D3!105&authkey=!AOQhGMd2qywxpQM&ithint=file.xlsx&page=survey&wdFormId={B5E4E918-EA8D-4706-8725-8891137E4374},2019-04-22 21:42:56.209000The export will run on a normal frequency and updates the output each time. So you can download this either via the api ( see the documentation ) or even a simple curl request would work as the links are static. Hopefully that gets you started.
tomchop
commented
5 years ago Like @threathive said, there are many ways to extract data from a running Yeti instance, and exports is one of them. You can also use
/api/observablesearch/ endpoint for this; a simple HTTP request with the appropriate parameters will do (you can use curl, wget, httpie...). The JSON object you need to pass in the POST body is described in the documentation.rraj1996
commented
5 years ago Thanks:)
Can anyone share a working example of yeti api that pulls data from Yeti.
I don't know what arguments to be where can i find them in my local hosted yeti.
Sharing Screenshots would be more helpful.