Yeti is all about organizing observables, indicators of compromise, TTPs, and knowledge on threat actors in a single, unified repository.

Integration with LogicHub

Connecting with YETI

To connect to YETI following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server Name or Hostname for YETI: Enter Server IP or Hostname where YETI is installed and running.
  • Port Number for YETI: Enter Port Number for YETI instance.
  • User: Username for YETI.
  • Password: Password for YETI.

Actions with YETI

Lookup URL

Look up given URL or IP or File Hash in Yeti for the existence of malware.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Column Name to Pull IP or URL or File Hash from Parent Table: Column name to pull IP or URL or File Hash from the parent table.

Output of Action:
JSON containing the following items:

  • result: Analyzes the IP
   "result": "No result available as value of input is empty"

Did this page help you?