Question 1

How to install Yeti on a local server?

Accepted Answer

Yeti can be deployed using Docker or manual installation; refer to the official documentation for specific steps. It typically requires setting up a backend like PostgreSQL and a web server, so ensure you have administrative access and basic sysadmin skills. Start with the provided guides to configure data sources and APIs.

Question 2

Yeti vs MISP for threat intelligence?

Accepted Answer

Yeti is better for deep DFIR integration and forensic workflows, while MISP excels at threat intelligence sharing and collaboration. Yeti offers more automation APIs and custom data handling, but MISP has a larger community for indicator exchange. Choose based on whether you need forensic analysis or broad intelligence dissemination.

Question 3

Can Yeti integrate with Splunk or Elastic?

Accepted Answer

Yes, Yeti supports flexible data export in user-defined formats, allowing ingestion into SIEMs like Splunk or Elastic Stack. Use the automation API or export features to push threat intelligence data, but you may need to write custom connectors for seamless integration.

Question 4

What are the system requirements for Yeti?

Accepted Answer

Yeti requires a server with sufficient RAM and storage for threat intelligence databases, typically running Linux. It depends on web frameworks and databases like PostgreSQL, so check the documentation for specific versions and hardware recommendations based on your data volume.

Question 5

How to add custom data sources to Yeti?

Accepted Answer

Incorporate internal data by using Yeti's custom integration features, which involve writing scripts or plugins to feed data into the platform. The README mentions easy incorporation, but it requires programming knowledge to handle APIs and data formats effectively.

Question 6

Is Yeti suitable for small teams?

Accepted Answer

Yeti can be used by small teams, but its complexity and focus on DFIR/CTI might overwhelm those without dedicated security roles. It's better for teams with recurring intelligence needs and resources for setup and maintenance, rather than occasional use.

YETI

What is YETI?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions