Pull data from YETI about pyeti HOT 6 OPEN

The examples in the read me all work. Is there something more you are looking for as far as examples ? There is also documentation here that might help https://yeti-platform.readthedocs.io/en/latest/api.html

from pyeti.

Yup @rraj1996 please let us know what you're trying to achieve specifically - I'm happy to add examples for these in the documentation if the ones already there aren't enough.

from pyeti.

First of all I would like to thank you guyz for replying on my post.

What is Yeti according to me?

According to my information gathering Yeti is a central TI source which stores in it TI feeds from different TI source so that managing of feeds and integration with different softwares would be easier.

What I want from yeti?

I want list of all Malicious IP's and Malicious url stored in Yeti's db.For more clarification I want to pull data from all the dataflows shown in the image.

What is the better way to get this data?Making API call would be better or pulling data from mongo would be better?

Please provide solution with an example.

from pyeti.

Well you can use the API to lookup data about a specific domain or IP. If you want to just dump raw lists of domains or really anything you could do this via an export in the exports tab you have in your screen shot. An example of this can be found in the documentation as well: https://yeti-platform.readthedocs.io/en/latest/use-cases.html#creating-a-blocklist. A really broad rule to get a CSV formatted export would be to do something like this.. go create a new template :

value,created
{%for obs in elements%}{{obs.value}},{{obs.created}}
{%endfor%}

Then you create a new export with that template. In this case I am dumping all active urls in the system. You could do the same for IP type as well. However it will continue to get huge so keep that in mind. It is much better to filter down the results by apply filters on the export including tags or exclusion rules.

You end up with something like this in the end.

value,created
hxxps:/\/\onedrive.live.com/\redir?resid=355EB95EAF7742D3!105&authkey=!AOQhGMd2qywxpQM&ithint=file.xlsx&page=survey&wdFormId={B5E4E918-EA8D-4706-8725-8891137E4374},2019-04-22 21:42:56.209000

The export will run on a normal frequency and updates the output each time. So you can download this either via the api ( see the documentation ) or even a simple curl request would work as the links are static. Hopefully that gets you started.

from pyeti.

Like @threathive said, there are many ways to extract data from a running Yeti instance, and exports is one of them. You can also use

• the REST API and the /api/observablesearch/ endpoint for this; a simple HTTP request with the appropriate parameters will do (you can use curl, wget, httpie...). The JSON object you need to pass in the POST body is described in the documentation.
• The Python API (pyeti), which is basically a python wrapper around the REST API. See this example.

from pyeti.

Thanks:)

from pyeti.