tomchop

@tomchop@infosec.exchange
1.1K Followers
412 Following
120 Posts
Digital Forensics & Incident Response 
@ Google by day; threat intel and malware analysis by night. CertSG alumn. #BlueTeam #DFIR #CTI • Views are my own • he/him
Keybasehttps://tomchop.keybase.pub/mastodon.html
GitHubhttps://github.com/tomchop
Show threadtomchopDec 21, 2023
@hacktobeer Hahaha perfect, I'm pretty sure a lot of people will be in agreement. Maybe the discount should be capped?
Show threadtomchopDec 4, 2023
@benmontour no worries at all! Thanks for putting time into this. Sounds pretty cool, looking forward to what you’re coming up with!
Show threadtomchopDec 1, 2023
@benmontour Here's the link! https://github.com/yeti-platform/yeti/discussions/919
Documenting the data model · yeti-platform/yeti · Discussion #919

In a Mastodon thread, @benmontour asked: For the most part it looks like a simplified STIX with a few additions and tweaks. Is there documentation somewhere to help ensure normalization across thin...

GitHub
Show threadtomchopDec 1, 2023
@benmontour hey! That’s a very good point. We have some normalization requirements (like having “source” in context, which you’ve fixed- thanks for that :)) but other than that not really. Even the links between entities are a bit free form; the idea was to stay very flexible. I’d say let’s move this to a GitHub discussion to see where we’re lacking and what we can bring in.
Show threadtomchopNov 22, 2023
@benmontour sure thing! Thanks for bringing it up :)
Show threadtomchopNov 22, 2023
@benmontour hey, thanks a lot! This sounds like a bug indeed, you’re supposed to be able to do exactly that (attribute=blah). It’s probably because we do a 1:1 match and not really a substring search. Do you mind opening an issue in the repo so we can track it? https://github.com/yeti-platform/yeti/issues otherwise I’ll get to it tomorrow. Thanks!!
GitHub - yeti-platform/yeti: Your Everyday Threat Intelligence

Your Everyday Threat Intelligence. Contribute to yeti-platform/yeti development by creating an account on GitHub.

GitHub
Show threadtomchopNov 14, 2023

Please feel free to use (and tell us when you do! we love hearing about people's use-cases), file lots of bugs, and feel free to contribute: guides, documentation, even cool screenshots, everything is welcome.

We are looking forward to integrating formats such as https://dfiq.org, shipping tighter integrations with DFIR platform tools like
@TimesketchProj,
@TurbiniaProj and CTI platforms like @MISPProject
(and hopefully many more!)

Home - DFIQ (Digital Forensics Investigative Questions)

Show threadtomchopNov 14, 2023
139 commits to the frontend SPA
Show threadtomchopNov 14, 2023
The changes in the codebase have been massive (remember, it's only 2 people working on this): 480 commits to the API server
Show threadtomchopNov 14, 2023
This version marks the start of a focus shift away from classic CTI and towards a platform for DFIR teams wishing to integrate CTI in their pipelines for incident response, threat hunting, and detection, and to be able to collate "forensics intelligence" to share with other teams.
×
Show threadtomchopNov 14, 2023
The changes in the codebase have been massive (remember, it's only 2 people working on this): 480 commits to the API server
Show threadtomchopNov 14, 2023
139 commits to the frontend SPA
Show threadtomchopNov 14, 2023

Please feel free to use (and tell us when you do! we love hearing about people's use-cases), file lots of bugs, and feel free to contribute: guides, documentation, even cool screenshots, everything is welcome.

We are looking forward to integrating formats such as https://dfiq.org, shipping tighter integrations with DFIR platform tools like
@TimesketchProj,
@TurbiniaProj and CTI platforms like @MISPProject
(and hopefully many more!)

Home - DFIQ (Digital Forensics Investigative Questions)

Show threadBen Montour Nov 22, 2023
@tomchop absolutely loving exploring Yeti so far. I did have a question though. Not sure if it's a bug or I'm missing the syntax. I added the new CISA KEV feed from the latest version, but I can't seem to figure out how to search against the Title field for those entities that it creates. I can search by the name which is the CVE ID, and Severity seems to work as well, just not title=Something.
Show threadtomchopNov 22, 2023
@benmontour hey, thanks a lot! This sounds like a bug indeed, you’re supposed to be able to do exactly that (attribute=blah). It’s probably because we do a 1:1 match and not really a substring search. Do you mind opening an issue in the repo so we can track it? https://github.com/yeti-platform/yeti/issues otherwise I’ll get to it tomorrow. Thanks!!
GitHub - yeti-platform/yeti: Your Everyday Threat Intelligence

Your Everyday Threat Intelligence. Contribute to yeti-platform/yeti development by creating an account on GitHub.

GitHub
Show threadBen Montour Nov 22, 2023
@tomchop Will do. Wasn't sure if it was just me being dumb or not. Thanks for the reply!
Show threadtomchopNov 22, 2023
@benmontour sure thing! Thanks for bringing it up :)
Show threadBen Montour Nov 23, 2023
@tomchop thank you for the amazingly quick fix!