#68 Initial commit of the Yeti analyzer

analyzers/Yeti/Yeti.json

@@ -0,0 +1,15 @@
+{
+    "name": "Yeti",
+    "author": "CERT-BDF",
+    "license": "AGPL-V3",
+    "url": "https://github.com/CERT/cortex-analyzers",
+    "version": "1.0",
+    "baseConfig": "Yeti",
+    "config": {
+        "check_tlp": false,
+        "max_tlp": 3
+    },
+    "description": "Fetch observable details from a Yeti",
+    "dataTypeList": ["domain", "fqdn", "ip", "url", "hash"],
+    "command": "Yeti/yeti.py"
+}

analyzers/Yeti/requirements.txt

@@ -0,0 +1,2 @@
+cortexutils
+git+https://github.com/yeti-platform/pyeti

analyzers/Yeti/yeti.py

@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+import pyeti
+from cortexutils.analyzer import Analyzer
+
+
+class YetiAnalyzer(Analyzer):
+
+    def __init__(self):
+        Analyzer.__init__(self)
+        self.url = self.getParam('config.url', None, 'Missing URL for Yeti API')
+
+    def summary(self, raw):
+        count = len(raw.get('findings', []))
+        value = "\"{}\" item(s)".format(count)
+
+        result = {
+            "taxonomies": [{
+                "level": "info",
+                "namespace": "YETI",
+                "predicate": "Search",
+                "value": value
+            }]
+        }
+        return result
+
+    def run(self):
+        api = pyeti.YetiApi("{}/api/".format(self.url))
+        data = self.getData()
+
+        try:
+            result = api.observable_search(value=data)
+            self.report({
+                'findings': result
+            })
+        except:
+            self.error('An issue occurred while calling Yeyi API')
+
+if __name__ == '__main__':
+    YetiAnalyzer().run()