Skip to content
This repository has been archived by the owner on May 11, 2019. It is now read-only.

YETI Quickstart

MarkDavidson edited this page Dec 9, 2014 · 30 revisions

All information on this page has been deprecated.

Please see YETI on readthedocs.org Note that the transition to ReadTheDocs is a work in progress. If you are able to find something of interest in the below links that isn't on yeti.readthedocs.org, send us a message at [email protected] and we'll update it shortly!


YETI Quickstart is a non-production deployment. This deployment method is the fastest way to get YETI running on a system.

Requirements

The following are required for YETI Quickstart to succeed:

To install these dependencies, we recommend using the pip utility (http://pypi.python.org/pypi/pip), which will download and install these libraries along with any of their dependencies:

$ pip install django libtaxii pyOpenSSL

NOTE 1: Windows users may not be able to install some dependencies (e.g., libxml2, pyOpenSSL, etc.) via pip due to compilation issues. Please refer to the dependency websites (linked above) for Windows executable installer options should pip fail.

NOTE 2: Python 2.6 is not officially supported but still may work. A known requirement of Python 2.6 (which is included in Python 2.7) is the argparse module, that can be downloaded here: https://pypi.python.org/pypi/argparse

Instructions

  1. Install dependencies listed above: $ pip install django libtaxii pyOpenSSL
  2. Download and extract the latest release of YETI: https://github.com/TAXIIProject/yeti/releases
  3. In a command shell, navigate to the YETI base directory (containing manage.py and the scripts directory) and start the server (Note: The script must be run from the base directory or it won't work)
    1. Windows: > scripts\quickstart.bat
    2. Unix: $ ./scripts/quickstart.sh

NOTE 1: The quickstart script will attempt to launch YETI on port 8080

NOTE 2: The quickstart script is intended for a "run-once" scenario and includes a command to populate the database. If you plan on running YETI this way and want to keep your data around, you may want to just use the runserver command (e.g., python manage.py runserver localhost:8080) every time you wish to start YETI.

If the quickstart script works, you should see output like this:

yeti>python manage.py syncdb
Creating tables ...
(Table creation output omitted for brevity)

You just installed Django's auth system, which means you don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'example'):
Email address: [email protected]
Password: NotARealPassword
Password (again): NotARealPassword
Superuser created successfully.
Installing custom SQL ...
Installing indexes ...
Installed 9 object(s) from 1 fixture(s)

yeti>python manage.py runserver localhost:8080
Validating models...

0 errors found
July 24, 2013 - 07:45:32
Django version 1.5.1, using settings 'yeti.settings'
Development server is running at http://localhost:8080/
Quit the server with CTRL-BREAK.

To verify that the server is running you should be able to open a browser and navigate to http://localhost:8080/ to view a welcome page or http://localhost:8080/admin/ to log into the administrator interface with the user you created during the quickstart script.

There are two important notes about the quickstart script:

  1. The script tells the server to listen on localhost:8080, which will not accept connections from remote machines. If you need to accept connections from remote machines, modify the quickstart script and replace localhost:8080 with 0.0.0.0:8080.
  2. If for any reason you ever want to delete the database (you forgot what user you created, forgot the password, etc), just delete the yeti\sqlite3.db file and re-run the quickstart script.

Interacting with YETI

The quickstart deployment comes with two scripts to push and pull content from YETI and creates a default Data Feed and Inbox for users to interact with.

Defaults

The quickstart deployment of YETI establishes a default Data Feed and Inbox for users to interact with. Both the default Data Feed and Inbox are named, "default". The default Inbox has been linked to the default Data Feed, meaning any data received by the default Inbox can be pulled from the default Data Feed.

Admin Interface

YETI superusers can view, delete, create, and/or modify YETI content, Data Feeds, Inboxes, users, binding ids, and other YETI data via the admin interface. Navigating a web browser to http://localhost:8080/admin will lead users to a login page where users will enter the username and password declared during the initial setup to enter this section. From here, users are free to modify all YETI data as they wish, including the ability to create new Inboxes and Data Feeds.

Scripts

YETI comes bundled with scripts that provide the following capabilities:

  1. To push STIX Content to YETI, use the inbox_client.py script. Run it by issuing this command: python scripts\inbox_client.py. The inbox_client script includes a default STIX document.
  2. To pull content from YETI, use the poll_client.py script. Run it by issuing this command: python scripts\poll_client.py.
  3. To discover services running on the YETI instance, use the discovery_client.py script. Run it by issuing this command: python scripts\discovery_client.py.

NOTE: By default, the poll and inbox scripts are configured to interact with the default YETI Data Feed and Inbox described above.

In order to see the content that is in the database, navigate to http://localhost:8080/admin/taxii_services/contentblock/.