Yeti is a platform meant to organize observables, IOCs, TTPs, and knowledge on threats in a single, unified repository.
One of the main features of Yeti is that allows you to submit observables and get a pretty good guess on the nature of the threat.
This Splunk add-on was born out of my frustration of always switching to the YETI platform to search for shady domains and tie them to a malware/threat family. I had the need to stay focused on that incident investigation (using SPL query language) without actually leaving the Search IDE! So, I thought "why don't you ask Yeti?"
You just need to configure it within the App Manager and select Set up
Search for observables "| askyeti [whatever.or.part.of.a.name]"
| askyeti microsoft
Add an observable (Could be IP, domain/url or HASH) "| add2yeti [IP/HASH/DOMAIN/URL] [TAG]"
| add2yeti my.own.finding virus
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.