Can't copy api key

[ermurenz]

Hi,
I'm having this problem following the installation of Yeti.
I installed the docker's version without problems. Literally with the Default parameters.
I was able to enable the feeds and create users but when I try to create the api key, I find myself in this situation like in the image, and I can't click!
I tried with all existing browsers without success.
I tried with keyboard too (tab and enter) with no avail.

Has this happened to anyone?
I hope to find a solution.
Thanks in advance.

Emanuele

[tomchop]

Hmmm that's strange. I just tried this on my setup and the button works (the popup disappears but the key gets copied to your clipboard, with a message underneath). Can you try clicking on the button and then pasting the contents of your clipboard somewhere else?

[ermurenz]

hi @tomchop
thank you for the response.Yes we tried everything.
At the end, the only way to obtain api key was done from the command line with the “create-user” switch.
With that we are in fact able to obtain the access_token with from command line with curl.
So finally no network or authentication problem. Unfortunately (we are trying to integrate yeti with wazuh), the problem now is that we are obtaining only "method not allowed 404"
Seems we can’t to make this integration work.damn!
We'd like to test the platform with Postman too, but not an expert here.
if there was someone kind enough to tell us how to do a GET to do a search test it would be great.
We were able to do a POST on /api/v2/tasks/search with body "{"type": "feed", "page": 0, "count": 200}"

So we managed to get "access_token" and authenticate ourselves on postman, but if we try a GET on "/api/v2/observables/" we receive "method not allowed".
Maybe we are filling the "body" field bad.
Basically we would like to try to search for a certain ip address that is surely present among the observables.
Just to make sure the platform responds correctly.
At the moment we do not know if the problem is in the Wazuh integration or in the Yeti platform itself.
I apologize for my poor English and for some confusion.
Anyway, thank you in advance.

[tomchop]

So yes, you're probably crafting your HTTP request wrong. Have a look at the /docs URL under your yeti server (e.g. http://localhost:3000/docs) as it contains a swagger interface that you can use to see what requests are supposed to look like.

For example, to check if an observable is present in the DB, it's not GET but POST

eg POST to http://localhost:3000/api/v2/observables/search with

Will give

[ermurenz]

Hi @tomchop
you save my day.I hadn't dug deep enough to find out that there was a /docs url
It's a goldmine of information.
Not without difficulty I finally managed to execute a super simple "POST" (I can't believe I was trying a GET) with a body like this:
{"page": 0, "count": 10, "query":{ "value" : "xxx.xxx.xxx.xxx"}}
Of course with ipv4 I used an ip that I got from yeti observables.
The post worked.

At this point, it seems that the problem lies in the integration of wazuh (the python script cited here )
damn! it was a promising integration.
But I won't give up.

Anyway, thank you so much for your support! i really appreciate

[tomchop]

Glad I could help! I had a quick look at the code in the Wazuh blogpost, and they're not querying Yeti in the most efficient way, to say the least.

They seem to be wanting to list all observables using GET (like you had done); except like you realized the endpoint doesn't exist. Then, in the list of observables, they look for one matching the MD5 hash.

It would be much more efficient to query the Yeti API using the /search endpoint and providing the MD5 has (or any other observable value) directly, like in the example I sent you. Then I suppose the rest of the integration can almost be used as-is.