Educause Security Discussion mailing list archives
Re: incident response tracking software
From: "STURGIS, JOHN" <JSTURGIS () MAILBOX SC EDU>
Date: Tue, 2 Oct 2018 18:51:39 +0000
Hi Bryan! At UofSC, our Incident Handlers have been happy with TheHive<https://thehive-project.org/>. However, since you have the opportunity to start from scratch, I highly recommend building in elements to analyze incident trends outside of the response process. We favor VERIS<http://veriscommunity.net/howto.html> since it allows us to cross-reference our incidents with Verizon’s Data Breach Investigations Report<https://www.verizonenterprise.com/verizon-insights-lab/dbir/> as well as the VCDB<https://github.com/vz-risk/VCDB> (a VERIS-formatted repository of publicly-reported breaches). John P. Sturgis - Security Program Consultant University Information Security Office University of South Carolina 1300 Pickens St, 266A Columbia, SC 29208 803.777.1265 sturgis () sc edu<mailto:sturgis () sc edu> On Oct 2, 2018, at 2:39 PM, Ford, Bryan <bryan.ford () NDUS EDU<mailto:bryan.ford () NDUS EDU>> wrote: Anyone using any Incident tracking software that you would recommend ? We are in the process of creating a Security Operation Center and are looking at any incident response tracking software. Kind of curious on what works well, how simple and doesn’t work. Any insight would be appreciated. Thanks Bryan Bryan Ford Information Security NORTH DAKOTA University System Core Technology Services 4349 James Ray Drive Grand Forks, ND 58203 701.777.6484<tel:701.777.6484> (o) cts.ndus.edu<http://cts.ndus.edu/>
Current thread:
- incident response tracking software Ford, Bryan (Oct 02)
- Re: incident response tracking software Baillio, Aaron (Oct 02)
- Re: incident response tracking software Andrew Weisskopf (Oct 02)
- Re: incident response tracking software STURGIS, JOHN (Oct 02)
- Re: incident response tracking software Beyer, Justin R (Oct 02)