Security Incidents mailing list archives

RE: Incident Response Database

From: "Chris Krough" <ckrough () vet upenn edu>
Date: Thu, 18 Mar 2004 13:59:40 -0500

 

We use Cerberus. It's a very nice system.

www.cerberusweb.com


-----Original Message-----
From: Jason M. Leonard [mailto:fuzz () ldc upenn edu] 
Sent: Thursday, March 18, 2004 11:18 AM
To: Valdis.Kletnieks () vt edu
Cc: Jason May; incidents () securityfocus com
Subject: Re: Incident Response Database 


On Thu, 18 Mar 2004 Valdis.Kletnieks () vt edu wrote:

On Wed, 17 Mar 2004 13:08:32 PST, Jason May <jaymay75 () yahoo com>  said:

Does anyone have any suggestions on a good Incident Response 
tracking database for tracking Incidents.  We were looking at the 
CIRDB from Purdue, but I just wanted to know if there was anything 
else out there.


We've never encountered any sort of tracking that we couldn't do well 
with Remedy.  Two caveats:

1) It's pricey.
2) Remedy's strength is its customization.  That's also it's weakness.
We're lucky enough to have several people on staff who know Remedy's 
innards really well.

We already use it for our main help desk and network problem ticket 
system for a rather large network, so incident response isn't a big 
reach.  If you aren't already using it in your shop, installing it 
just for incident response would probably be overkill...


We use RT (Request Tracker) for our help desk and trouble ticket system.
It works great for all sorts of tracking and it's pretty handy for managing
non-human email accounts, as well.  Plus it's free.

http://www.bestpractical.com/rt/


:Fuzz

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with
Astaro Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost
of ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

Current thread:

Incident Response Database Jason May (Mar 17)
- Re: Incident Response Database Jordan Wiens (Mar 17)
- Re: Incident Response Database Valdis . Kletnieks (Mar 18)
  - Re: Incident Response Database Jason M. Leonard (Mar 18)
    - RE: Incident Response Database Chris Krough (Mar 18)
    - Re: Incident Response Database Russell Fulton (Mar 18)
    - Re: Incident Response Database John Green (Mar 18)
    - Re: Incident Response Database Lionel Ferette (Mar 18)
    - Re: Incident Response Database Sebastian Jaenicke (Mar 18)
- iptables/netfilter logs viewer/analyzer Sabyasachi Chakrabarty (Mar 22)
  - Re: iptables/netfilter logs viewer/analyzer Tony Carter (Mar 22)
  - Re: iptables/netfilter logs viewer/analyzer Byron Sonne (Mar 23)
- <Possible follow-ups>
- Re: Incident Response Database wozz (Mar 18)