Security Incidents mailing list archives

Re: Incident Response Database

From: <wozz () 0xdeadbeef org>
Date: Thu, 18 Mar 2004 14:50:02 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RT for Incident Reponse

http://www.bestpractical.com/rtir/

I used RT a few years back to manage a security/abuse mailbox for a nationwide
broadband ISP.  It worked well enough for what it was, but I wish RTIR
had been around back then.  Everything we found missing in RT has been
addressed in RTIR.

On Thu, 18 Mar 2004 12:32:24 -0800 Russell Fulton <r.fulton () auckland ac nz>
wrote:

On Fri, 2004-03-19 at 05:18, Jason M. Leonard wrote:


We use RT (Request Tracker) for our help desk and trouble ticket

system.

It works great for all sorts of tracking and it's pretty handy

for

managing non-human email accounts, as well.  Plus it's free.

http://www.bestpractical.com/rt/


At the 2003 FIRST meeting someone described extensions to RT for
dealing
with security incidents, including being smart abou IP addresses
etc
(automatically make IPs and dn links that take you to whois info),
the
ability to link large numbers of calls to a particular incident
so they
can all be closed together and other stuff.

I seem to remember they called the extended version IRT.  Dam! I
can't
find the article in the proceedings.  From memory work was done
by Best
Practice and commissioned by DFN CERT, the intention was to release
code
under the same terms as RT.

--
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!



----------------------------------------------------------------
-----------
Free 30-day trial: firewall with virus/spam protection, URL filtering,

VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks
with Astaro
Security Linux, the comprehensive security solution that combines
six
applications in one software solution for ease of use and lower
total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------
------------

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkBaJ5oACgkQ1vK8vFo3sjz6hACgnH8p8OdPCyMiJV52Y3kEjtoPxfwA
oJ8v6WfjYh2khlopVBAWEGNB1JDG
=owkR
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

Current thread:

Re: Incident Response Database, (continued)
- Re: Incident Response Database Valdis . Kletnieks (Mar 18)
  - Re: Incident Response Database Jason M. Leonard (Mar 18)
    - RE: Incident Response Database Chris Krough (Mar 18)
    - Re: Incident Response Database Russell Fulton (Mar 18)
    - Re: Incident Response Database John Green (Mar 18)
    - Re: Incident Response Database Lionel Ferette (Mar 18)
    - Re: Incident Response Database Sebastian Jaenicke (Mar 18)
- iptables/netfilter logs viewer/analyzer Sabyasachi Chakrabarty (Mar 22)
  - Re: iptables/netfilter logs viewer/analyzer Tony Carter (Mar 22)
  - Re: iptables/netfilter logs viewer/analyzer Byron Sonne (Mar 23)
- Re: Incident Response Database wozz (Mar 18)