Security Incidents mailing list archives
Re: CERT Software
From: Lionel Ferette <lionel.ferette () belnet be>
Date: Wed, 17 Nov 2004 07:37:22 +0100
Hello, In the wise words of Brian Peister, on Tuesday 16 November 2004 21:27:
Does anyone know of or has used CERT (Computer Emergency Response Team) software? I reviewed Guidance software's Encase Enterprise product, and it's mostly focused on the forensics aspect of indecent handling. I'm looking for a software product that stream-lines the Computer security incident handling process (Similar to SANS 6 phases of incident handling)
I guess you'll hear a few words about Remedy (http://www.remedy.com/) or RT/IR (http://www.bestpractical.com/rtir/). They are not specifically mapped on the SANS 6 phases, but they do the job. At BELNET CERT we use RT/IR, which has the advantage (for us) of being open-source, and thus allows us to tune it where needed. The handling process is the following: Incident Report(s) -> Incident -> Investigation(s) -> Firewall-level blocks (if needed) Don't misunderstand the 'firewall-level blocks' part: RT/IR does not interface with your firewall, but allows you to keep track of what is blocked at what level, and why (thanks to the links to the incidents). Best regards, Lionel -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin Lionel Ferette BELNET CERT Coordinator Tel: +32 2 7903385 http://cert.belnet.be/ Fax: +33 2 7903375 PGP Key Id: 0x5662FD4B
Attachment:
_bin
Description:
Current thread:
- CERT Software Brian Peister (Nov 16)
- Re: CERT Software Lionel Ferette (Nov 17)
- Re: CERT Software John Kinsella (Nov 17)