Re: Incident Response Database

[Russell Fulton <r.fulton () auckland ac nz>]

On Fri, 2004-03-19 at 05:18, Jason M. Leonard wrote:

> We use RT (Request Tracker) for our help desk and trouble ticket system.
> It works great for all sorts of tracking and it's pretty handy for
> managing non-human email accounts, as well.  Plus it's free.
>
> http://www.bestpractical.com/rt/

At the 2003 FIRST meeting someone described extensions to RT for dealing
with security incidents, including being smart abou IP addresses etc
(automatically make IPs and dn links that take you to whois info), the
ability to link large numbers of calls to a particular incident so they
can all be closed together and other stuff.

I seem to remember they called the extended version IRT.  Dam! I can't
find the article in the proceedings.  From memory work was done by Best
Practice and commissioned by DFN CERT, the intention was to release code
under the same terms as RT.

-- 
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------