Educause Security Discussion mailing list archives

Re: incident response tracking software

From: "STURGIS, JOHN" <JSTURGIS () MAILBOX SC EDU>
Date: Tue, 2 Oct 2018 18:51:39 +0000

Hi Bryan!

At UofSC, our Incident Handlers have been happy with TheHive<https://thehive-project.org/>.

However, since you have the opportunity to start from scratch, I highly recommend building in elements to analyze 
incident trends outside of the response process. We favor VERIS<http://veriscommunity.net/howto.html> since it allows 
us to cross-reference our incidents with Verizon’s Data Breach Investigations 
Report<https://www.verizonenterprise.com/verizon-insights-lab/dbir/> as well as the 
VCDB<https://github.com/vz-risk/VCDB> (a VERIS-formatted repository of publicly-reported breaches).

John P. Sturgis - Security Program Consultant

University Information Security Office
University of South Carolina
1300 Pickens St, 266A
Columbia, SC 29208
803.777.1265
sturgis () sc edu<mailto:sturgis () sc edu>

On Oct 2, 2018, at 2:39 PM, Ford, Bryan <bryan.ford () NDUS EDU<mailto:bryan.ford () NDUS EDU>> wrote:

Anyone using any Incident tracking software that you would recommend ?
We are in the process of creating a Security Operation Center and are looking at any incident response tracking 
software.  Kind of curious on what works well, how simple and doesn’t work.
Any insight would be appreciated.

Thanks
Bryan

Bryan Ford
Information Security
NORTH DAKOTA
University System
Core Technology Services
4349 James Ray Drive
Grand Forks, ND 58203
   701.777.6484<tel:701.777.6484> (o)
   cts.ndus.edu<http://cts.ndus.edu/>

Current thread:

incident response tracking software Ford, Bryan (Oct 02)
- Re: incident response tracking software Baillio, Aaron (Oct 02)
- Re: incident response tracking software Andrew Weisskopf (Oct 02)
- Re: incident response tracking software STURGIS, JOHN (Oct 02)
- Re: incident response tracking software Beyer, Justin R (Oct 02)