Educause Security Discussion mailing list archives
Re: incident response tracking software
From: "Beyer, Justin R" <JBEYER () WCUPA EDU>
Date: Tue, 2 Oct 2018 18:50:20 +0000
Hi Bryan, I've had good experience with Request Tracker (RT) with/without the Incident Response Module add in (RTIR) from Best Practical Solutions. It's FOSS and is a pretty basic email based ticketing system that lives off of Linux and Perl. You can do some fun automation with it but you will need to Script-Kiddie some Perl at a minimum. They also just added a REST module to give it an API but I haven't played with it too much. I will say, though, that RTIR can be somewhat overkill if you use it the right way when it comes to small incidents, like a single account compromise that leads to spam email being sent or a single endpoint with malicious activity, since you end up creating an Incident Report, an Incident, at least one investigation, and at least one countermeasure. I also played a bit with Hive but ended up not really seeing too much benefit since we didn't want to move our data directly into it especially since we were happy with our current Log Management/SIEM solution. Thanks, Justin RT Link: https://bestpractical.com/request-tracker/ Justin Beyer Information Security Analyst Information Services & Technology West Chester University of Pennsylvania P: 610-436-2844 | JBeyer () wcupa edu PGP Key: BF3A643DD48A66CF603A4DA630EA4F8119D7B674<https://pgp.mit.edu/pks/lookup?op=get&search=0x30EA4F8119D7B674> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ford, Bryan Sent: Tuesday, October 2, 2018 2:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] incident response tracking software Anyone using any Incident tracking software that you would recommend ? We are in the process of creating a Security Operation Center and are looking at any incident response tracking software. Kind of curious on what works well, how simple and doesn't work. Any insight would be appreciated. Thanks Bryan Bryan Ford Information Security NORTH DAKOTA University System Core Technology Services 4349 James Ray Drive Grand Forks, ND 58203 701.777.6484 (o) cts.ndus.edu
Current thread:
- incident response tracking software Ford, Bryan (Oct 02)
- Re: incident response tracking software Baillio, Aaron (Oct 02)
- Re: incident response tracking software Andrew Weisskopf (Oct 02)
- Re: incident response tracking software STURGIS, JOHN (Oct 02)
- Re: incident response tracking software Beyer, Justin R (Oct 02)