Your Security Response Toolkit
This site offers a proposed collection of tools in a plug&play live image to provide first steps to new incident handling teams. Information on this site reflects the experience of a number of European CSIRTs, with tools used and supported by active CSIRTs.
Start!

CSIRT TOOLS KIT

Computer Security Incident Response Teams (CSIRTs) are responsible for receiving and reviewing incident reports, and responding to them as appropriate. These services are normally performed for a defined constituency such as a corporation, institution, educational or government network, region or country, or a paid client. CSIRT services generally fall into three categories - reactive (e.g vulnerability alerts, incident handling); proactive (e.g. intrusion detection, auditing and information dissemination); and security quality management (e.g. risk analysis, disaster recovery planning, and education and training).




Incident handling information

IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.

Investigation Ticketing system

Request Tracker for Incident Response (RTIR) builds on all the features of RT and provides pre-configured queues and workflows designed for incident response.

Network forensics

NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.

Operational intelligence

Use Elastic to search, monitor, analyze and visualize machine data.

Vulnerability Assessment

Pakiti provides a monitoring and notification mechanism to check the patching status of systems.

Next tools in progress….

More tools will be added soon!

Download VirtualBox OVA

MD5sum:300e462b5b803b008b79bf457300188d

Credentials needed to log into the virtual machine:
User: csirt-kit
Pass: csirt-kit

Documentation

In this PDF you'll explore and "play" with a collection of CERT's daily used opensource tools for handling security incidents. (A live image will be provided where tools like RTIR,IntelMQ, NFsen and Pakiti are included)

Download it here!

Credentials needed to log into the virtual machine:
User: csirt-kit
Pass: csirt-kit

When login open Mozilla Firefox and enjoy with local tools through browser bookmarks!

Contact us


Published under the Apache License 2.0.