IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.
Request Tracker for Incident Response (RTIR) builds on all the features of RT and provides pre-configured queues and workflows designed for incident response.
NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.
Use Elastic to search, monitor, analyze and visualize machine data.
Pakiti provides a monitoring and notification mechanism to check the patching status of systems.
More tools will be added soon!
In this PDF you'll explore and "play" with a collection of CERT's daily used opensource tools for handling security incidents. (A live image will be provided where tools like RTIR,IntelMQ, NFsen and Pakiti are included)
|Credentials needed to log into the virtual machine:|
When login open Mozilla Firefox and enjoy with local tools through browser bookmarks!