Online Incident Response Management
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
Online Incident Response Management
by Brooks Garrett-2
::
Rate this Message:
I'm looking for a way to bring my Incident Response SOP's online to
better document and control our Incidents. Are you guys currently using any software for this purpose? I've looked at building a custom Sharepoint site and also evaluated doing a Wiki. I'm really curious to see what the rest of the industry is doing, so any input? -- Thanks! Brooks Garrett |
|
|
RE: Online Incident Response Management
by ddidier
::
Rate this Message:
Brooks,
This is a great topic / idea. I currently use the built in case-management feature of Cisco MARS. However, if there is an incident outside this system, it obviously isn't optimum for handling it. I could manually enter information and track it there, but it wouldn't have the ability to upload documents and such. I work with a number of organizations, and most of they simply keep a paper record, or some type of unorganized electronic documents (.doc or .pdf). I too am interested to see what others may have employed for this. I think a sharepoint / wiki site may be able to work well but I'm curious what other solutions are in use. Dan http://www.NetSecureIA.com > -----Original Message----- > From: listbounce@... [mailto:listbounce@...] > On Behalf Of Brooks Garrett > Sent: Monday, July 14, 2008 10:42 AM > To: security-basics@... > Subject: Online Incident Response Management > > I'm looking for a way to bring my Incident Response SOP's online to > better document and control our Incidents. Are you guys currently > using any software for this purpose? I've looked at building a custom > Sharepoint site and also evaluated doing a Wiki. I'm really curious to > see what the rest of the industry is doing, so any input? > > -- > Thanks! > > Brooks Garrett |
|
|
Re: Online Incident Response Management
by Jeremy Winder
::
Rate this Message:
At a previous employer, we used RTIR http://bestpractical.com/rtir/. It
allowed use to keep track of multiple incidents being worked on by multiple people. I hope this helps, Jeremy On Mon, 2008-07-14 at 10:41 -0400, Brooks Garrett wrote: > I'm looking for a way to bring my Incident Response SOP's online to > better document and control our Incidents. Are you guys currently > using any software for this purpose? I've looked at building a custom > Sharepoint site and also evaluated doing a Wiki. I'm really curious to > see what the rest of the industry is doing, so any input? > > -- > Thanks! > > Brooks Garrett |
|
|
Re: Online Incident Response Management
by Brooks Garrett-2
::
Rate this Message:
My concern is the wiki/sharepoint site will *Work*, but I want
something functional and something that has MOV, not just another tool for the sake of having it. The industry at large has seemed to fall into this rut of implementing the newest tools and products without ever actually defining actionable responses to the output of those utilities! On Mon, Jul 14, 2008 at 11:08 AM, Daniel I. Didier <ddidier@...> wrote: > Brooks, > This is a great topic / idea. I currently use the built in > case-management feature of Cisco MARS. However, if there is an incident > outside this system, it obviously isn't optimum for handling it. I > could manually enter information and track it there, but it wouldn't > have the ability to upload documents and such. I work with a number of > organizations, and most of they simply keep a paper record, or some type > of unorganized electronic documents (.doc or .pdf). I too am interested > to see what others may have employed for this. I think a sharepoint / > wiki site may be able to work well but I'm curious what other solutions > are in use. > > Dan > http://www.NetSecureIA.com > >> -----Original Message----- >> From: listbounce@... > [mailto:listbounce@...] >> On Behalf Of Brooks Garrett >> Sent: Monday, July 14, 2008 10:42 AM >> To: security-basics@... >> Subject: Online Incident Response Management >> >> I'm looking for a way to bring my Incident Response SOP's online to >> better document and control our Incidents. Are you guys currently >> using any software for this purpose? I've looked at building a custom >> Sharepoint site and also evaluated doing a Wiki. I'm really curious to >> see what the rest of the industry is doing, so any input? >> >> -- >> Thanks! >> >> Brooks Garrett > -- Robert Bulwer-Lytton |
|
|
Re: Online Incident Response Management
by ॐ aditya mukadam ॐ
::
Rate this Message:
We can use Netforensics SimOne ( www.netforensics.com) for this purpose.
Thanks, Aditya Govind Mukadam On Mon, Jul 14, 2008 at 8:45 PM, Jeremy Winder <jwinder@...> wrote: > At a previous employer, we used RTIR http://bestpractical.com/rtir/. It > allowed use to keep track of multiple incidents being worked on by > multiple people. > > I hope this helps, > > Jeremy > > On Mon, 2008-07-14 at 10:41 -0400, Brooks Garrett wrote: >> I'm looking for a way to bring my Incident Response SOP's online to >> better document and control our Incidents. Are you guys currently >> using any software for this purpose? I've looked at building a custom >> Sharepoint site and also evaluated doing a Wiki. I'm really curious to >> see what the rest of the industry is doing, so any input? >> >> -- >> Thanks! >> >> Brooks Garrett > > |
|
|
Re: Online Incident Response Management
by Gleb Paharenko-3
::
Rate this Message:
Hi.
Netforensics and IBM ISS has Incident management workflows. But in my opinion the papers signed by real people usually give much more weight and should duplicate key things in the incident. It is easier to work when incident management software can fetch reports from SEIM and therefore they often shipped together. 2008/7/14 Brooks Garrett <bg@...>: > I'm looking for a way to bring my Incident Response SOP's online to > better document and control our Incidents. Are you guys currently > using any software for this purpose? I've looked at building a custom > Sharepoint site and also evaluated doing a Wiki. I'm really curious to > see what the rest of the industry is doing, so any input? > > -- > Thanks! > > Brooks Garrett > -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko |
|
|
RE: Online Incident Response Management
by bramkie
::
Rate this Message:
You can also look at Cisco Systems MARS, it has case management.
http://www.cisco.com/go/mars Ramki ----- Ramki B. Ramakrishnan Security Enthusiast GIAC:GSEC, CvA -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Gleb Paharenko Sent: Tuesday, July 15, 2008 1:09 PM To: Brooks Garrett Cc: security-basics@... Subject: Re: Online Incident Response Management Hi. Netforensics and IBM ISS has Incident management workflows. But in my opinion the papers signed by real people usually give much more weight and should duplicate key things in the incident. It is easier to work when incident management software can fetch reports from SEIM and therefore they often shipped together. 2008/7/14 Brooks Garrett <bg@...>: > I'm looking for a way to bring my Incident Response SOP's online to > better document and control our Incidents. Are you guys currently > using any software for this purpose? I've looked at building a custom > Sharepoint site and also evaluated doing a Wiki. I'm really curious to > see what the rest of the industry is doing, so any input? > > -- > Thanks! > > Brooks Garrett > -- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko |
|
|
Re: Online Incident Response Management
by Deepak Parashar
::
Rate this Message:
would recommend to go with ISS.
-Deepak On Tue, Jul 22, 2008 at 9:21 AM, Ramki B Ramakrishnan <bramkie@...> wrote: > You can also look at Cisco Systems MARS, it has case management. > > http://www.cisco.com/go/mars > > Ramki > ----- > Ramki B. Ramakrishnan > Security Enthusiast > GIAC:GSEC, CvA > > > -----Original Message----- > From: listbounce@... [mailto:listbounce@...] On > Behalf Of Gleb Paharenko > Sent: Tuesday, July 15, 2008 1:09 PM > To: Brooks Garrett > Cc: security-basics@... > Subject: Re: Online Incident Response Management > > Hi. > > Netforensics and IBM ISS has Incident management workflows. But in my > opinion the papers signed by > real people usually give much more weight and should duplicate key > things in the incident. It is easier to work > when incident management software can fetch reports from SEIM and > therefore they often shipped together. > > > 2008/7/14 Brooks Garrett <bg@...>: >> I'm looking for a way to bring my Incident Response SOP's online to >> better document and control our Incidents. Are you guys currently >> using any software for this purpose? I've looked at building a custom >> Sharepoint site and also evaluated doing a Wiki. I'm really curious to >> see what the rest of the industry is doing, so any input? >> >> -- >> Thanks! >> >> Brooks Garrett >> > > > > -- > Best regards. > Gleb Pakharenko. > http://gpaharenko.livejournal.com > http://www.linkedin.com/in/gpaharenko > > |
| Free Forum Powered by Nabble | Forum Help |