X hits on this document

114 views

0 shares

0 downloads

0 comments

14 / 47

Orion Incident Response Live CD

6.3. Incident Tracking

For entry and tracking of incident data, Orion utilizes the Request Tracker for Incident Response (RTIR) tool from Best Practical. When the incident responder enters initial case information via the Incident Response Questionnaire, the final page of that form- based system creates the following:

  • 1.

    Citadel user accounts for the Incident Response Team members,

  • 2.

    RTIR accounts for the team members, and

  • 3.

    A new RTIR Incident Report ticket.

Figure 7: New RTIR Incident Report ticket

RTIR (Request Tracker for Incident Response) is a full-featured open source case tracking tool that was designed specifically for computer security incidents. According to the Best Practical web site, the developers, “worked with over a dozen CERT and CSIRT teams to build a world-class incident handling system.” (Best Practical, 2010)

RTIR is a modified version of the original RT that was customized to create an incident response workflow. For responders who are not familiar with the RTIR workflow, it can

John Jarocki, john.jarocki@gmail.com

1

Document info
Document views114
Page views115
Page last viewedFri Oct 28 23:39:39 UTC 2016
Pages47
Paragraphs864
Words8806

Comments