Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Software for Tracking Security Incidents
From: James Moore <jhmiso () RIT EDU>
Date: Thu, 29 Mar 2007 10:03:00 -0400

CIRDB is dead, long live the CIRDB.

I went to look up the web reference, and found that the CIRDB has is not
being maintained. (https://cirdb.cerias.purdue.edu/ ).  I will check to
see if this could be transitioned to open source or Creative Commons
licensing, to see if it is possible to integrate the IP with other
systems.  What would probably be the most difficult are the security and
architecture of the queues and queue navigation.  Most of the other
features really have to do with schema, and methods.  There is a lot of
good thought that went into the schema (what data do you collect, what
data do you need in different types of incidents), how it is presented,
what are the views (handler, trend analysis, management reporting,
security research).  The templating methods were also first rate.

All in all, my hat is off to Pascal Meunier for a great product that may
have been ahead of its time.

Jim 

-----Original Message-----
From: Kevin Dover [mailto:kdover () brocku ca] 
Sent: Wednesday, March 28, 2007 6:46 PM
To: James Moore
Subject: Re: [SECURITY] Software for Tracking Security Incidents

Jim

Is this application available for use by other universities, and if it
is, how is it acquired?

Thanks
Kevin
Brock University 


-----Original Message-----
From: James Moore <jhmiso () RIT EDU>
Date:         Wed, 28 Mar 2007 17:21:07 
To:SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Software for Tracking Security Incidents

Purdue developed a product called the CERIAS incident response database.
RIT provided some design review and debugging support.  We ran out of
funds and manpower to create a user-friendly system administrators
manual.  

It had a lot of great features
 - a hierarchy based system for the protection of the confidentiality of
incident information
 - me ability to skip certain types of identity information to provide
trend analysis / statistics
 - templating systems for common incident types
 - templating system for computer registration, including capability to
describe defenses and types of data
 - robust contact information capability
 - ability for students to record compromises that they had experienced

jim

-----Original Message-----
From: Matthew Keller [mailto:kellermg () POTSDAM EDU]
Sent: Wednesday, March 28, 2007 5:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Software for Tracking Security Incidents

RTIR http://bestpractical.com/rtir/

While not a commercial product, Best Practical will take your money for
support if you have too much of it.

On Wed, 2007-03-28 at 13:17 -0400, Brenda B Gombosky wrote:
What is everyone using to track their incidents?  Does anyone know of 
a commercial product?

--
Matthew Keller
Information Security Officer/Network Administrator Computing &
Technology Services State University of New York @ Potsdam Potsdam, NY,
USA http://mattwork.potsdam.edu/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]