RTIR: RT for Incident Response
RTIR 3.0 — designed for use with RT 4.0 — has been released.
RTIR is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of RT.
A typical workflow begins by triaging incoming incident reports and linking them to an existing incident or creating a new one. Each incident is designed to keep track of everything you need to know to solve the problem. From an incident, it's easy to launch investigations to work with law enforcement, network providers, or other organizations. You can also set up blocks to keep track of what's been done to mitigate the issue.
With open source code, a rich API, and a top-notch community of users, it's easy to integrate RTIR into your existing systems and workflows. If you're using a publicly available product as part of your incident handling workflow, someone has probably already integrated it with RTIR. Drop us a line to find out more.