[Rtir] Standards/Considerations

Ruslan Zakirov ruz at bestpractical.com
Fri Oct 28 12:03:26 EDT 2011


I'm not sure how to answer your question. RTIR is an implemented ready
to use workflow for incident response teams. It works on top of RT and
allows you to use RT for other things you need.

I can not say how close workflow in RTIR to flows described in
ITIL/ITSM recommendations. RTIR was released earlier than ITIL gain
its current popularity.

RTIR can win from using IODEF to export information, but it's not implemented.

CVEs are out of scope of RTIR. It's not a problem to record related
CVEs identifiers in RTIR DB while investigating attacks, but
preventing attacks by managing your software using informations from
CVEs is out of scope.

Additional information about RTIR you can find in tutorials that are
shipped in tarballs and available in the repository.

On Fri, Oct 28, 2011 at 7:30 PM, Robert Floodeen <floodeen at cert.org> wrote:
> Hi, what standards/considerations are implemented in RTIR.  By this I mean
> things like, ITIL, IODEF, CVE, etc.
> Robert Floodeen
> Member-Technical Staff
> CERT Resilient Enterprise Management Team
> Carnegie Mellon Software Engineering Institute
> www.cert.org/resilience
> _______________________________________________
> Rtir mailing list
> Rtir at lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir

Best regards, Ruslan.

More information about the Rtir mailing list