Clearinghouse for Incident Handling Tools

This is a pilot site for a proposed collection of tools and guidelines of their use intended for incident handling teams. Information on this site reflects the experience of a number of European CSIRTs, working together as a project in the framework of the TERENA's Task Force TF-CSIRT. By this the project likes to create a repository of information about tools that are actively used and supported by active CSIRTs.


Inclusion of a particular piece of software does not imply any form of recommendation from ENISA, TERENA or the contributors. This is up to you to decide whether a particular program is suitable for your purposes.

Also note that an unauthorised use of some of these tools may constitute a criminal offence. Please read our warning before proceeding.

Please take note that adding and removing of entries in the clearinghouse is done based on decisions made within the Task Force, and only tools that actively are being used and suggested by member teams are included!

Clearinghouse Organisation

The first group of tools relates directly to the investigation of incidents. Tools are grouped by functions representing the normal sequence of an investigation.

Gathering evidence from the scene of an incident

Investigating evidence of an incident

Supportive tools for handling evidences

Recovering the system after an incident

The second group constitutes tools to support daily operations of CSIRT.

Implementing CSIRT operational procedures

Providing secure Remote access

Proactive tools to audit/detect vulnerabilities and prevent incidents

Additionally, there are information and services only available online.

We welcome contributions to this web site from those actively involved in security incident handling. If you have a comment on one of the tools listed, or a particular way of configuring it that you would be willing to share, then please let us know. If you would like to suggest another tool that should be added to the site, then please send us details. If you can provide a filled in description using our standard XML template then this will make the maintainers' job easier. (Note your browser may try to render this template into a blank page. If so, use the view source option to see the source).

Contact information

Please submit your contributions to