Implementing procedures
AbuseHelper
AbuseHelper is toolkit for CERT and Abuse teams. It is a modular, (hopefully) scalable and robust framework to help you in your abuse handling. With Abuse Helper you can retrieve Internet Abuse Handling related information via several sources, you can then aggregate that information based on different keys, such as AS numbers or country codes and send out reports in different formats, via different transports and using different timings.
AIRT (Application for Incident Response Teams)
AIRT is an application for Computer Security Incident Response. The target audience of AIR is incident response groups which provide end-user support.
Assuria Auditor
Assuria Auditor provides deep configuration and vulnerability scanning, inventory reporting, compliance assessment and powerful change detection through an extensible and flexible architecture. It provides vital information assurance and protection for critical business servers and helps maintain systems in a secure ‘known state’. Assuria Auditor utlises a comprehensive built-in Knowledge Base of known security vulnerabilities, security control configurations, up to date patch checks and security best practice information to enable organisations to easily bring their IT infrastructures up to high standards of security, especially servers. Internal IT security knowledge or experience is not necessary, because the built-in Assuria Auditor knowledge base includes not only the thousands of individual checks for a wide range of operating platforms, but also explanations of the implications of each vulnerability and step by step instructions on remediation.
GnuPG (The GNU Privacy Guard)
GPG is a powerful alternative to PGP from NAI Labs. Like PGP, GPG encrypts/decrypts mail or data with a mix of symmetric and asymmetric encryption. GPG is widely used by CSIRTS around the world to communicate confidential/sensitive data. GPG is a command-line tool, some graphical user interfaces and plugins for mailprograms exist. The program is sponsored by german gouvernment.
imap
The IMAP mailbox access protocol includes search facilities that can be very useful when looking for particular incidents.
Jitterbug
Jitterbug is an open-source web-based tracking system. Problems can be reported through web forms or e-mail and authenticated users can classify them, add notes and reply to messages from within the system. Various documentation and demonstrations are accessible through the web page.
Listserv
Listserv is a commercial mailing list package that can be used to maintain distribution lists for incident response teams.
MySQL
MySQL is an open source relational database that implements the SQL language. It is commonly combined with the PHP scripting language to provide database driven web sites, but has also been used to build incident tracking and reporting tools as well as databases of probes for trend and threat analysis.
PGP (Pretty Good Privacy)
PGP, developed by Phil Zimmerman, is used to encrypt/decrypt mail or files with a mix of symmetric and asymmetric encryption. PGP is widely used by CSIRTs around the world to communicate confidential/sensitive data. The official PGP program was purchased by NAI Labs, who have recently stopped supporting the program. PGP will be further developed by pgp.com, version 9.x ist available and looks promising. A free version of older PGPiversions is available at the link below.
Remedy Action Request system
Remedy is a commercial toolkit for building tracking systems. Remedy also sell applications, such as helpdesk and inventory tracking, which have been built using the toolkit; incident response teams have also used the system to build their own incident tracking and reporting applications.
