CSIRT support

An important aspect after establishing a CSIRT is to define its core services according to the available internal resources. The core CSIRT Services can be grouped in three main categories:

1. Reactive services usually consist in post incident reports from constituency or other events related to threats or attacks such as compromised hosts, malware, vulnerabilities or other type of similar incidents.

  • Alerts & Warnings
  • Incident handling
  • Vulnerability handling
  • Artifact handling


2. Proactive services are designed to detect & prevent attacks before there is an actual impact on the production systems. In this category of services, the information generated by the CSIRTs gets disseminated to their constituency and partners for protecting their assets and avoid being target of an attack.

  • Announcements
  • Tech Watch
  • Security Audits/Pentests
  • Tools development
  • Intrusion Detection
  • Threat intelligence sharing


3.Security Quality Management services can be demanded by the constituency for review and improvement of the security posture of their organizations. This category of services are not time dependent and are usually demanded by the constituency which makes the request to their CSIRT.

  • Risk Analysis
  • BC & DR planning
  • Security awareness
  • Training

CSIRTs daily work relies more and more on tools and platforms which are result of community driven projects. This section contains some of the open-source community initiatives to which ENISA is contributing and promoting.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more