Windows Incident Handling Tools Essay
Windows Incident Handling Tools
1. Archer Incident Management tracks incidents and ethics violations in real time, manages the investigation process, tracks incident resolution and monitors the incident status and impact. CSIRT functional need: Manage an incident’s tasks and activities.
2. D3 Incident Reporting and Case Management has two parts. The incident reporting side allows web based fully customizable incident forms, task and analysis reports. They can be customized to your company. CSIRT functional need: Reporting on incidents.
3. Application for Incident Response Teams (AIRT) gives the ability to upload files and attach them to specific incidents. You can receive e-mail and link it to incidents. The import que can receive network and contact information. CSIRT functional need: Communicating incident information.
4. Request Tracker for Incident Response (RTIR) triages incoming incident reports and links them to an ongoing incident or makes a new incident. You can launch investigations to work with other people such as law enforcement. CSIRT functional need: Tracking Incidents.
5. BMC Remedy Action Request System replaces manual systems with process automation which speeds everything up. Notifications, escalations and approvals. CSIRT functional need: Archiving incidents.
I would recommend using Archer Incident Management because it can double as incident management and tracking incidents. This software does both and having one tool that does many things is cost effective. AIRT is really great for communicating an incident to everyone involved. When technicians or remote users are in the field it is good to be able to add new information too an incident file. E-mail is a good way to communicate any new findings or to get files you may need to compare to other information.