Hi, I'm not sure how to answer your question. RTIR is an implemented ready to use workflow for incident response teams. It works on top of RT and allows you to use RT for other things you need.
I can not say how close workflow in RTIR to flows described in ITIL/ITSM recommendations. RTIR was released earlier than ITIL gain its current popularity. RTIR can win from using IODEF to export information, but it's not implemented. CVEs are out of scope of RTIR. It's not a problem to record related CVEs identifiers in RTIR DB while investigating attacks, but preventing attacks by managing your software using informations from CVEs is out of scope. Additional information about RTIR you can find in tutorials that are shipped in tarballs and available in the repository. On Fri, Oct 28, 2011 at 7:30 PM, Robert Floodeen <[email protected]> wrote: > Hi, what standards/considerations are implemented in RTIR. By this I mean > things like, ITIL, IODEF, CVE, etc. > > > > Robert Floodeen > > Member-Technical Staff > > CERT Resilient Enterprise Management Team > > Carnegie Mellon Software Engineering Institute > > www.cert.org/resilience > > > > _______________________________________________ > Rtir mailing list > [email protected] > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir > > -- Best regards, Ruslan. _______________________________________________ Rtir mailing list [email protected] http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
