RTIR: RT for Incident Response

RTIR 3.2 — designed for use with RT 4.2 — has been released.

RTIR is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of RT.

A typical workflow begins by triaging incoming incident reports and linking them to an existing incident or creating a new one. Each incident is designed to keep track of everything you need to know to solve the problem. From an incident, it's easy to launch investigations to work with law enforcement, network providers, or other organizations. You can also set up blocks to keep track of what's been done to mitigate the issue.

With open source code, a rich API, and a top-notch community of users, it's easy to integrate RTIR into your existing systems and workflows. If you're using a publicly available product as part of your incident handling workflow, someone has probably already integrated it with RTIR. Drop us a line to find out more.

Getting RTIR

RTIR is open source. There's no per-seat or per-server license cost. You can download RTIR today and deploy it for testing or full production use!

The latest release of RTIR is 3.2.0.

It was released on Dec 2, 2014. Download it now!

Support

Best Practical provides a wide range of enterprise-grade installation and operational support plans as well as custom development and integration. We'd be happy to work with you to find or create a plan which meets your needs and budget. To get a quote or chat about using RTIR for your organization, send us an email.

Documentation

JANET CSIRT, in conjunction with IRIS-CERT, developed a workflow guide documenting their everyday use of RTIR designed for the first time user.

Community

If you use RTIR or are thinking about it, you should consider joining the public mailing list.