Last active
July 7, 2016 11:54
-
-
Save mjf/ec49824ff56bae72302f to your computer and use it in GitHub Desktop.
CSIRT Incident Reporting Form (IRF)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!CSIRT-IRF-1.0 | |
| # Computer Security Incident Response Team (CSIRT) | |
| # Incident Reporting Form (IRF) | |
| ----- BEGIN IRF ----- | |
| # Fill in any preliminary information below this line | |
| ----- Subjective Priority for this Incident ----- | |
| # Select one item using (*) | |
| Unknown/None ( ) | |
| Low ( ) | |
| Moderate ( ) | |
| High ( ) | |
| Urgent ( ) | |
| ----- Subjective Severity for this Incident ----- | |
| # Select one item using (*) | |
| Unknown/None ( ) | |
| Low ( ) | |
| Moderate ( ) | |
| High ( ) | |
| Urgent ( ) | |
| ----- Contact Information for this Incident ----- | |
| Name : | |
| Address : | |
| Address : | |
| Address : | |
| Phone : | |
| Mobile : | |
| Pager : | |
| Fax : | |
| E-mail : | |
| Other : | |
| # Fill in any additional information below this line | |
| ----- Date and Time Incident Occurred ----- | |
| # Fill in date in form of "YYYY-MM-DD" | |
| Date : | |
| # Fill in time/time range in form of "HH:MM[:SS][ - HH:MM[:SS]]" | |
| # | |
| # Example 1: 10:30:40 | |
| # Example 2: 10:30:40 - 11:00 | |
| Time : | |
| # Fill in time zone in form of abbreaviated name | |
| # | |
| # Example 1: GMT+02 | |
| # Example 2: CEST | |
| Time Zone : | |
| # Fill in any additional information below this line | |
| ----- Incident Class ----- | |
| # See https://idea.cesnet.cz/en/classifications to know more | |
| # | |
| # Select one item using (*) | |
| Abusive ( ) | |
| Malware ( ) | |
| Recon ( ) | |
| Attempt ( ) | |
| Intrusion ( ) | |
| Availability ( ) | |
| Information ( ) | |
| Fraud ( ) | |
| Vulnerable ( ) | |
| Anomaly ( ) | |
| Other ( ) | |
| Test ( ) | |
| # Fill in "Other" or any additional information below this line | |
| ----- Information on Affected Computer Systems ----- | |
| Destination IP Address : | |
| Host Name : | |
| Vendor/Operating System : | |
| # Fill in any additional information below this line | |
| ----- How was the Incident Detected ----- | |
| # Fill in any additional information below this line | |
| ----- IP Address of Apparent or Suspected Source ----- | |
| Source IP Address : | |
| # Fill in any additional information below this line | |
| ----- Information Sharing ----- | |
| # Information provided in this form may be shared with other CSIRT teams | |
| Share Information [x] | |
| ----- Additional Information ----- | |
| # Fill in any additional information below this line | |
| ----- END IRF ----- | |
| # vi:tw=76:ft=conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Incident Response Form (IRF) Roadmap