SIRIOS
Platform independent Incident management for CERT- & IT security teams
- Easy IT incident handling & tracking for CERT and IT security teams
- Role-based workflows for incident processing
- Vulnerability & artifact database
- Authoring tool for IT security advisories
- Cross-CERT sharing of security-relevant information
- Encryption support
- Multiple language support
- 100% open source
- Web application - can be operated in every XHTML browser
- Comprehensive business support
SIRIOS details
Application areas
The number of unwanted E-mails received is constantly increasing and significantly affects the infrastructures of many companies and authorities. The sorting of unwanted contents requires considerable amounts of time and resources. Attacks to network infrastructures are problems of yet another dimension. The fact that the attackers constantly change their methods complicates the use of automated methods to efficiently deal with the problem. Thus, humans remain the critical factor in the assessment of attacks and the necessary reaction.
SIRIOS supports CERTs and inhouse IT security teams of companies in their work, i.e. the processing, administration and evaluation of security incidents using databases and features for the exchange, analysis, assessment and saving of structured information. SIRIOS has been developed for this purpose for the CERT-Bund, the CERT of the German Federal Office for Information Security (BSI).
Benefit from open-source:
SIRIOS is 100% open-source software, based on the leading helpdesk system OTRS. For you this means:
- Unlimited use of the software, unlimited number of installations
- Easy software enhancement and extension thanks to free download of the source code. You stay independent, can react flexibly to changes and save IT costs.
- Reduced IT costs - no license fees apply
- Comprehensive business support in all project stages and during operation
More advantages - an overview
- Cross-CERT communication based on open standards - e.g. IODEF (incidents) and EISPP/DAF (advisories /vulnerabilities)
- Easy import/export and cross-CERT use of specific information objects
- Variable operation in client/server environments or as open framework with decentralized databases and systems
- Individual design and easy modeling of CERT-specific workflows
- Integrated solution for the management of IT security-relevant information, the analysis in data sources and administration of contact data
- Amendment of the benefits of the help desk system OTRS by specific add-on modules
- Differentiated access control thanks to the integrated role-based permissions concept
- Modular architecture of individually configurable modules around the open framework's system core
- Unalterable logging of all system events and activities in the ticket history complies with audit requirements
- Better service quality thanks to intelligent escalation and notification mechanisms
- SMIME support for E-mail signatures and encryption, and PGB support for data encryption
Open standards
IDMEF
The purpose of the intrusion detection message exchange format (IDMEF) is to save IDS information (IDS: intrusion detection system) in a uniform XML format in which it can be provided to the CERTs or computer security incident response teams involved. This way, security violations in your own network and those of others can be tackled efficiently and without a loss of compatibility.
IODEF
The incident object description and exchange format (IODEF) is a format, which has been especially developed for computer security incident response teams (CSIRTs) and computer emergency response teams (CERTs) to support them in sharing opera-tional and statistical incident information with each other and other cooperating institu-tions. IODEF can also be used as a basis for the development of useful tools and pro-cedures for incident reporting. One of the most important conception characteristics of the IODEF format is the creation of compatible structures (+IDMEF) to enable coop-eration with the intrusion detection message exchange format (IDMEF).
EISPP
The European security promotion programme (EISPP) is a research program sup-ported by the EU, in which four CERTs and two security organizations from Germany, France, Italy, Sweden and Spain participated. Together they developed, amongst other things, a standardized advisory exchange format. The origin of EISPP/DAF (DAF: German advisory format) roots back to the European security promotion programme (EISPP). The EISPP format?s high flexibility provides great freedom regarding its use, which can, however, be counterproductive for a close collaboration of CERTs. DAF is an EISPP format profile especially designed to meet the German CERTs? needs. It is based on the joint interpretation of the evaluation schemes and useful extensions to the EISPP format. At the same time, data exchange between EISPP format and DAF remains possible at any time.