Welcome to the home page for the Application for Incident Response Teams (AIRT)

AIRT is a web-based application that has been designed and developed to support the day to day operations of a computer security incident response team. The application supports highly automated processing of incident reports and facilitates coordination of multiple incidents by a security operations center.

AIRT features in ISSA Journal's Toolsmith

posted Aug 6, 2009, 5:50 PM by Kees Leune

The Toolsmith section of ISSA  Journal's August edition features a nice article (pdf)  on AIRT. Russel McRee of HolisticInfoSec.org did a very nice writeup on his blog. While reviewing the software, Russ pointed out some bugs. The bugs have been fixed in the most recent release (20090726.1).

New release improves import queue

posted Apr 25, 2009, 8:28 AM by Kees Leune

With the recent outbreaks of Conficker and friends, import queues have been growing rapidly. It is now not unusual to process several hundred incidents via the import queue mechanism a few times a day. This release adds a few small features that make processing the import queue a lot more convenient.
  • Import queues can now be filtered by incident type. For example to process DMCA notices, simply select the appropriate type from the pulldown and select all
  • When selecting an import queue element with many children, all children ("group with"-elements) will select all children.
The new release is available on the download page.

AIRT release 20090221.1

posted Feb 21, 2009, 5:30 PM by Kees Leune

AIRT release 20090221.1 has just been posted here. This bug minor release fixes two annoying bugs that prevented mail templates from being deleted, and mail templates being untagged as preferred for certain import queue elements.

Just download the tarball, untar it and run configure and make install. Don't forget to run the database update script to set the release number.Detailed upgrade instructions are also online.

AIRT version 20090121.1 released!

posted Jan 25, 2009, 6:47 AM by Kees Leune

We are proud to announce that a new version of AIRT has been made available for download. This version incorporates a large number of new features, enhancements, bug fixes and user experience improvements.

Improvements include:
  • The ability to upload files and attach them to incidents.
  • Implement capabilities support
  • Included the ability to receive email and link it to incidents
  • Ability to receive network, constituency and contact information via the import queue
  • Full overhaul of the user interface. Make sure to update the css!
  • When running on an SSL-enabled site, it is now possible to use a client certificate for authentication
  • Added a descriptive name to instances
  • Removed all OTRS support
The new version of AIRT is available as a on the Downloads page. Please check out our wiki for general upgrade instructions. Specific instructions that describe the upgrade path from the previous public release are also available.

Please report any problems or questions that you might encounter to developers@airt.nl.

Commercial AIRT support is available via Leune Consultancy, LLC.

1-4 of 4