FIR – Fast Incident Response Platform

FIR (Fast Incident Response) is a cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting cybersecurity incidents.

FIR - Fast Incident Response
FIR – Fast Incident Response

This platform is for anyone that needs to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.).

The dashboard is split in two. At the top, you have a list of the starred incidents. You can star/unstar any incident by just clicking on the star icon in any incident list.

Then, there is tabs, that can contain any view interesting for the incident handler. By default, FIR has the following tabs:

  • Open: list of incidents with the status Open
  • Closed: list of incidents with the status Blocked
  • Old: list of the top 20 incidents with the status Open that have not received the love they deserved recently
  • Tasks: this is provided by the fir_todos plugin, and will display all todo items with CERT as accountable

There is a searchbar to find any alert based on keyword beside filtering to make it easy to search alert based on category or severity of the attack. The web shared interface allows IR team to add note or tag an alerts which will help the team in faster investigating future alerts and accelerate the investigation process.

You can read more and download this tool over here: https://github.com/certsocietegenerale/FIR

Share