Feature Request: additional (optional) incident response fields #73
Comments
|
Thanks for your comment. We're trying to keep FIR as simple as possible, and adding such a level of details might hinder the workflow of most users. Plus, it would imply to maintain a list of computers, maybe a list of accounts, a list of valid operating systems... We're not going to include this in our short-term roadmap but if you develop a plugin that fills your need we'll happily add it to our collection. |
|
I was thinking along these lines the other day. Instead of maintaining a list of the computers, accounts, etc., I was thinking if FIR parsed MAC address, then this could be used by a plugin to query an asset management system and pull the relevant information. This may help with further correlation and identification of at-risk targets. |
|
Interesting. What about FIR parsing MAC addresses as "artefacts"? This way links between incidents involving the same MAC address can be established automatically. |
|
Yes, I think that would be step 1. Step 2 would be to have a plugin that can query an asset management system. I have that partially written, but am not sure how to make it into a plugin. |
|
We need to add documentation for how to write a plugin. In the meantime maybe you can check out how other plugins are written and try to figure it out from there. |
It would be nice to have a form where you have (optional) fields like
This would give a bit more structure. Now everything is dumped in the description field.
A seperate page where we can note the contact details of the people that need to be contacted in case of an incident is welcome as well.
The text was updated successfully, but these errors were encountered: