IRIS-CERT RedIRIS Incident Reporting Form The RedIRIS' security service (IRIS-CERT) has developed this form for helping you to gather incident information. If you believe you are involved in an incident, we would appreciate your completing the form below. This helps us to avoid delays in the incident handle. We keep any information specific to your site confidential unless we receive your permission to release that information. CONTACT INFORMATION: IRIS-CERT Dep. RedIRIS Entidad Pública Empresarial Red.es Edificio Bronce - 2a planta - Plaza Manuel Gómez Moreno, s/n 28020 Madrid España Tel: (+34) 607 156313 Mobile: (+34) 607 156313 Fax: (+34) 91 556 88 64 Email: cert@rediris.es WWW Server: http://www.rediris.es/cert/ Please, contact us if you have any comment or feedback. Thank you in advance. IRIS-CERT ============================================================================== Submit this form to cert@rediris.es If you are unable to send email, fax this form to: +34 91 556 8864 1.- CONTACT INFORMATION Organization name: Organization domain: Name of the department, center, etc.. (optional): Contact person name for this incident: E-mail address (indispensable): Telephone/Fax number: PGP Public Key (recommended): Other: 2.- AFFECTED MACHINES (Please, duplicate for each affected host) Host name: IP address: Timezone: Are the machine NTP synchronized? (Yes/No): Operative System and version: Security patches recommended from verdors and/or CERT/CC (Yes/No): Additional information (open services, security measures, purpose of the host, etc..): 3.- SOURCE MACHINES (Please, duplicate for each of the source of the attack) Host name: IP address: Been in contact? (Yes/No): Aditional information: 4.- DESCRIPTION OF THE INCIDENT Please, include dates, methods of intrusion, intruder tools involved, intruder tool output, details of vulnerabilities exploited, or any other relevant information: Do you know if your machine has been used to launch attacks to other machines? (Yes/No): If Yes, duplicate this information for each target machine: Host name: IP address: Aditional information: Please, send us any log file, e-mail message and file that could help to handle the incident. 5.- INFORMATION RELEASE Would you mind we to release this information with: - The network(s) involved in this incident? (Yes/No) - Other CERTs working in the same incident? (Yes/No) Comments: Adapted with permission of the CERT(R) Coordination Center from their copyrighted incident reporting form. https://www.cert.org/reporting/incident_form.txt