RTIR is the incident handling and ticketing system used by JANET CSIRT, and builds upon the popular open source ticketing system RT.  RTIR was originally developed for JANET CERT by Best Practical, with further development guided by the RTIR Working Group as part of TF-CSIRT.

Workflow

RTIR is designed to match the typical work flow of a CSIRT team, allowing reported events and outgoing investigations to be linked together as a single “Incident”. The work flow includes correlation of reports against existing incidents, integration with customer databases, issuing of network level blocks, and detailed reporting of team activity. To explain this workflow we have, with input from IRIS-CERT, created a short document based on our own internal documentation that provides a brief overview for the first time user. This document is available for download.

For further information on RTIR, see http://bestpractical.com/rtir/