Open Source Incident Response Platform - Your SOC Needs This!

What I really enjoy about your content is that you don't only show solutions but really go in-depth in them and demonstrate how they apply in the real world. What would be really awesome is a video on the different solutions you go over on your channel and explain different ways they complement each other. Thanks again man!

rockdarko

Your videos are unique and extremely useful. Great Contents, please do continue with more SOC related contents. I'm a senior cybersecurity engineer and your videos helps my team alot. All the best brother..

deepaknarayanan

Hi Taylor, looks very interesting - is it possible to archive closed cases to MISP and is it directly usable to analyse with cortex, or did i have to use shuffle for interact between Wazuh, Cortex, MISP and DFIR-ISIS?

FreeSOC-de

I think knowing that cortex is still open source it would be nice to create a connection between iris and cortex

mauriciob

Hopefully you will demonstrate how to create a customized Incident Report Template by using DFIR-IRIS. Thanks

umsyqjc

Hi, thx for the video, as always enjoy your content!
Did you know of any self-hosted solutions that are as complex as Microsoft 365 Defender stack?
(Sentinel, MDE, MDI, MDO, MDC, MDCA, AAD, DLP, TIP, MDAV..).
Closer to the "Zero Trust" concept than "Network-Based Security".
Thx.

logicbypass

Hello, did you do a video about shuffle automation with IRIS ?

cesars.

Great
This tool is very useful 👍👍
Can we integrate with ELK?

ithiou

Your terminal looks amazing! 😮 What software is it?

lucasvalentelima

Great video!!!
Could you also make a (step-by-step) video how to get it working when someone is using Portainer as containermanagement software.
Can't get it to work due to the use of all the interconnected Dockerfiles and scripts. All the images need to be constructed and then in one docker-compose file without all the seperate buildsteps you can start them in Portainer under stacks. But could not get it to work 😞

markverstappen

This is cool, I was looking for a thehive replacement. Is there a tie in for intelowl much like the hive has cortex?

vectorone

Sorry, the page you are looking for is currently unavailable.
Please try again later.

If you are the system administrator of this resource then you should check the error log for details.

Faithfully yours, nginx.

llfrater

Does IRIS support multi tenants like TheHive, would be so cool if it does

ICanEatThat

Nice tutorial :) How to post the elastalerts from praeco to iris?

bdcirt

thank you for your effort.
Could you make video for latest version 2.3 ?
😅

mkhalileng

How much memory do I need to allocate on the server for it??

SGE_KING

Can ElastAlert send alert to DFIR-IRIS ?

ak

can i use dfir-iris without docker ??

kader

Hi There,

Wondering if anyone would be able to assist me with something, I have had some struggled with DFIR IRIS and getting it up and running but I have now managed to get it working, however when I try to find the admin password to sign into the portal it states:

WARNING :: post_init :: create_safe_admin :: >>> Administrator already exists


Wondering if anyone else had come across this and what they did to fix it, I can't seem to see a log of the admin password anywhere, I have checked the docker logs and still don't appear to see it it just states Administrator already exists, any help is much appreciated.

lyledocherty

Hello, has anyone here been able to generate automatic alerts once they match with MISP or some other threat intelligence tool, using graylog for log management?

aramisdelacruz