Open-Source Collaborative Incident Response Platform

Created by incident responders for incident responders

hero
IRIS v1.4.5 is out!

IRIS now has a datastore which allows to upload any file and reference them in case objects. Check it out!

Features

IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations.
It's free and open-source.

Easy to deploy

You just need Docker Compose and you will be set in a few minutes. No installation hassles. You can even install it on a small laptop for roaming investigations.

Collaborate

The main goal of IRIS is to help analysts collaborate during engagements, by simplifying and structuring the elements but not the steps. All without real constraints, because everyone's working differently.

Extensible

IRIS can be extended with custom modules to fits your needs. By default it is shipped with a VirusTotal and MISP modules to showcase the possibilities.

API

Through the API, you can manage the investigations as if you are in front of the interface. Which means IRIS can be automated and integrated with existing tools.

In a nutshell

IRIS helps you organise and share technical details during engagements. Each team member can follow who's doing what in the investigation, add new elements to it, attribute task, and much more. It also offers docx reporting features, effectively reducing the post-incident phase time.

Assets, IOC, notes, timeline, evidences are among the elements the analysts can input and link together in the platform. It automatically keeps track of what is done, giving you an automated follow-up to which you can add additional inputs.

It gives you insights from previous engagements such as if an IOC or asset was already seen and compromised. It can also use external sources like VirusTotal or MISP to enrich the data. And thanks to its API and modules, you can extend its capabilities and/or integrates it with existing solutions.

image

Features

Overview of the IRIS capabilities

Integration

Full featured documented API

Python client to ease integration

Python modules to process files

Python modules to process IRIS data

Case management

Full featured timeline creation

Assets and IOCs management

Notes taking

Tasks management

Evidences management

Follow up

Automation

Reports generation

Automatic follow-up

Enrichments of IOC, assets, etc

Backref of IOC, assets, etc from previous cases

Some questions you might have

You can also find more answers in the FAQ.