INCIDENT REPORTING

Incident report should include the following information:

All received incident information will be classified as TLP:AMBER (more information could be found here: Traffic Light Protocol).

    1. CONTACT INFORMATION

    Your Name*

    Your Email*

    Your Phone number

    2. INCIDENT DESCRIPTION

    General description (containing any of these: dates, noticed signs of the attack, methods of attacks, used tools of the attacker, software versions, vulnerability details, purpose of the target of the attack, estimated loss or damage, measures taken, expectations from CIRT,or any other relevant information)*


    Please consider including the following information:

  • Target of the attack (victim): IP addresses, DNS names, TCP/UDP ports;

  • Source of the attack (attackers): IP addresses, DNS names, TCP/UDP ports;

  • Type of the attack according to your knowledge and understanding;

  • Beginning (and ending if any) time of the attack;

  • Time zone of the specified time;

  • Log entries (copy paste if any, attach file, describe from what type of the device it is);

  • Describe actions taken.

  • Attach file (log file, evidence, etc.)