Open Source Incident Response Platform - Your SOC Needs This!

What I really enjoy about your content is that you don't only show solutions but really go in-depth in them and demonstrate how they apply in the real world. What would be really awesome is a video on the different solutions you go over on your channel and explain different ways they complement each other. Thanks again man!

Your videos are unique and extremely useful. Great Contents , please do continue with more SOC related contents. I'm a senior cybersecurity engineer and your videos helps my team alot. All the best brother..

Hopefully you will demonstrate how to create a customized Incident Report Template by using DFIR-IRIS. Thanks

Love your videos btw

I think knowing that cortex is still open source it would be nice to create a connection between iris and cortex

Thank you, very helpful information

Hi Taylor, looks very interesting - is it possible to archive closed cases to MISP and is it directly usable to analyse with cortex, or did i have to use shuffle for interact between Wazuh, Cortex, MISP and DFIR-ISIS?

Hello, did you do a video about shuffle automation with IRIS ?

Great
This tool is very useful 👍👍
Can we integrate with ELK?

Good one @Taylor

Hi, thx for the video, as always enjoy your content!
Did you know of any self-hosted solutions that are as complex as Microsoft 365 Defender stack?
(Sentinel,MDE,MDI,MDO,MDC,MDCA,AAD,DLP,TIP,MDAV..).
Closer to the "Zero Trust" concept than "Network-Based Security".
Thx.

Your terminal looks amazing! 😮 What software is it?

Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.

Does IRIS support multi tenants like TheHive, would be so cool if it does

The tool looks very useful

Great video!!!
Could you also make a (step-by-step) video how to get it working when someone is using Portainer as containermanagement software.
Can't get it to work due to the use of all the interconnected Dockerfiles and scripts. All the images need to be constructed and then in one docker-compose file without all the seperate buildsteps you can start them in Portainer under stacks. But could not get it to work 😞

Nice tutorial :) How to post the elastalerts from praeco to iris?

This is cool, I was looking for a thehive replacement. Is there a tie in for intelowl much like the hive has cortex?

Thanks

can i use dfir-iris without docker ??

How much memory do I need to allocate on the server for it??

thank you for your effort.
Could you make video for latest version 2.3 ?
😅

Hola, de donde sacan los eventos?

Can ElastAlert send alert to DFIR-IRIS ?

cool, i will try this

Hi There,
Wondering if anyone would be able to assist me with something, I have had some struggled with DFIR IRIS and getting it up and running but I have now managed to get it working, however when I try to find the admin password to sign into the portal it states:
WARNING :: post_init :: create_safe_admin :: >>> Administrator already exists
Wondering if anyone else had come across this and what they did to fix it, I can't seem to see a log of the admin password anywhere, I have checked the docker logs and still don't appear to see it it just states Administrator already exists, any help is much appreciated.

awesome

Hello, has anyone here been able to generate automatic alerts once they match with MISP or some other threat intelligence tool, using graylog for log management?

How did you get the Virus total API Key?