Convert Figma logo to code with AI

certsocietegenerale logoFIR

Fast Incident Response

1,715
509
1,715
27
View on GitHub

Top Related Projects

TheHive-Project's avatar

TheHive

3,357

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

MISP's avatar

MISP

5,245

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

dfir-iris's avatar

iris-web

1,026

Collaborative Incident Response platform

OpenCTI-Platform's avatar

opencti

6,083

Open Cyber Threat Intelligence Platform

Graylog2's avatar

graylog2-server

7,318

Free and open log management

Quick Overview

FIR (Fast Incident Response) is an open-source cybersecurity incident management platform developed by Société Générale. It provides a centralized system for tracking, documenting, and managing security incidents, allowing teams to collaborate effectively during incident response processes.

Pros

  • User-friendly interface for easy incident tracking and management
  • Customizable workflows to adapt to different organization's needs
  • Integration capabilities with other security tools and platforms
  • Supports multi-tenancy for managing incidents across different teams or organizations

Cons

  • Limited built-in reporting and analytics features
  • Requires some technical knowledge for setup and configuration
  • Documentation could be more comprehensive for advanced features
  • May require additional development for complex integrations

Getting Started

To set up FIR, follow these steps:

  1. Clone the repository:

    git clone https://github.com/certsocietegenerale/FIR.git
cd FIR

  2. Install dependencies:

    pip install -r requirements.txt

  3. Configure the settings:

    cp fir/config/production.py.sample fir/config/production.py
# Edit fir/config/production.py with your specific settings

  4. Initialize the database:

    python manage.py migrate
python manage.py loaddata incidents/fixtures/seed_data.json

  5. Create a superuser:

    python manage.py createsuperuser

  6. Run the development server:

    python manage.py runserver

Visit http://localhost:8000 to access the FIR interface. Log in with the superuser credentials you created.

Competitor Comparisons

TheHive-Project logo

TheHive

3,357

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

Pros of TheHive

  • More comprehensive incident response platform with case management, alert triage, and observables
  • Integrates with MISP for threat intelligence sharing
  • Supports automation through Cortex analyzers and responders

Cons of TheHive

  • Steeper learning curve due to more complex features
  • Requires more resources to set up and maintain
  • May be overkill for smaller organizations with simpler incident response needs

Code Comparison

TheHive (Scala):

def create(caze: Case): Future[Case] = {
  val createdCase = caze.copy(
    createdAt = Some(new Date().getTime),
    createdBy = Some(AuthContext.get.userId)
  )
  caseRepository.create(createdCase)
}

FIR (Python):

def create_incident(request):
    form = IncidentForm(request.POST)
    if form.is_valid():
        i = form.save()
        i.opened_by = request.user
        i.save()
        return HttpResponseRedirect(i.get_absolute_url())

Both repositories provide incident response platforms, but TheHive offers a more feature-rich solution with advanced capabilities, while FIR focuses on simplicity and ease of use for basic incident management.

MISP logo

MISP

5,245

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Pros of MISP

  • More comprehensive threat intelligence platform with advanced sharing capabilities
  • Larger and more active community, with frequent updates and contributions
  • Extensive API and integration options for various security tools

Cons of MISP

  • Steeper learning curve and more complex setup process
  • Requires more resources to run and maintain effectively
  • May be overkill for smaller organizations with simpler incident response needs

Code Comparison

MISP (Python):

@staticmethod
def get_uuid():
    return str(uuid.uuid4())

def __init__(self):
    self.uuid = self.get_uuid()

FIR (Python):

def get_incident_id():
    return str(uuid.uuid4())

def __init__(self, *args, **kwargs):
    super(Incident, self).__init__(*args, **kwargs)

Both projects use UUID generation for unique identifiers, but MISP implements it as a static method within a class, while FIR uses a standalone function. MISP's approach allows for easier reuse and potential overriding in subclasses.

dfir-iris logo

iris-web

1,026

Collaborative Incident Response platform

Pros of IRIS

  • More active development with frequent updates and contributions
  • Comprehensive incident response platform with advanced features like case management and threat intelligence integration
  • Supports multi-tenancy and role-based access control

Cons of IRIS

  • Steeper learning curve due to more complex architecture and features
  • Requires more system resources to run effectively
  • May be overkill for smaller organizations or simpler incident response needs

Code Comparison

IRIS (Python):

class CaseViewSet(viewsets.ModelViewSet):
    queryset = Case.objects.all()
    serializer_class = CaseSerializer
    permission_classes = [IsAuthenticated, DjangoModelPermissions]

FIR (Python):

class IncidentViewSet(viewsets.ModelViewSet):
    queryset = Incident.objects.all()
    serializer_class = IncidentSerializer
    filter_backends = (DjangoFilterBackend,)

Both projects use Django REST framework for API development, but IRIS implements more granular permission controls and has a more complex data model to support its advanced features.

OpenCTI-Platform logo

opencti

6,083

Open Cyber Threat Intelligence Platform

Pros of OpenCTI

  • More comprehensive threat intelligence platform with advanced features
  • Active development and regular updates
  • Extensive documentation and community support

Cons of OpenCTI

  • Higher complexity and steeper learning curve
  • Requires more resources to set up and maintain
  • May be overkill for smaller organizations or simpler use cases

Code Comparison

OpenCTI (Python):

class ThreatActor(CustomObject):
    _type = 'threat-actor'
    name = StringProperty(required=True)
    description = StringProperty()
    threat_actor_types = ListProperty(StringProperty)

FIR (Python):

class Incident(models.Model):
    subject = models.CharField(max_length=256)
    description = models.TextField()
    category = models.ForeignKey(IncidentCategory, on_delete=models.SET_NULL, null=True)
    status = models.CharField(max_length=20, choices=STATUS_CHOICES, default='Open')

OpenCTI offers a more specialized data model for threat intelligence, while FIR provides a simpler incident response structure. OpenCTI's code reflects its focus on complex threat actor modeling, whereas FIR's code emphasizes basic incident management functionality.

Graylog2 logo

graylog2-server

7,318

Free and open log management

Pros of graylog2-server

  • Powerful log management and analysis capabilities
  • Scalable architecture for handling large volumes of log data
  • Extensive plugin ecosystem for customization and integration

Cons of graylog2-server

  • Steeper learning curve and more complex setup compared to FIR
  • Requires more system resources for optimal performance
  • May be overkill for smaller organizations or simpler incident response needs

Code Comparison

graylog2-server (Java):

public class GraylogServerStarter {
    private static final Logger LOG = LoggerFactory.getLogger(GraylogServerStarter.class);

    public static void main(String[] args) {
        final Configuration configuration = new Configuration();
        final Server server = new Server(configuration);

FIR (Python):

class Incident(models.Model):
    date = models.DateTimeField(default=timezone.now, blank=True)
    is_starred = models.BooleanField(default=False)
    subject = models.CharField(max_length=256)
    description = models.TextField()

The code snippets highlight the different languages and focuses of the two projects. graylog2-server is a Java-based log management system, while FIR is a Python-based incident response platform. graylog2-server's code shows server initialization, whereas FIR's code defines an incident model for tracking and managing security events.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Build Status

What is FIR? Who is it for?

FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.

FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit.

dashboard incident details

See the wiki for the user manual and more screenshots !

Installation

There are two ways to install FIR. If you want to take it for a test-drive, you can run FIR using docker

If you like it and want to set it up for production, here's how to do it.

Technical specs

FIR is written in Python (but you probably already knew that), using Django. It uses Bootstrap and some Ajax and d3js to make it pretty. We use it with a MySQL back-end, but feel free to use any other DB adaptor you might want - as long as it's compatible with Django, you shouldn't run into any major issues.

FIR is not greedy performance-wise. It will run smoothly on an Ubuntu virtual machine with 1 core, a 40 GB disk and 1 GB RAM.