ServicesReport IncidentsBest PracticesResources
Site search:
Report your Incident Report your Incident
Contact us Contact us
Latest news:
  Jail Sentence for Botnet Creator

Report Incidents/Report an Incident

The following form has been developed to ease gathering incident
information. If you believe you have been involved in an incident,
please complete - as much as possible - the following form, and send it to
our support team here.

For the time being our form is under constraction. If you have anything you need to report then please contact us through email, fax, or phone.

The information you submit will be treated confidentially, as stated in our Information Disclosure Policy .
This form is an adaptation of CERT/CC's incident reporting form, version 5.2.

Your contact and organizational information
1. Name
2. Organisation name
3. Size of the organisation
4 . Location/Site of incident
5 . Are you a FORTH CERT member?
6 . If no:
sector type (such as banking, education, energy or public safety)
7 . Email address
8 . Telephone number
9 . Other (fax)

Affected Machine(s) (duplicate for each host)
10 . Hostname and IP
11 . Timezone
12 . Purpose or function of the host (please be as specific as possible)

Source(s) of the Attack (duplicate for each host)
13. Hostname or IP
14. Timezone
15. Been in contact?

Description of the incident (duplicate in case of multiple incidents)
16. Date and time of incident

17. Type of incident (i.e. DoS, Unauthorised access, Website degacement, Malicious code, Misuse of system, Electronic theft, Computer facilitated fraud, Interception of telecommunication data)
Other (Please specify):
18. How did you detect this?
19. Methods of intrusion
20. Tools involved
21. Software versions
22. Operating system/version
23. Intruder tool output
24. Vulnerabilities exploited
25. Impact (i.e. Loss/compromise of data, damage to systems, damage to intergrity
of services/information. financila loss, unavailability of services/information
26. Severity of attack (high, medium, low, unknown)
27. Sensitivity of data (high, medium, low, unknown)
28. Has the incident been resolved? Details
29. Steps taken to resolve the incident (i.e. No action taken, system(s) disconnected from network, restored data from backup, physically secured computer, log files examined)
Other (please specify)
30. Other relevant information





FORTH Logo