Académique Documents
Professionnel Documents
Culture Documents
Tracking # ________
The following is a sample incident report. The report is an example of the types of information and incident details that will be
used to track and report security incidents for AHC. The format of this report is subject to change as reporting standards and
capabilities are further developed.
First Name:
Alt Phone:
Pager:
Fax:
Incident Description
Date/Time and Recovery Information
Date/Time of First Attack:
Date/Time of Attack Detected:
Has the Attack Ended:
Duration of Attack (in hours):
Severity of Attack:
Estimated Recovery Time of this Report (Clock)
Estimated Recovery Time of this Report (Staff Hours)
Estimated Damage Account as of this Report ($$$ Loss)
Number of Hosts Affected:
Number of Users Affected:
Type of Incident Detected:
Exposing
Confidential/Classified/
Unclassified Data
Anonymous FTP abuse
Using Machine Illegally
ICQ Abuse/IRC Abuse
Other (Specify)
SB1386 Is Email
Notification Required?
Comments (Specify Incident
Details and additional
information):
Theft of Information
Technology
Resources/ Other
Assets
Attacking Attackers/
Other Sites
Impersonation
Life Threatening
Activity
Yes
No
Date:
Time:
Time:
Yes
No
Low
Medium
High
Creating accounts
Altering
DNS/Website/Data/
Logs
Destroying Data
Fraud
Increasing
Notoriety of
Attacker
Password Cracking
Installing a Back
Door/Trojan Horse
Unauthorized
Use/Access
Attacking the Internet
SB1386 - Email
Notification Sent Out?
Sniffer
Yes
Dont Know
No
General Information
How Did You Initially Become Aware of the Incident?
Automated Software
Notification
Automated Review
of Log Files
Dont Know
Other (Specify)
Manual Review of
Log Files
Third Party
Notification
CVE/CERT VU or
BugTraq Number
Scanning/Probing
Other
Denial of Service or
Distributed Denial of
Service Attack
Former staff/
students/faculty
External Party
Unknown
Malicious Code
Virus, Worm
Name or Description of Virus
Yes (Provide
Is Anti-Virus Software Installed on the
Name)
Affected Computer(s)?
Yes
Did the Anti-Virus Software Detect the
Virus?
When was your Anti-Virus Software Last Updated?
No
No
Network Activity
Protocols
Name or Description of Virus
TCP
Other
UDP
ICMP
IPSec
IP Multicast
Ipv6
Impact of Attack
Hosts
Individual Hosts
Does this Host represent an Attacking or Victim Host?
Host Name:
Operating System Affected:
Applications Affected:
Others:
Primary Purpose of this Host:
User Desktop Machine
Domain Controller
Application Server
Victim
IP Address:
Patch Level (if known):
Database:
Mail Server
NFS/File System Server
Bulk Hosts
Bulk Host Information
(Details):
Comments (Please detail
incident):
Data Compromised:
Did the attack result in a loss/compromise
of sensitive or personal information?
Comments:
Attacker
Yes (Specify)
No
Other
Yes (Specify)
No
Other
Both
FTP Server
Database Server
Law Enforcement
Yes
No
Has Law Enforcement Been Notified?
Remediation:
Please detail what corrective actions have been taken (specify):
Comments:
Comments: