INCIDENT REPORTING

Introduction

The preferred method for reporting incidents to RESTENA-CISRT is via e-mail to csirt@restena.lu.

Alternatively, an incident may also be reported by phone or fax.

If the incident report contains confidential or identity information all e-mail exchange should be encrypted. RESTENA-CSIRT uses PGP encryption for confidential messaging.

The contact information and the PGP keys can be found here.

The basic information needed when reporting an incident is summarized below:

  • Your contact information
  • A detailed description of the incident
  • A summary of the hosts involved in the incident
  • Your time zone and the accuracy of your clock
  • Time-stamped extracts from system logs showing the suspicious activity
  • Any restrictions on information disclosure

Please see the “Incident report form” for additional guidelines and details.

Incident report form

If you believe you have been involved in an incident, please fill out the following form as detailed as possible, and send it to csirt@restena.lu .

Incident Reporting Form